From sle-updates at lists.suse.com Sat Jan 1 07:41:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 1 Jan 2022 08:41:49 +0100 (CET) Subject: SUSE-CU-2021:618-1: Recommended update of suse/sles12sp5 Message-ID: <20220101074149.39C16FE0E@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2021:618-1 Container Tags : suse/sles12sp5:6.5.278 , suse/sles12sp5:latest Container Release : 6.5.278 Severity : moderate Type : recommended References : 1193483 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4199-1 Released: Thu Dec 30 05:41:45 2021 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1193483 This update for curl fixes the following issues: - libcurl-devel: Add an explicit dependency on libnghttp2-devel since its not autodetected (bsc#1193483) The following package changes have been done: - libcurl4-7.60.0-11.34.2 updated From sle-updates at lists.suse.com Mon Jan 3 11:17:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:17:49 +0100 (CET) Subject: SUSE-RU-2022:0008-1: moderate: Recommended update for mailx Message-ID: <20220103111749.53793FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for mailx ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0008-1 Rating: moderate References: #1180355 #1192916 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for mailx fixes the following issues: - To add description how to avoid such mailx does not send mails unless run via strace or in verbose mode. (bsc#1192916) - Fix name argument when calling '/usr/sbin/sendmail' (bsc#1180355) - If the openssl RNG is already seeded (on linux it always is) skip snake-oil reeseeding from file. Update man page accordingly. - Update man page with information that ssl2 and ssl3 are not only deprecated but currently unavailable and that tls1 forces TLS 1.0 but not later versions. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-8=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-8=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mailx-12.5-3.3.1 mailx-debuginfo-12.5-3.3.1 mailx-debugsource-12.5-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): mailx-12.5-3.3.1 mailx-debuginfo-12.5-3.3.1 mailx-debugsource-12.5-3.3.1 References: https://bugzilla.suse.com/1180355 https://bugzilla.suse.com/1192916 From sle-updates at lists.suse.com Mon Jan 3 11:19:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:19:09 +0100 (CET) Subject: SUSE-RU-2022:0003-1: moderate: Recommended update for libgcrypt Message-ID: <20220103111909.26865FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0003-1 Rating: moderate References: #1193480 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt-devel-1.6.1-16.80.1 libgcrypt-devel-debuginfo-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.6.1-16.80.1 libgcrypt20-1.6.1-16.80.1 libgcrypt20-debuginfo-1.6.1-16.80.1 libgcrypt20-hmac-1.6.1-16.80.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libgcrypt20-32bit-1.6.1-16.80.1 libgcrypt20-debuginfo-32bit-1.6.1-16.80.1 libgcrypt20-hmac-32bit-1.6.1-16.80.1 References: https://bugzilla.suse.com/1193480 From sle-updates at lists.suse.com Mon Jan 3 11:21:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:21:29 +0100 (CET) Subject: SUSE-RU-2022:0001-1: important: Recommended update for ha-cluster-bootstrap Message-ID: <20220103112129.D51DAFE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for ha-cluster-bootstrap ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0001-1 Rating: important References: #1193437 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ha-cluster-bootstrap fixes the following issues: - Add deprecated warning when using ha-cluster-bootstrap (bsc#1193437) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (noarch): ha-cluster-bootstrap-0.5-13.3.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): ha-cluster-bootstrap-0.5-13.3.1 References: https://bugzilla.suse.com/1193437 From sle-updates at lists.suse.com Mon Jan 3 11:24:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:24:03 +0100 (CET) Subject: SUSE-RU-2022:0005-1: moderate: Recommended update for libgcrypt Message-ID: <20220103112403.1C77FFE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0005-1 Rating: moderate References: #1193480 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-5=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-5=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-5=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-5=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libgcrypt-debugsource-1.8.2-6.55.1 libgcrypt-devel-1.8.2-6.55.1 libgcrypt-devel-debuginfo-1.8.2-6.55.1 libgcrypt20-1.8.2-6.55.1 libgcrypt20-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-1.8.2-6.55.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libgcrypt20-32bit-1.8.2-6.55.1 libgcrypt20-32bit-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-32bit-1.8.2-6.55.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libgcrypt-debugsource-1.8.2-6.55.1 libgcrypt-devel-1.8.2-6.55.1 libgcrypt-devel-debuginfo-1.8.2-6.55.1 libgcrypt20-1.8.2-6.55.1 libgcrypt20-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-1.8.2-6.55.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libgcrypt-debugsource-1.8.2-6.55.1 libgcrypt-devel-1.8.2-6.55.1 libgcrypt-devel-debuginfo-1.8.2-6.55.1 libgcrypt20-1.8.2-6.55.1 libgcrypt20-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-1.8.2-6.55.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libgcrypt20-32bit-1.8.2-6.55.1 libgcrypt20-32bit-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-32bit-1.8.2-6.55.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libgcrypt-debugsource-1.8.2-6.55.1 libgcrypt-devel-1.8.2-6.55.1 libgcrypt-devel-debuginfo-1.8.2-6.55.1 libgcrypt20-1.8.2-6.55.1 libgcrypt20-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-1.8.2-6.55.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libgcrypt20-32bit-1.8.2-6.55.1 libgcrypt20-32bit-debuginfo-1.8.2-6.55.1 libgcrypt20-hmac-32bit-1.8.2-6.55.1 References: https://bugzilla.suse.com/1193480 From sle-updates at lists.suse.com Mon Jan 3 11:25:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:25:19 +0100 (CET) Subject: SUSE-RU-2022:0002-1: moderate: Recommended update for lvm2 Message-ID: <20220103112519.4F830FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0002-1 Rating: moderate References: #1183905 #1193181 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-2=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-2=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-2=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-2=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): device-mapper-1.02.163-8.39.1 device-mapper-debuginfo-1.02.163-8.39.1 libdevmapper-event1_03-1.02.163-8.39.1 libdevmapper-event1_03-debuginfo-1.02.163-8.39.1 libdevmapper1_03-1.02.163-8.39.1 libdevmapper1_03-debuginfo-1.02.163-8.39.1 liblvm2cmd2_03-2.03.05-8.39.1 liblvm2cmd2_03-debuginfo-2.03.05-8.39.1 lvm2-2.03.05-8.39.1 lvm2-debuginfo-2.03.05-8.39.1 lvm2-debugsource-2.03.05-8.39.1 - SUSE MicroOS 5.0 (aarch64 x86_64): device-mapper-1.02.163-8.39.1 device-mapper-debuginfo-1.02.163-8.39.1 libdevmapper-event1_03-1.02.163-8.39.1 libdevmapper-event1_03-debuginfo-1.02.163-8.39.1 libdevmapper1_03-1.02.163-8.39.1 libdevmapper1_03-debuginfo-1.02.163-8.39.1 liblvm2cmd2_03-2.03.05-8.39.1 liblvm2cmd2_03-debuginfo-2.03.05-8.39.1 lvm2-2.03.05-8.39.1 lvm2-debuginfo-2.03.05-8.39.1 lvm2-debugsource-2.03.05-8.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.39.1 device-mapper-debuginfo-1.02.163-8.39.1 device-mapper-devel-1.02.163-8.39.1 libdevmapper-event1_03-1.02.163-8.39.1 libdevmapper-event1_03-debuginfo-1.02.163-8.39.1 libdevmapper1_03-1.02.163-8.39.1 libdevmapper1_03-debuginfo-1.02.163-8.39.1 liblvm2cmd2_03-2.03.05-8.39.1 liblvm2cmd2_03-debuginfo-2.03.05-8.39.1 lvm2-2.03.05-8.39.1 lvm2-debuginfo-2.03.05-8.39.1 lvm2-debugsource-2.03.05-8.39.1 lvm2-devel-2.03.05-8.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdevmapper1_03-32bit-1.02.163-8.39.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.39.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.39.1 lvm2-lockd-debuginfo-2.03.05-8.39.1 lvm2-lvmlockd-debugsource-2.03.05-8.39.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.39.1 lvm2-lockd-debuginfo-2.03.05-8.39.1 lvm2-lvmlockd-debugsource-2.03.05-8.39.1 References: https://bugzilla.suse.com/1183905 https://bugzilla.suse.com/1193181 From sle-updates at lists.suse.com Mon Jan 3 11:27:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:27:53 +0100 (CET) Subject: SUSE-FU-2022:0006-1: moderate: Feature update for numatop Message-ID: <20220103112753.5084EFE0E@maintenance.suse.de> SUSE Feature Update: Feature update for numatop ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0006-1 Rating: moderate References: SLE-19499 SLE-23044 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This feature update for numatop fixes the following issues: - Add support for ICX processors (jsc#SLE-19499, jsc#SLE-23044) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-6=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-6=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): numatop-2.2-3.3.1 numatop-debuginfo-2.2-3.3.1 numatop-debugsource-2.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le x86_64): numatop-2.2-3.3.1 numatop-debuginfo-2.2-3.3.1 numatop-debugsource-2.2-3.3.1 References: From sle-updates at lists.suse.com Mon Jan 3 11:30:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:30:21 +0100 (CET) Subject: SUSE-RU-2022:0007-1: moderate: Recommended update for grub2 Message-ID: <20220103113021.DB148FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0007-1 Rating: moderate References: #1071559 #1177751 #1189769 #1189874 #1191504 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware. (bsc#1191504) - Fix powerpc-ieee1275 lpar takes long time to boot with increasing number of nvme namespace (bsc#1177751) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-7=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2022-7=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-7=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): grub2-2.04-9.52.3 grub2-debuginfo-2.04-9.52.3 grub2-debugsource-2.04-9.52.3 - SUSE MicroOS 5.0 (noarch): grub2-arm64-efi-2.04-9.52.3 grub2-i386-pc-2.04-9.52.3 grub2-snapper-plugin-2.04-9.52.3 grub2-x86_64-efi-2.04-9.52.3 grub2-x86_64-xen-2.04-9.52.3 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): grub2-x86_64-xen-2.04-9.52.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): grub2-2.04-9.52.3 grub2-debuginfo-2.04-9.52.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 s390x x86_64): grub2-debugsource-2.04-9.52.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): grub2-arm64-efi-2.04-9.52.3 grub2-i386-pc-2.04-9.52.3 grub2-powerpc-ieee1275-2.04-9.52.3 grub2-snapper-plugin-2.04-9.52.3 grub2-systemd-sleep-plugin-2.04-9.52.3 grub2-x86_64-efi-2.04-9.52.3 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (s390x): grub2-s390x-emu-2.04-9.52.3 References: https://bugzilla.suse.com/1071559 https://bugzilla.suse.com/1177751 https://bugzilla.suse.com/1189769 https://bugzilla.suse.com/1189874 https://bugzilla.suse.com/1191504 From sle-updates at lists.suse.com Mon Jan 3 11:32:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 12:32:05 +0100 (CET) Subject: SUSE-RU-2022:0004-1: moderate: Recommended update for libgcrypt Message-ID: <20220103113205.CB242FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for libgcrypt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0004-1 Rating: moderate References: #1193480 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-4=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-4=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-4=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libgcrypt-debugsource-1.8.2-8.42.1 libgcrypt20-1.8.2-8.42.1 libgcrypt20-debuginfo-1.8.2-8.42.1 libgcrypt20-hmac-1.8.2-8.42.1 - SUSE MicroOS 5.0 (aarch64 x86_64): libgcrypt-debugsource-1.8.2-8.42.1 libgcrypt20-1.8.2-8.42.1 libgcrypt20-debuginfo-1.8.2-8.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libgcrypt-debugsource-1.8.2-8.42.1 libgcrypt-devel-1.8.2-8.42.1 libgcrypt-devel-debuginfo-1.8.2-8.42.1 libgcrypt20-1.8.2-8.42.1 libgcrypt20-debuginfo-1.8.2-8.42.1 libgcrypt20-hmac-1.8.2-8.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgcrypt20-32bit-1.8.2-8.42.1 libgcrypt20-32bit-debuginfo-1.8.2-8.42.1 libgcrypt20-hmac-32bit-1.8.2-8.42.1 References: https://bugzilla.suse.com/1193480 From sle-updates at lists.suse.com Mon Jan 3 14:16:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 15:16:37 +0100 (CET) Subject: SUSE-RU-2022:0009-1: important: Recommended update for ovmf Message-ID: <20220103141637.9E8E6FE0E@maintenance.suse.de> SUSE Recommended Update: Recommended update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0009-1 Rating: important References: #1192126 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ovmf fixes the following issue: - VM enters crash/reset loop inside OVMF on reboots (bsc#1192126) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-9=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-9=1 Package List: - SUSE MicroOS 5.1 (noarch): qemu-ovmf-x86_64-202008-10.11.1 qemu-uefi-aarch64-202008-10.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): ovmf-202008-10.11.1 ovmf-tools-202008-10.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): qemu-ovmf-x86_64-202008-10.11.1 qemu-uefi-aarch64-202008-10.11.1 References: https://bugzilla.suse.com/1192126 From sle-updates at lists.suse.com Mon Jan 3 20:16:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 21:16:56 +0100 (CET) Subject: SUSE-RU-2022:0014-1: Recommended update for yast2-packager Message-ID: <20220103201656.55206FE20@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-packager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0014-1 Rating: low References: #1187270 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise Installer 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-packager fixes the following issues: - Fix the tooltip in the control center is properly translated (bsc#1187270) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-14=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-14=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-packager-4.2.70-3.18.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): yast2-packager-4.2.70-3.18.1 References: https://bugzilla.suse.com/1187270 From sle-updates at lists.suse.com Mon Jan 3 20:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 21:18:07 +0100 (CET) Subject: SUSE-RU-2022:0012-1: moderate: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff Message-ID: <20220103201807.C7D3FFE20@maintenance.suse.de> SUSE Recommended Update: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0012-1 Rating: moderate References: MSC-254 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix: - Ship some missing binaries to PackageHub. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-12=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-12=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-12=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-12=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-12=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libjpeg8-8.1.2-32.2.1 libjpeg8-debuginfo-8.1.2-32.2.1 libpixman-1-0-0.34.0-7.2.1 libpixman-1-0-debuginfo-0.34.0-7.2.1 pixman-debugsource-0.34.0-7.2.1 - SUSE MicroOS 5.0 (aarch64 x86_64): cairo-debugsource-1.16.0-5.2.1 libcairo2-1.16.0-5.2.1 libcairo2-debuginfo-1.16.0-5.2.1 libjpeg8-8.1.2-32.2.1 libjpeg8-debuginfo-8.1.2-32.2.1 libpixman-1-0-0.34.0-7.2.1 libpixman-1-0-debuginfo-0.34.0-7.2.1 libxcb-debugsource-1.13-3.7.1 libxcb-render0-1.13-3.7.1 libxcb-render0-debuginfo-1.13-3.7.1 libxcb-shm0-1.13-3.7.1 libxcb-shm0-debuginfo-1.13-3.7.1 libxcb1-1.13-3.7.1 libxcb1-debuginfo-1.13-3.7.1 pixman-debugsource-0.34.0-7.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): libjpeg-turbo-1.5.3-32.2.1 libjpeg-turbo-debuginfo-1.5.3-32.2.1 libjpeg-turbo-debugsource-1.5.3-32.2.1 libpoppler-qt5-1-0.79.0-3.5.1 libpoppler-qt5-1-debuginfo-0.79.0-3.5.1 poppler-qt5-debugsource-0.79.0-3.5.1 tiff-4.0.9-45.2.1 tiff-debuginfo-4.0.9-45.2.1 tiff-debugsource-4.0.9-45.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libcairo2-32bit-1.16.0-5.2.1 libcairo2-32bit-debuginfo-1.16.0-5.2.1 libjbig2-32bit-2.1-3.2.1 libjbig2-32bit-debuginfo-2.1-3.2.1 libjpeg8-32bit-8.1.2-32.2.1 libjpeg8-32bit-debuginfo-8.1.2-32.2.1 libopenjp2-7-32bit-2.3.0-3.2.2 libopenjp2-7-32bit-debuginfo-2.3.0-3.2.2 libpixman-1-0-32bit-0.34.0-7.2.1 libpixman-1-0-32bit-debuginfo-0.34.0-7.2.1 libpoppler-glib8-32bit-0.79.0-3.5.1 libpoppler-glib8-32bit-debuginfo-0.79.0-3.5.1 libpoppler89-32bit-0.79.0-3.5.1 libpoppler89-32bit-debuginfo-0.79.0-3.5.1 libtiff5-32bit-4.0.9-45.2.1 libtiff5-32bit-debuginfo-4.0.9-45.2.1 libwebp7-32bit-1.0.3-3.2.1 libwebp7-32bit-debuginfo-1.0.3-3.2.1 libxcb-render0-32bit-1.13-3.7.1 libxcb-render0-32bit-debuginfo-1.13-3.7.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64): cairo-debugsource-1.16.0-5.2.1 jbigkit-debugsource-2.1-3.2.1 libcairo2-32bit-1.16.0-5.2.1 libcairo2-32bit-debuginfo-1.16.0-5.2.1 libjbig2-32bit-2.1-3.2.1 libjbig2-32bit-debuginfo-2.1-3.2.1 libjpeg8-32bit-8.1.2-32.2.1 libjpeg8-32bit-debuginfo-8.1.2-32.2.1 libpixman-1-0-32bit-0.34.0-7.2.1 libpixman-1-0-32bit-debuginfo-0.34.0-7.2.1 libtiff5-32bit-4.0.9-45.2.1 libtiff5-32bit-debuginfo-4.0.9-45.2.1 libxcb-debugsource-1.13-3.7.1 libxcb-render0-32bit-1.13-3.7.1 libxcb-render0-32bit-debuginfo-1.13-3.7.1 pixman-debugsource-0.34.0-7.2.1 tiff-debugsource-4.0.9-45.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cairo-debugsource-1.16.0-5.2.1 cairo-devel-1.16.0-5.2.1 jbigkit-debuginfo-2.1-3.2.1 jbigkit-debugsource-2.1-3.2.1 libcairo-gobject2-1.16.0-5.2.1 libcairo-gobject2-debuginfo-1.16.0-5.2.1 libcairo-script-interpreter2-1.16.0-5.2.1 libcairo-script-interpreter2-debuginfo-1.16.0-5.2.1 libcairo2-1.16.0-5.2.1 libcairo2-debuginfo-1.16.0-5.2.1 libjbig-devel-2.1-3.2.1 libjbig2-2.1-3.2.1 libjbig2-debuginfo-2.1-3.2.1 libjpeg62-62.2.0-32.0.1 libjpeg62-debuginfo-62.2.0-32.0.1 libjpeg62-devel-62.2.0-32.0.1 libjpeg8-8.1.2-32.2.1 libjpeg8-debuginfo-8.1.2-32.2.1 libjpeg8-devel-8.1.2-32.2.1 libopenjp2-7-2.3.0-3.2.2 libopenjp2-7-debuginfo-2.3.0-3.2.2 libpixman-1-0-0.34.0-7.2.1 libpixman-1-0-debuginfo-0.34.0-7.2.1 libpixman-1-0-devel-0.34.0-7.2.1 libpoppler-cpp0-0.79.0-3.5.1 libpoppler-cpp0-debuginfo-0.79.0-3.5.1 libpoppler-devel-0.79.0-3.5.1 libpoppler-glib-devel-0.79.0-3.5.1 libpoppler-glib8-0.79.0-3.5.1 libpoppler-glib8-debuginfo-0.79.0-3.5.1 libpoppler89-0.79.0-3.5.1 libpoppler89-debuginfo-0.79.0-3.5.1 libtiff-devel-4.0.9-45.2.1 libtiff5-4.0.9-45.2.1 libtiff5-debuginfo-4.0.9-45.2.1 libturbojpeg0-8.1.2-32.2.1 libturbojpeg0-debuginfo-8.1.2-32.2.1 libwebp-debugsource-1.0.3-3.2.1 libwebp-devel-1.0.3-3.2.1 libwebp7-1.0.3-3.2.1 libwebp7-debuginfo-1.0.3-3.2.1 libwebpdecoder3-1.0.3-3.2.1 libwebpdecoder3-debuginfo-1.0.3-3.2.1 libwebpdemux2-1.0.3-3.2.1 libwebpdemux2-debuginfo-1.0.3-3.2.1 libwebpmux3-1.0.3-3.2.1 libwebpmux3-debuginfo-1.0.3-3.2.1 libxcb-composite0-1.13-3.7.1 libxcb-composite0-debuginfo-1.13-3.7.1 libxcb-damage0-1.13-3.7.1 libxcb-damage0-debuginfo-1.13-3.7.1 libxcb-debugsource-1.13-3.7.1 libxcb-devel-1.13-3.7.1 libxcb-dpms0-1.13-3.7.1 libxcb-dpms0-debuginfo-1.13-3.7.1 libxcb-dri2-0-1.13-3.7.1 libxcb-dri2-0-debuginfo-1.13-3.7.1 libxcb-dri3-0-1.13-3.7.1 libxcb-dri3-0-debuginfo-1.13-3.7.1 libxcb-glx0-1.13-3.7.1 libxcb-glx0-debuginfo-1.13-3.7.1 libxcb-present0-1.13-3.7.1 libxcb-present0-debuginfo-1.13-3.7.1 libxcb-randr0-1.13-3.7.1 libxcb-randr0-debuginfo-1.13-3.7.1 libxcb-record0-1.13-3.7.1 libxcb-record0-debuginfo-1.13-3.7.1 libxcb-render0-1.13-3.7.1 libxcb-render0-debuginfo-1.13-3.7.1 libxcb-res0-1.13-3.7.1 libxcb-res0-debuginfo-1.13-3.7.1 libxcb-screensaver0-1.13-3.7.1 libxcb-screensaver0-debuginfo-1.13-3.7.1 libxcb-shape0-1.13-3.7.1 libxcb-shape0-debuginfo-1.13-3.7.1 libxcb-shm0-1.13-3.7.1 libxcb-shm0-debuginfo-1.13-3.7.1 libxcb-sync1-1.13-3.7.1 libxcb-sync1-debuginfo-1.13-3.7.1 libxcb-xf86dri0-1.13-3.7.1 libxcb-xf86dri0-debuginfo-1.13-3.7.1 libxcb-xfixes0-1.13-3.7.1 libxcb-xfixes0-debuginfo-1.13-3.7.1 libxcb-xinerama0-1.13-3.7.1 libxcb-xinerama0-debuginfo-1.13-3.7.1 libxcb-xinput0-1.13-3.7.1 libxcb-xinput0-debuginfo-1.13-3.7.1 libxcb-xkb1-1.13-3.7.1 libxcb-xkb1-debuginfo-1.13-3.7.1 libxcb-xtest0-1.13-3.7.1 libxcb-xtest0-debuginfo-1.13-3.7.1 libxcb-xv0-1.13-3.7.1 libxcb-xv0-debuginfo-1.13-3.7.1 libxcb-xvmc0-1.13-3.7.1 libxcb-xvmc0-debuginfo-1.13-3.7.1 libxcb1-1.13-3.7.1 libxcb1-debuginfo-1.13-3.7.1 openjpeg2-2.3.0-3.2.2 openjpeg2-debuginfo-2.3.0-3.2.2 openjpeg2-debugsource-2.3.0-3.2.2 openjpeg2-devel-2.3.0-3.2.2 pixman-debugsource-0.34.0-7.2.1 poppler-debugsource-0.79.0-3.5.1 poppler-tools-0.79.0-3.5.1 poppler-tools-debuginfo-0.79.0-3.5.1 tiff-debuginfo-4.0.9-45.2.1 tiff-debugsource-4.0.9-45.2.1 typelib-1_0-Poppler-0_18-0.79.0-3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libxcb-devel-doc-1.13-3.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libxcb-dri2-0-32bit-1.13-3.7.1 libxcb-dri2-0-32bit-debuginfo-1.13-3.7.1 libxcb-dri3-0-32bit-1.13-3.7.1 libxcb-dri3-0-32bit-debuginfo-1.13-3.7.1 libxcb-glx0-32bit-1.13-3.7.1 libxcb-glx0-32bit-debuginfo-1.13-3.7.1 libxcb-present0-32bit-1.13-3.7.1 libxcb-present0-32bit-debuginfo-1.13-3.7.1 libxcb-shm0-32bit-1.13-3.7.1 libxcb-shm0-32bit-debuginfo-1.13-3.7.1 libxcb-sync1-32bit-1.13-3.7.1 libxcb-sync1-32bit-debuginfo-1.13-3.7.1 libxcb-xfixes0-32bit-1.13-3.7.1 libxcb-xfixes0-32bit-debuginfo-1.13-3.7.1 libxcb1-32bit-1.13-3.7.1 libxcb1-32bit-debuginfo-1.13-3.7.1 References: From sle-updates at lists.suse.com Mon Jan 3 20:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 21:20:26 +0100 (CET) Subject: SUSE-RU-2022:0013-1: moderate: Recommended update for python36 Message-ID: <20220103202026.AF88FFE20@maintenance.suse.de> SUSE Recommended Update: Recommended update for python36 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0013-1 Rating: moderate References: #1187338 #1190566 #1192249 #1193179 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for python36 fixes the following issues: - Removed unnecessary shebangs from from non executable scripts (bsc#1193179, bsc#1192249) - Python 3.6 needs to be built against openssl 1.1 because incompatible with openssl 3.0+ (bsc#1190566) - Removed build support for obsolete stropts.h (bsc#1187338) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-13=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-13=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python36-devel-3.6.15-16.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-16.2 libpython3_6m1_0-debuginfo-3.6.15-16.2 python36-3.6.15-16.2 python36-base-3.6.15-16.2 python36-base-debuginfo-3.6.15-16.2 python36-debuginfo-3.6.15-16.2 python36-debugsource-3.6.15-16.2 References: https://bugzilla.suse.com/1187338 https://bugzilla.suse.com/1190566 https://bugzilla.suse.com/1192249 https://bugzilla.suse.com/1193179 From sle-updates at lists.suse.com Mon Jan 3 20:23:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 3 Jan 2022 21:23:04 +0100 (CET) Subject: SUSE-RU-2022:0010-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20220103202304.78254FE20@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0010-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issue: Lifecycle data updates. (bsc#1020320) - Updates for 4_12_14-150_78, 4_12_14-197_102, 5_3_18-24_93, 5_3_18-24_96, 5_3_18-59_30, 5_3_18-59_34, 5_3_18-59_37. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-11=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-11=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-11=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-11=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-10=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-10=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2022-10=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2022-10=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-4.66.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-4.66.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-4.66.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-4.66.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.100.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.100.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.100.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.100.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Tue Jan 4 07:37:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 08:37:06 +0100 (CET) Subject: SUSE-CU-2022:1-1: Recommended update of suse/sles12sp3 Message-ID: <20220104073706.26A31FF1B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.343 , suse/sles12sp3:latest Container Release : 24.343 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3-1 Released: Mon Jan 3 08:27:47 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - libgcrypt20-1.6.1-16.80.1 updated From sle-updates at lists.suse.com Tue Jan 4 07:52:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 08:52:15 +0100 (CET) Subject: SUSE-CU-2022:2-1: Recommended update of suse/sles12sp4 Message-ID: <20220104075215.096E1FF1B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:2-1 Container Tags : suse/sles12sp4:26.398 , suse/sles12sp4:latest Container Release : 26.398 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3-1 Released: Mon Jan 3 08:27:47 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - base-container-licenses-3.0-1.262 updated - container-suseconnect-2.0.0-1.155 updated - libgcrypt20-1.6.1-16.80.1 updated From sle-updates at lists.suse.com Tue Jan 4 08:03:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 09:03:27 +0100 (CET) Subject: SUSE-CU-2022:4-1: Recommended update of suse/sles12sp5 Message-ID: <20220104080327.AB5CDFF1B@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:4-1 Container Tags : suse/sles12sp5:6.5.280 , suse/sles12sp5:latest Container Release : 6.5.280 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3-1 Released: Mon Jan 3 08:27:47 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - libgcrypt20-1.6.1-16.80.1 updated From sle-updates at lists.suse.com Tue Jan 4 08:24:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 09:24:59 +0100 (CET) Subject: SUSE-CU-2022:6-1: Recommended update of suse/sle15 Message-ID: <20220104082459.D1D39FF1B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:6-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.495 Container Release : 4.22.495 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:5-1 Released: Mon Jan 3 08:29:08 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - libgcrypt20-1.8.2-6.55.1 updated From sle-updates at lists.suse.com Tue Jan 4 08:43:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 09:43:56 +0100 (CET) Subject: SUSE-CU-2022:8-1: Recommended update of suse/sle15 Message-ID: <20220104084356.92263FF21@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:8-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.552 Container Release : 6.2.552 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - libgcrypt20-1.8.2-8.42.1 updated From sle-updates at lists.suse.com Tue Jan 4 09:00:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 10:00:56 +0100 (CET) Subject: SUSE-CU-2022:9-1: Recommended update of suse/sle15 Message-ID: <20220104090056.CDB1EFF1B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:9-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.71 Container Release : 9.5.71 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated From sle-updates at lists.suse.com Tue Jan 4 09:07:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 10:07:57 +0100 (CET) Subject: SUSE-CU-2022:10-1: Recommended update of suse/sle15 Message-ID: <20220104090757.52A47FF1B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:10-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.54 Container Release : 17.8.54 Severity : moderate Type : recommended References : 1193480 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated From sle-updates at lists.suse.com Tue Jan 4 14:20:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 15:20:42 +0100 (CET) Subject: SUSE-FU-2022:0019-1: moderate: Feature update for ghostscript and gswrap Message-ID: <20220104142042.AFD41FF21@maintenance.suse.de> SUSE Feature Update: Feature update for ghostscript and gswrap ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0019-1 Rating: moderate References: SLE-21705 SLE-21706 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 feature fixes and contains two features can now be installed. Description: This update for ghostscript, gswrap fixes the following issues: We now ship an additional wraper for ghostscript, called gswrap, for SLE 15 SP2 and SLE15 SP3. You can install this wrapper by installing the gswrap package. - Allow the `gswrap` package to use its wrapper script for `ghostscript` (jsc#SLE-21705 jsc#SLE-21706) - Use `update-alternatives` to get the real `ghostscript` binary from `/usr/bin/gs` to `/usr/bin/gs.bin` Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-19=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-19=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-19=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-19=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-19=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-19=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-19=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-19=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-19=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-19=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-19=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-19=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gswrap-0.1-1.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch): gswrap-0.1-1.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 - SUSE CaaS Platform 4.0 (x86_64): ghostscript-9.52-158.1 ghostscript-debuginfo-9.52-158.1 ghostscript-debugsource-9.52-158.1 ghostscript-devel-9.52-158.1 ghostscript-x11-9.52-158.1 ghostscript-x11-debuginfo-9.52-158.1 References: From sle-updates at lists.suse.com Tue Jan 4 14:23:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 15:23:04 +0100 (CET) Subject: SUSE-RU-2022:0018-1: moderate: Recommended update for targetcli-fb Message-ID: <20220104142304.91F4EFF21@maintenance.suse.de> SUSE Recommended Update: Recommended update for targetcli-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0018-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for targetcli-fb fixes the following issues: - Fix sparse file creation - Do not install systemd files in 'setup.py', Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-18=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-18=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-targetcli-fb-2.1.54-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-targetcli-fb-2.1.54-3.3.1 targetcli-fb-common-2.1.54-3.3.1 References: From sle-updates at lists.suse.com Tue Jan 4 14:24:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 15:24:13 +0100 (CET) Subject: SUSE-FU-2022:0017-1: moderate: Feature update for ghostscript Message-ID: <20220104142413.AAD06FF21@maintenance.suse.de> SUSE Feature Update: Feature update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0017-1 Rating: moderate References: SLE-21704 Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This update for ghostscript fixes the following issues: We now ship an additional wraper for ghostscript, called gswrap. You can install it by installing gswrap. - Use update-alternatives to get the real ghostscript binary from /usr/bin/gs to /usr/bin/gs.bin and allow the gswrap package to use this with its wrapper script (jsc#SLE-21704) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-17=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-17=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.52-23.45.1 ghostscript-debugsource-9.52-23.45.1 ghostscript-devel-9.52-23.45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.45.1 ghostscript-debuginfo-9.52-23.45.1 ghostscript-debugsource-9.52-23.45.1 ghostscript-devel-9.52-23.45.1 ghostscript-x11-9.52-23.45.1 ghostscript-x11-debuginfo-9.52-23.45.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): gswrap-0.1-8.3.3 References: From sle-updates at lists.suse.com Tue Jan 4 17:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 18:16:52 +0100 (CET) Subject: SUSE-RU-2022:0020-1: moderate: Recommended update for sles-installer-sap-bone-release Message-ID: <20220104171652.37713FF1B@maintenance.suse.de> SUSE Recommended Update: Recommended update for sles-installer-sap-bone-release ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0020-1 Rating: moderate References: #1175174 #1192872 SLE-23111 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for sles-installer-sap-bone-release fixes the following issues: - SAP B1 Image release package update required (bsc#1192872) Increase release ECO: Deliver Missing package sles-installer-sap-bone-release to SLES 15 SP2. (jsc#SLE-23111) - The reason of this package is the need of identification for preloded OEM installation. (bsc#1175174) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-20=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): sles-installer-sap-bone-release-15.2-5.3.2 References: https://bugzilla.suse.com/1175174 https://bugzilla.suse.com/1192872 From sle-updates at lists.suse.com Tue Jan 4 20:18:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 4 Jan 2022 21:18:32 +0100 (CET) Subject: SUSE-SU-2022:0021-1: important: Security update for libvirt Message-ID: <20220104201832.3D6C7FF1B@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0021-1 Rating: important References: #1191668 #1192017 #1193623 #1193719 #1193981 #1194041 Cross-References: CVE-2021-4147 CVSS scores: CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-21=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-21=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-21=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libvirt-daemon-7.1.0-6.11.1 libvirt-daemon-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-interface-7.1.0-6.11.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-network-7.1.0-6.11.1 libvirt-daemon-driver-network-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-nodedev-7.1.0-6.11.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-nwfilter-7.1.0-6.11.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-qemu-7.1.0-6.11.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-secret-7.1.0-6.11.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-7.1.0-6.11.1 libvirt-daemon-driver-storage-core-7.1.0-6.11.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-disk-7.1.0-6.11.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-logical-7.1.0-6.11.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-mpath-7.1.0-6.11.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-scsi-7.1.0-6.11.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-6.11.1 libvirt-daemon-qemu-7.1.0-6.11.1 libvirt-debugsource-7.1.0-6.11.1 libvirt-libs-7.1.0-6.11.1 libvirt-libs-debuginfo-7.1.0-6.11.1 - SUSE MicroOS 5.1 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-6.11.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-6.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-7.1.0-6.11.1 libvirt-admin-7.1.0-6.11.1 libvirt-admin-debuginfo-7.1.0-6.11.1 libvirt-client-7.1.0-6.11.1 libvirt-client-debuginfo-7.1.0-6.11.1 libvirt-daemon-7.1.0-6.11.1 libvirt-daemon-config-network-7.1.0-6.11.1 libvirt-daemon-config-nwfilter-7.1.0-6.11.1 libvirt-daemon-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-interface-7.1.0-6.11.1 libvirt-daemon-driver-interface-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-lxc-7.1.0-6.11.1 libvirt-daemon-driver-lxc-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-network-7.1.0-6.11.1 libvirt-daemon-driver-network-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-nodedev-7.1.0-6.11.1 libvirt-daemon-driver-nodedev-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-nwfilter-7.1.0-6.11.1 libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-qemu-7.1.0-6.11.1 libvirt-daemon-driver-qemu-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-secret-7.1.0-6.11.1 libvirt-daemon-driver-secret-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-7.1.0-6.11.1 libvirt-daemon-driver-storage-core-7.1.0-6.11.1 libvirt-daemon-driver-storage-core-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-disk-7.1.0-6.11.1 libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.11.1 libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-logical-7.1.0-6.11.1 libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-mpath-7.1.0-6.11.1 libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-6.11.1 libvirt-daemon-driver-storage-scsi-7.1.0-6.11.1 libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-6.11.1 libvirt-daemon-hooks-7.1.0-6.11.1 libvirt-daemon-lxc-7.1.0-6.11.1 libvirt-daemon-qemu-7.1.0-6.11.1 libvirt-debugsource-7.1.0-6.11.1 libvirt-devel-7.1.0-6.11.1 libvirt-lock-sanlock-7.1.0-6.11.1 libvirt-lock-sanlock-debuginfo-7.1.0-6.11.1 libvirt-nss-7.1.0-6.11.1 libvirt-nss-debuginfo-7.1.0-6.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-7.1.0-6.11.1 libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-6.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (x86_64): libvirt-daemon-driver-libxl-7.1.0-6.11.1 libvirt-daemon-driver-libxl-debuginfo-7.1.0-6.11.1 libvirt-daemon-xen-7.1.0-6.11.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): libvirt-bash-completion-7.1.0-6.11.1 libvirt-doc-7.1.0-6.11.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-7.1.0-6.11.1 libvirt-libs-7.1.0-6.11.1 libvirt-libs-debuginfo-7.1.0-6.11.1 References: https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1192017 https://bugzilla.suse.com/1193623 https://bugzilla.suse.com/1193719 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Wed Jan 5 07:23:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 08:23:45 +0100 (CET) Subject: SUSE-IU-2022:1-1: Security update of suse-sles-15-sp3-chost-byos-v20220103-gen2 Message-ID: <20220105072345.D221CFF1B@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220103-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:1-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220103-gen2:20220103 Image Release : Severity : important Type : security References : 1027519 1029961 1071559 1113013 1152489 1161276 1162581 1169263 1170269 1174504 1174504 1177460 1180064 1180125 1183137 1183374 1183858 1183905 1184924 1185588 1185768 1187196 1187654 1187668 1187993 1189241 1189287 1189769 1189874 1190401 1190523 1190795 1190975 1191363 1191504 1191532 1191563 1191592 1191690 1191790 1191961 1192045 1192217 1192248 1192273 1192328 1192375 1192423 1192473 1192522 1192554 1192557 1192559 1192688 1192717 1192718 1192740 1192745 1192750 1192753 1192758 1192781 1192802 1192849 1192858 1192896 1192906 1192918 1193170 1193181 1193430 1193436 1193480 1193512 1193557 1193759 CVE-2020-25717 CVE-2020-29361 CVE-2021-0941 CVE-2021-20322 CVE-2021-28041 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-31916 CVE-2021-3426 CVE-2021-34981 CVE-2021-3733 CVE-2021-3737 CVE-2021-41617 CVE-2021-42771 CVE-2021-43527 CVE-2021-43618 CVE-2021-43784 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220103-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3941-1 Released: Mon Dec 6 14:45:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1169263,1170269,1184924,1190523,1190795,1191790,1191961,1192045,1192217,1192273,1192328,1192375,1192473,1192718,1192740,1192745,1192750,1192753,1192758,1192781,1192802,1192896,1192906,1192918,CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3945-1 Released: Mon Dec 6 14:56:55 2021 Summary: Security update for python-Babel Type: security Severity: important References: 1185768,CVE-2021-42771 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3968-1 Released: Tue Dec 7 15:31:00 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4141-1 Released: Wed Dec 22 05:22:23 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1193512 This update for dracut fixes the following issues: - Add iscsi-init.service requirements (bsc#1193512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4149-1 Released: Wed Dec 22 10:41:05 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1192849,CVE-2020-25717 This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4163-1 Released: Wed Dec 22 22:36:00 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1071559,1189769,1189874,1191504,1192522 This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware. (bsc#1191504) - Fix arm64 kernel image not aligned on 64k boundary. (bsc#1192522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4178-1 Released: Thu Dec 23 11:47:22 2021 Summary: Recommended update for cpupower Type: recommended Severity: important References: 1193557 This update for cpupower fixes the following issues: - Fix `turbostat` immediately exiting on AMD Zen machines (bsc#1193557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - apparmor-abstractions-2.13.6-3.8.1 updated - apparmor-parser-2.13.6-3.8.1 updated - cpupower-5.10-3.6.1 updated - dracut-049.1+suse.218.gca24e614-3.48.3 updated - glibc-locale-base-2.31-9.6.1 updated - glibc-locale-2.31-9.6.1 updated - glibc-2.31-9.6.1 updated - grub2-i386-pc-2.04-22.6.3 updated - grub2-x86_64-efi-2.04-22.6.3 updated - grub2-2.04-22.6.3 updated - kernel-default-5.3.18-59.37.2 updated - keyutils-1.6.3-5.6.1 updated - kmod-29-4.15.1 updated - libapparmor1-2.13.6-3.8.1 updated - libcpupower0-5.10-3.6.1 updated - libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libfreebl3-3.68.1-3.61.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-29-4.15.1 updated - libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libp11-kit0-0.23.2-4.13.1 updated - libpython3_6m1_0-3.6.15-10.9.1 updated - libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsystemd0-246.16-7.28.1 updated - libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libudev1-246.16-7.28.1 updated - libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libz1-1.2.11-3.24.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-server-8.4p1-3.9.1 updated - openssh-8.4p1-3.9.1 updated - openssl-1_1-1.1.1d-11.33.2 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - permissions-20181225-23.9.1 updated - python3-Babel-2.8.0-3.3.1 updated - python3-base-3.6.15-10.9.1 updated - python3-3.6.15-10.9.1 updated - runc-1.0.3-27.1 updated - samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 updated - samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 updated - suse-module-tools-15.3.15-3.17.1 updated - system-group-hardware-20170617-17.3.1 updated - system-group-kvm-20170617-17.3.1 updated - system-group-wheel-20170617-17.3.1 updated - system-user-lp-20170617-17.3.1 updated - system-user-nobody-20170617-17.3.1 updated - systemd-sysvinit-246.16-7.28.1 updated - systemd-246.16-7.28.1 updated - timezone-2021e-75.4.1 updated - udev-246.16-7.28.1 updated - xen-libs-4.14.3_04-3.15.1 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Wed Jan 5 07:24:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 08:24:39 +0100 (CET) Subject: SUSE-IU-2022:2-1: Security update of suse-sles-15-sp3-chost-byos-v20220103-hvm-ssd-x86_64 Message-ID: <20220105072439.D9157FF1B@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220103-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:2-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220103-hvm-ssd-x86_64:20220103 Image Release : Severity : important Type : security References : 1027519 1029961 1071559 1113013 1152489 1161276 1162581 1169263 1170269 1174504 1174504 1177460 1180064 1180125 1183137 1183374 1183858 1183905 1184924 1185588 1185768 1187196 1187654 1187668 1187993 1189241 1189287 1189769 1189874 1190401 1190523 1190795 1190975 1191363 1191504 1191532 1191563 1191592 1191690 1191790 1191961 1192045 1192217 1192248 1192273 1192328 1192375 1192423 1192473 1192522 1192554 1192557 1192559 1192688 1192717 1192718 1192740 1192745 1192750 1192753 1192758 1192781 1192802 1192849 1192858 1192896 1192906 1192918 1193170 1193181 1193430 1193436 1193480 1193512 1193557 1193759 CVE-2020-25717 CVE-2020-29361 CVE-2021-0941 CVE-2021-20322 CVE-2021-28041 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-31916 CVE-2021-3426 CVE-2021-34981 CVE-2021-3733 CVE-2021-3737 CVE-2021-41617 CVE-2021-42771 CVE-2021-43527 CVE-2021-43618 CVE-2021-43784 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220103-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3941-1 Released: Mon Dec 6 14:45:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1169263,1170269,1184924,1190523,1190795,1191790,1191961,1192045,1192217,1192273,1192328,1192375,1192473,1192718,1192740,1192745,1192750,1192753,1192758,1192781,1192802,1192896,1192906,1192918,CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3945-1 Released: Mon Dec 6 14:56:55 2021 Summary: Security update for python-Babel Type: security Severity: important References: 1185768,CVE-2021-42771 This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal that may lead to arbitrary locale files loading and arbitrary code execution (bsc#1185768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3968-1 Released: Tue Dec 7 15:31:00 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4141-1 Released: Wed Dec 22 05:22:23 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1193512 This update for dracut fixes the following issues: - Add iscsi-init.service requirements (bsc#1193512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4149-1 Released: Wed Dec 22 10:41:05 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1192849,CVE-2020-25717 This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4163-1 Released: Wed Dec 22 22:36:00 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1071559,1189769,1189874,1191504,1192522 This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware. (bsc#1191504) - Fix arm64 kernel image not aligned on 64k boundary. (bsc#1192522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4178-1 Released: Thu Dec 23 11:47:22 2021 Summary: Recommended update for cpupower Type: recommended Severity: important References: 1193557 This update for cpupower fixes the following issues: - Fix `turbostat` immediately exiting on AMD Zen machines (bsc#1193557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - apparmor-abstractions-2.13.6-3.8.1 updated - apparmor-parser-2.13.6-3.8.1 updated - cpupower-5.10-3.6.1 updated - dracut-049.1+suse.218.gca24e614-3.48.3 updated - glibc-locale-base-2.31-9.6.1 updated - glibc-locale-2.31-9.6.1 updated - glibc-2.31-9.6.1 updated - grub2-i386-pc-2.04-22.6.3 updated - grub2-x86_64-efi-2.04-22.6.3 updated - grub2-x86_64-xen-2.04-22.6.3 updated - grub2-2.04-22.6.3 updated - kernel-default-5.3.18-59.37.2 updated - keyutils-1.6.3-5.6.1 updated - kmod-29-4.15.1 updated - libapparmor1-2.13.6-3.8.1 updated - libcpupower0-5.10-3.6.1 updated - libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libfreebl3-3.68.1-3.61.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-29-4.15.1 updated - libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libp11-kit0-0.23.2-4.13.1 updated - libpython3_6m1_0-3.6.15-10.9.1 updated - libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsystemd0-246.16-7.28.1 updated - libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libudev1-246.16-7.28.1 updated - libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libz1-1.2.11-3.24.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-server-8.4p1-3.9.1 updated - openssh-8.4p1-3.9.1 updated - openssl-1_1-1.1.1d-11.33.2 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - permissions-20181225-23.9.1 updated - python3-Babel-2.8.0-3.3.1 updated - python3-base-3.6.15-10.9.1 updated - python3-3.6.15-10.9.1 updated - runc-1.0.3-27.1 updated - samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 updated - samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 updated - suse-module-tools-15.3.15-3.17.1 updated - system-group-hardware-20170617-17.3.1 updated - system-group-kvm-20170617-17.3.1 updated - system-group-wheel-20170617-17.3.1 updated - system-user-lp-20170617-17.3.1 updated - system-user-nobody-20170617-17.3.1 updated - systemd-sysvinit-246.16-7.28.1 updated - systemd-246.16-7.28.1 updated - timezone-2021e-75.4.1 updated - udev-246.16-7.28.1 updated - xen-libs-4.14.3_04-3.15.1 updated - xen-tools-domU-4.14.3_04-3.15.1 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Wed Jan 5 07:25:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 08:25:39 +0100 (CET) Subject: SUSE-IU-2022:3-1: Security update of sles-15-sp3-chost-byos-v20220103 Message-ID: <20220105072539.0998AFF1B@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220103 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:3-1 Image Tags : sles-15-sp3-chost-byos-v20220103:20220103 Image Release : Severity : important Type : security References : 1027519 1029961 1071559 1113013 1152489 1161276 1162581 1169263 1170269 1174504 1174504 1177460 1180064 1180125 1183137 1183374 1183858 1183905 1184924 1185588 1187196 1187654 1187668 1187993 1189241 1189287 1189769 1189874 1190401 1190523 1190795 1190975 1191363 1191504 1191532 1191563 1191592 1191690 1191790 1191961 1192045 1192217 1192248 1192273 1192328 1192375 1192423 1192473 1192522 1192554 1192557 1192559 1192688 1192717 1192718 1192740 1192745 1192750 1192753 1192758 1192781 1192802 1192849 1192858 1192896 1192906 1192918 1193170 1193181 1193430 1193436 1193480 1193512 1193557 1193759 CVE-2020-25717 CVE-2020-29361 CVE-2021-0941 CVE-2021-20322 CVE-2021-28041 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-31916 CVE-2021-3426 CVE-2021-34981 CVE-2021-3733 CVE-2021-3737 CVE-2021-41617 CVE-2021-43527 CVE-2021-43618 CVE-2021-43784 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220103 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3941-1 Released: Mon Dec 6 14:45:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1169263,1170269,1184924,1190523,1190795,1191790,1191961,1192045,1192217,1192273,1192328,1192375,1192473,1192718,1192740,1192745,1192750,1192753,1192758,1192781,1192802,1192896,1192906,1192918,CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3968-1 Released: Tue Dec 7 15:31:00 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4141-1 Released: Wed Dec 22 05:22:23 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1193512 This update for dracut fixes the following issues: - Add iscsi-init.service requirements (bsc#1193512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4149-1 Released: Wed Dec 22 10:41:05 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1192849,CVE-2020-25717 This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4163-1 Released: Wed Dec 22 22:36:00 2021 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1071559,1189769,1189874,1191504,1192522 This update for grub2 fixes the following issues: - Fixed an issue when 'lvmid' disk cannot be found after second disk added to the root volume group. (bsc#1189874, bsc#1071559) - Fix for an error when '/boot/grub2/locale/POSIX.gmo' not found. (bsc#1189769) - Fix unknown TPM error on buggy uefi firmware. (bsc#1191504) - Fix arm64 kernel image not aligned on 64k boundary. (bsc#1192522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4171-1 Released: Thu Dec 23 09:55:13 2021 Summary: Security update for runc Type: security Severity: moderate References: 1193436,CVE-2021-43784 This update for runc fixes the following issues: Update to runc v1.0.3. * CVE-2021-43784: Fixed a potential vulnerability related to the internal usage of netlink, which is believed to not be exploitable with any released versions of runc (bsc#1193436) * Fixed inability to start a container with read-write bind mount of a read-only fuse host mount. * Fixed inability to start when read-only /dev in set in spec. * Fixed not removing sub-cgroups upon container delete, when rootless cgroup v2 is used with older systemd. * Fixed returning error from GetStats when hugetlb is unsupported (which causes excessive logging for kubernetes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4178-1 Released: Thu Dec 23 11:47:22 2021 Summary: Recommended update for cpupower Type: recommended Severity: important References: 1193557 This update for cpupower fixes the following issues: - Fix `turbostat` immediately exiting on AMD Zen machines (bsc#1193557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - apparmor-abstractions-2.13.6-3.8.1 updated - apparmor-parser-2.13.6-3.8.1 updated - cpupower-5.10-3.6.1 updated - dracut-049.1+suse.218.gca24e614-3.48.3 updated - glibc-locale-base-2.31-9.6.1 updated - glibc-locale-2.31-9.6.1 updated - glibc-2.31-9.6.1 updated - grub2-i386-pc-2.04-22.6.3 updated - grub2-x86_64-efi-2.04-22.6.3 updated - grub2-2.04-22.6.3 updated - kernel-default-5.3.18-59.37.2 updated - keyutils-1.6.3-5.6.1 updated - kmod-29-4.15.1 updated - libapparmor1-2.13.6-3.8.1 updated - libcpupower0-5.10-3.6.1 updated - libdcerpc-binding0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libdcerpc0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libfreebl3-3.68.1-3.61.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-29-4.15.1 updated - libndr-krb5pac0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr-nbt0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr-standard0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libndr1-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libnetapi0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libp11-kit0-0.23.2-4.13.1 updated - libpython3_6m1_0-3.6.15-10.9.1 updated - libsamba-credentials0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-errors0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-hostconfig0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-passdb0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamba-util0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsamdb0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsmbconf0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsmbldap2-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libsystemd0-246.16-7.28.1 updated - libtevent-util0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libudev1-246.16-7.28.1 updated - libwbclient0-4.13.13+git.539.fdbc44a8598-3.20.2 updated - libz1-1.2.11-3.24.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-server-8.4p1-3.9.1 updated - openssh-8.4p1-3.9.1 updated - openssl-1_1-1.1.1d-11.33.2 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - permissions-20181225-23.9.1 updated - python3-base-3.6.15-10.9.1 updated - python3-3.6.15-10.9.1 updated - runc-1.0.3-27.1 updated - samba-libs-python3-4.13.13+git.539.fdbc44a8598-3.20.2 updated - samba-libs-4.13.13+git.539.fdbc44a8598-3.20.2 updated - suse-module-tools-15.3.15-3.17.1 updated - system-group-hardware-20170617-17.3.1 updated - system-group-kvm-20170617-17.3.1 updated - system-group-wheel-20170617-17.3.1 updated - system-user-lp-20170617-17.3.1 updated - system-user-nobody-20170617-17.3.1 updated - systemd-sysvinit-246.16-7.28.1 updated - systemd-246.16-7.28.1 updated - timezone-2021e-75.4.1 updated - udev-246.16-7.28.1 updated - xen-libs-4.14.3_04-3.15.1 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Wed Jan 5 11:16:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 12:16:42 +0100 (CET) Subject: SUSE-RU-2022:0022-1: moderate: Recommended update for tcsh Message-ID: <20220105111642.489DEFF21@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0022-1 Rating: moderate References: #1192472 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcsh fixes the following issues: - Fix tcsh using up all memory and being terminated because of broken history files (bsc#1192472) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-22=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): tcsh-6.18.01-8.20.1 tcsh-debuginfo-6.18.01-8.20.1 tcsh-debugsource-6.18.01-8.20.1 tcsh-lang-6.18.01-8.20.1 References: https://bugzilla.suse.com/1192472 From sle-updates at lists.suse.com Wed Jan 5 11:17:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 12:17:53 +0100 (CET) Subject: SUSE-RU-2022:0023-1: Recommended update for telnet Message-ID: <20220105111753.AA183FF21@maintenance.suse.de> SUSE Recommended Update: Recommended update for telnet ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0023-1 Rating: low References: #1129922 #1129925 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for telnet fixes the following issues: - Improve the package meta data and cleanup of the package's spec file (bsc#1129922) - Update Source location to use Gentoo mirror (bsc#1129925) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-23=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): telnet-1.2-167.7.1 telnet-debuginfo-1.2-167.7.1 telnet-debugsource-1.2-167.7.1 telnet-server-1.2-167.7.1 telnet-server-debuginfo-1.2-167.7.1 References: https://bugzilla.suse.com/1129922 https://bugzilla.suse.com/1129925 From sle-updates at lists.suse.com Wed Jan 5 20:17:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:17:03 +0100 (CET) Subject: SUSE-SU-2022:0030-1: important: Security update for net-snmp Message-ID: <20220105201703.B24C4FF21@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0030-1 Rating: important References: #1100146 #1145864 #1152968 #1174961 #1178021 #1178351 #1179009 #1179699 #1184839 Cross-References: CVE-2020-15862 CVSS scores: CVE-2020-15862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-15862 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves one vulnerability and has 8 fixes is now available. Description: This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-30=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-30=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-30=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-30=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-30=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-30=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-30=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-30=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-30=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-30=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-30=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-30=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-30=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE OpenStack Cloud 9 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE OpenStack Cloud 8 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 net-snmp-devel-5.7.3-6.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 - HPE Helion Openstack 8 (x86_64): libsnmp30-32bit-5.7.3-6.9.1 libsnmp30-5.7.3-6.9.1 libsnmp30-debuginfo-32bit-5.7.3-6.9.1 libsnmp30-debuginfo-5.7.3-6.9.1 net-snmp-5.7.3-6.9.1 net-snmp-debuginfo-5.7.3-6.9.1 net-snmp-debugsource-5.7.3-6.9.1 perl-SNMP-5.7.3-6.9.1 perl-SNMP-debuginfo-5.7.3-6.9.1 snmp-mibs-5.7.3-6.9.1 References: https://www.suse.com/security/cve/CVE-2020-15862.html https://bugzilla.suse.com/1100146 https://bugzilla.suse.com/1145864 https://bugzilla.suse.com/1152968 https://bugzilla.suse.com/1174961 https://bugzilla.suse.com/1178021 https://bugzilla.suse.com/1178351 https://bugzilla.suse.com/1179009 https://bugzilla.suse.com/1179699 https://bugzilla.suse.com/1184839 From sle-updates at lists.suse.com Wed Jan 5 20:19:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:19:02 +0100 (CET) Subject: SUSE-SU-2022:0029-1: important: Security update for python-Babel Message-ID: <20220105201902.546B5FF21@maintenance.suse.de> SUSE Security Update: Security update for python-Babel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0029-1 Rating: important References: #1185768 Cross-References: CVE-2021-42771 CVSS scores: CVE-2021-42771 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal leading to loading arbitrary locale files on disk and executing arbitrary code (bsc#1185768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-29=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-29=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-29=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Babel-2.3.4-4.3.1 - SUSE OpenStack Cloud 8 (noarch): python-Babel-2.3.4-4.3.1 - HPE Helion Openstack 8 (noarch): python-Babel-2.3.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2021-42771.html https://bugzilla.suse.com/1185768 From sle-updates at lists.suse.com Wed Jan 5 20:20:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:20:13 +0100 (CET) Subject: SUSE-SU-2022:0028-1: important: Security update for python-Babel Message-ID: <20220105202013.30E76FF21@maintenance.suse.de> SUSE Security Update: Security update for python-Babel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0028-1 Rating: important References: #1185768 Cross-References: CVE-2021-42771 CVSS scores: CVE-2021-42771 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Babel fixes the following issues: - CVE-2021-42771: Fixed relative path traversal leading to loading arbitrary locale files on disk and executing arbitrary code (bsc#1185768). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-28=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-28=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Babel-2.5.1-3.3.1 - SUSE OpenStack Cloud 9 (noarch): python-Babel-2.5.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-42771.html https://bugzilla.suse.com/1185768 From sle-updates at lists.suse.com Wed Jan 5 20:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:21:26 +0100 (CET) Subject: SUSE-SU-2022:0031-1: important: Security update for libvirt Message-ID: <20220105202126.7D6C2FF21@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0031-1 Rating: important References: #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-31=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-31=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-31=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-31=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libvirt-4.0.0-9.40.1 libvirt-admin-4.0.0-9.40.1 libvirt-admin-debuginfo-4.0.0-9.40.1 libvirt-client-4.0.0-9.40.1 libvirt-client-debuginfo-4.0.0-9.40.1 libvirt-daemon-4.0.0-9.40.1 libvirt-daemon-config-network-4.0.0-9.40.1 libvirt-daemon-config-nwfilter-4.0.0-9.40.1 libvirt-daemon-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-interface-4.0.0-9.40.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-lxc-4.0.0-9.40.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-network-4.0.0-9.40.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-qemu-4.0.0-9.40.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-secret-4.0.0-9.40.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-hooks-4.0.0-9.40.1 libvirt-daemon-lxc-4.0.0-9.40.1 libvirt-daemon-qemu-4.0.0-9.40.1 libvirt-debugsource-4.0.0-9.40.1 libvirt-devel-4.0.0-9.40.1 libvirt-doc-4.0.0-9.40.1 libvirt-libs-4.0.0-9.40.1 libvirt-libs-debuginfo-4.0.0-9.40.1 libvirt-lock-sanlock-4.0.0-9.40.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.40.1 libvirt-nss-4.0.0-9.40.1 libvirt-nss-debuginfo-4.0.0-9.40.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.40.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.40.1 libvirt-daemon-xen-4.0.0-9.40.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libvirt-4.0.0-9.40.1 libvirt-admin-4.0.0-9.40.1 libvirt-admin-debuginfo-4.0.0-9.40.1 libvirt-client-4.0.0-9.40.1 libvirt-client-debuginfo-4.0.0-9.40.1 libvirt-daemon-4.0.0-9.40.1 libvirt-daemon-config-network-4.0.0-9.40.1 libvirt-daemon-config-nwfilter-4.0.0-9.40.1 libvirt-daemon-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-interface-4.0.0-9.40.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-lxc-4.0.0-9.40.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-network-4.0.0-9.40.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-qemu-4.0.0-9.40.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-secret-4.0.0-9.40.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-hooks-4.0.0-9.40.1 libvirt-daemon-lxc-4.0.0-9.40.1 libvirt-daemon-qemu-4.0.0-9.40.1 libvirt-debugsource-4.0.0-9.40.1 libvirt-devel-4.0.0-9.40.1 libvirt-doc-4.0.0-9.40.1 libvirt-libs-4.0.0-9.40.1 libvirt-libs-debuginfo-4.0.0-9.40.1 libvirt-lock-sanlock-4.0.0-9.40.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.40.1 libvirt-nss-4.0.0-9.40.1 libvirt-nss-debuginfo-4.0.0-9.40.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64): libvirt-daemon-driver-storage-rbd-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libvirt-4.0.0-9.40.1 libvirt-admin-4.0.0-9.40.1 libvirt-admin-debuginfo-4.0.0-9.40.1 libvirt-client-4.0.0-9.40.1 libvirt-client-debuginfo-4.0.0-9.40.1 libvirt-daemon-4.0.0-9.40.1 libvirt-daemon-config-network-4.0.0-9.40.1 libvirt-daemon-config-nwfilter-4.0.0-9.40.1 libvirt-daemon-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-interface-4.0.0-9.40.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-lxc-4.0.0-9.40.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-network-4.0.0-9.40.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-qemu-4.0.0-9.40.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-secret-4.0.0-9.40.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-hooks-4.0.0-9.40.1 libvirt-daemon-lxc-4.0.0-9.40.1 libvirt-daemon-qemu-4.0.0-9.40.1 libvirt-debugsource-4.0.0-9.40.1 libvirt-devel-4.0.0-9.40.1 libvirt-doc-4.0.0-9.40.1 libvirt-libs-4.0.0-9.40.1 libvirt-libs-debuginfo-4.0.0-9.40.1 libvirt-lock-sanlock-4.0.0-9.40.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.40.1 libvirt-nss-4.0.0-9.40.1 libvirt-nss-debuginfo-4.0.0-9.40.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.40.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.40.1 libvirt-daemon-xen-4.0.0-9.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libvirt-4.0.0-9.40.1 libvirt-admin-4.0.0-9.40.1 libvirt-admin-debuginfo-4.0.0-9.40.1 libvirt-client-4.0.0-9.40.1 libvirt-client-debuginfo-4.0.0-9.40.1 libvirt-daemon-4.0.0-9.40.1 libvirt-daemon-config-network-4.0.0-9.40.1 libvirt-daemon-config-nwfilter-4.0.0-9.40.1 libvirt-daemon-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-interface-4.0.0-9.40.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-lxc-4.0.0-9.40.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-network-4.0.0-9.40.1 libvirt-daemon-driver-network-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-4.0.0-9.40.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-4.0.0-9.40.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-qemu-4.0.0-9.40.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-secret-4.0.0-9.40.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-4.0.0-9.40.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-4.0.0-9.40.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-4.0.0-9.40.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-4.0.0-9.40.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-4.0.0-9.40.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-4.0.0-9.40.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-9.40.1 libvirt-daemon-hooks-4.0.0-9.40.1 libvirt-daemon-lxc-4.0.0-9.40.1 libvirt-daemon-qemu-4.0.0-9.40.1 libvirt-debugsource-4.0.0-9.40.1 libvirt-devel-4.0.0-9.40.1 libvirt-doc-4.0.0-9.40.1 libvirt-libs-4.0.0-9.40.1 libvirt-libs-debuginfo-4.0.0-9.40.1 libvirt-lock-sanlock-4.0.0-9.40.1 libvirt-lock-sanlock-debuginfo-4.0.0-9.40.1 libvirt-nss-4.0.0-9.40.1 libvirt-nss-debuginfo-4.0.0-9.40.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libvirt-daemon-driver-libxl-4.0.0-9.40.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-9.40.1 libvirt-daemon-xen-4.0.0-9.40.1 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Wed Jan 5 20:22:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:22:52 +0100 (CET) Subject: SUSE-SU-2022:14872-1: important: Security update for libsndfile Message-ID: <20220105202252.E7CBDFF21@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14872-1 Rating: important References: #1194006 Cross-References: CVE-2021-4156 CVSS scores: CVE-2021-4156 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-libsndfile-14872=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-libsndfile-14872=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-libsndfile-14872=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-libsndfile-14872=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libsndfile-1.0.20-2.19.18.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libsndfile-32bit-1.0.20-2.19.18.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libsndfile-1.0.20-2.19.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): libsndfile-debuginfo-1.0.20-2.19.18.1 libsndfile-debugsource-1.0.20-2.19.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.19.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): libsndfile-debuginfo-1.0.20-2.19.18.1 libsndfile-debugsource-1.0.20-2.19.18.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): libsndfile-debuginfo-32bit-1.0.20-2.19.18.1 References: https://www.suse.com/security/cve/CVE-2021-4156.html https://bugzilla.suse.com/1194006 From sle-updates at lists.suse.com Wed Jan 5 20:24:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:24:11 +0100 (CET) Subject: SUSE-SU-2022:0034-1: important: Security update for libsndfile Message-ID: <20220105202411.B82E2FF21@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0034-1 Rating: important References: #1194006 Cross-References: CVE-2021-4156 CVSS scores: CVE-2021-4156 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-34=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-34=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-34=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-34=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-34=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-34=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-34=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-34=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-34=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-34=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-34=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-34=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-34=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE OpenStack Cloud 9 (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE OpenStack Cloud 8 (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile-devel-1.0.25-36.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 - HPE Helion Openstack 8 (x86_64): libsndfile-debugsource-1.0.25-36.26.1 libsndfile1-1.0.25-36.26.1 libsndfile1-32bit-1.0.25-36.26.1 libsndfile1-debuginfo-1.0.25-36.26.1 libsndfile1-debuginfo-32bit-1.0.25-36.26.1 References: https://www.suse.com/security/cve/CVE-2021-4156.html https://bugzilla.suse.com/1194006 From sle-updates at lists.suse.com Wed Jan 5 20:25:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:25:29 +0100 (CET) Subject: SUSE-SU-2022:0032-1: important: Security update for libvirt Message-ID: <20220105202529.751D4FF21@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0032-1 Rating: important References: #1190420 #1191668 #1192017 #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-32=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-32=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-debugsource-5.1.0-13.28.2 libvirt-devel-5.1.0-13.28.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-13.28.2 libvirt-admin-5.1.0-13.28.2 libvirt-admin-debuginfo-5.1.0-13.28.2 libvirt-client-5.1.0-13.28.2 libvirt-client-debuginfo-5.1.0-13.28.2 libvirt-daemon-5.1.0-13.28.2 libvirt-daemon-config-network-5.1.0-13.28.2 libvirt-daemon-config-nwfilter-5.1.0-13.28.2 libvirt-daemon-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-interface-5.1.0-13.28.2 libvirt-daemon-driver-interface-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-lxc-5.1.0-13.28.2 libvirt-daemon-driver-lxc-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-network-5.1.0-13.28.2 libvirt-daemon-driver-network-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-nodedev-5.1.0-13.28.2 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-nwfilter-5.1.0-13.28.2 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-qemu-5.1.0-13.28.2 libvirt-daemon-driver-qemu-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-secret-5.1.0-13.28.2 libvirt-daemon-driver-secret-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-storage-5.1.0-13.28.2 libvirt-daemon-driver-storage-core-5.1.0-13.28.2 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-storage-disk-5.1.0-13.28.2 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-storage-iscsi-5.1.0-13.28.2 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-storage-logical-5.1.0-13.28.2 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-storage-mpath-5.1.0-13.28.2 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-13.28.2 libvirt-daemon-driver-storage-scsi-5.1.0-13.28.2 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-13.28.2 libvirt-daemon-hooks-5.1.0-13.28.2 libvirt-daemon-lxc-5.1.0-13.28.2 libvirt-daemon-qemu-5.1.0-13.28.2 libvirt-debugsource-5.1.0-13.28.2 libvirt-doc-5.1.0-13.28.2 libvirt-libs-5.1.0-13.28.2 libvirt-libs-debuginfo-5.1.0-13.28.2 libvirt-lock-sanlock-5.1.0-13.28.2 libvirt-lock-sanlock-debuginfo-5.1.0-13.28.2 libvirt-nss-5.1.0-13.28.2 libvirt-nss-debuginfo-5.1.0-13.28.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-13.28.2 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-13.28.2 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libvirt-daemon-driver-libxl-5.1.0-13.28.2 libvirt-daemon-driver-libxl-debuginfo-5.1.0-13.28.2 libvirt-daemon-xen-5.1.0-13.28.2 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1190420 https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1192017 https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Wed Jan 5 20:27:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 5 Jan 2022 21:27:08 +0100 (CET) Subject: SUSE-RU-2022:0027-1: moderate: Recommended update for powerpc-utils Message-ID: <20220105202708.45143FF21@maintenance.suse.de> SUSE Recommended Update: Recommended update for powerpc-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0027-1 Rating: moderate References: #1180129 #1180854 #1181956 #1182020 #1183496 #1183695 #1183958 #1184136 #1186487 #1187148 #1187182 #1189015 #1189571 #1192095 SLE-13291 SLE-13292 SLE-13837 SLE-18645 SLE-22999 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has 14 recommended fixes and contains 5 features can now be installed. Description: This update for powerpc-utils fixes the following issues: - Implement ECO (jsc#SLE-22999) - Avoid error with HCN IDs containing same consecutive bytes (bsc#1192095 ltc#194963). - Optimize lsdevinfo filtering to prevent LPM timeouts (bsc#1189571 ltc#193419). - Update to version 1.3.9 (jsc#SLE-18645, bsc#1189015). - Remove upstreamed patches - Bring up the members of HNV link together with the HNV link (bsc#1187182 ltc#192954). - When detecting HNV connection list all connections, not only active ones (bsc#1187148 ltc#192985). - Don't install /sbin/lsprop if usrmerged - Fix memore remove by index (bsc#1183958 ltc#192149). - Take into account NUMA topology when removing memory (bsc#1183958 ltc#192149). - The Install section of hcn-init should also refer to NetworkManager (bsc#1184136 ltc#192155). - Require vim when NetworkManager is installed (bsc#1184136 ltc#192155). - Start hcn-init with NetworkManager (bsc#1184136 ltc#192155). - Add --version option to the ppc64_cpu usage (bsc#1183695 ltc#189235). - ofpathname: Use NVMe controller physical nsid (bsc#1182020 ltc#191360). - HNV fixes (only NetworkManager supported) (jsc#SLE-13837 bsc#1181956 ltc#190722). - Fix ofpathname race with udev rename (bsc#1183496 ltc#191534). - Fixes for hybrid network virtualization (jsc#SLE-13837 bsc#1180129 ltc#190387) - Update to upstream version 1.3.8 (jsc#SLE-13291, jsc#SLE-13292, bsc#1180854 ltc#170517, bsc#1186487 ltc#177613) - Drop version suffix hack - Fix --with-systemd argument - Drop compatibility patch - we are no longer near compatible with 1.3.6 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-27=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP2 (ppc64le): powerpc-utils-1.3.9-6.1.6.2 powerpc-utils-debuginfo-1.3.9-6.1.6.2 powerpc-utils-debugsource-1.3.9-6.1.6.2 References: https://bugzilla.suse.com/1180129 https://bugzilla.suse.com/1180854 https://bugzilla.suse.com/1181956 https://bugzilla.suse.com/1182020 https://bugzilla.suse.com/1183496 https://bugzilla.suse.com/1183695 https://bugzilla.suse.com/1183958 https://bugzilla.suse.com/1184136 https://bugzilla.suse.com/1186487 https://bugzilla.suse.com/1187148 https://bugzilla.suse.com/1187182 https://bugzilla.suse.com/1189015 https://bugzilla.suse.com/1189571 https://bugzilla.suse.com/1192095 From sle-updates at lists.suse.com Thu Jan 6 07:26:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:26:09 +0100 (CET) Subject: SUSE-CU-2022:14-1: Security update of ses/7/prometheus-webhook-snmp Message-ID: <20220106072609.B6330FF27@maintenance.suse.de> SUSE Container Update Advisory: ses/7/prometheus-webhook-snmp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:14-1 Container Tags : ses/7/prometheus-webhook-snmp:1.4 , ses/7/prometheus-webhook-snmp:1.4.1.378 , ses/7/prometheus-webhook-snmp:latest , ses/7/prometheus-webhook-snmp:sle15.2.octopus Container Release : 1.378 Severity : critical Type : security References : 1027496 1029961 1113013 1122417 1125886 1134353 1161276 1162581 1171962 1172973 1172974 1174504 1174504 1177460 1178236 1179416 1180064 1180125 1183085 1183374 1183543 1183545 1183632 1183659 1183858 1184994 1185016 1185299 1185524 1185588 1186489 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187338 1187425 1187466 1187512 1187654 1187668 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188156 1188291 1188344 1188435 1188548 1188623 1188713 1188921 1189031 1189241 1189287 1189480 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192688 1192717 1193480 1193481 1193521 CVE-2016-10228 CVE-2019-20838 CVE-2020-14155 CVE-2020-29361 CVE-2021-20266 CVE-2021-20271 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-3421 CVE-2021-3426 CVE-2021-35942 CVE-2021-3733 CVE-2021-3737 CVE-2021-37600 CVE-2021-37750 CVE-2021-39537 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/prometheus-webhook-snmp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:08 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4015-1 Released: Mon Dec 13 17:16:00 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187338,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3737: Fixed http client infinite line reading (DoS) after a http 100. (bsc#1189241) - CVE-2021-3733: Fixed ReDoS in urllib.request. (bsc#1189287) - CVE-2021-3426: Fixed an information disclosure via pydoc. (bsc#1183374) - Rebuild to get new headers, avoid building in support for stropts.h (bsc#1187338). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - file-magic-5.32-7.14.1 updated - glibc-2.26-13.62.1 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.33.2-4.16.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libpython3_6m1_0-3.6.15-3.91.3 updated - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libuuid1-2.33.2-4.16.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - pam-1.3.0-6.50.1 updated - permissions-20181225-23.9.1 updated - python3-base-3.6.15-3.91.3 updated - rpm-4.14.1-22.4.2 updated - terminfo-base-6.1-5.9.1 updated - timezone-2021e-75.4.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-9.5.71 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Thu Jan 6 07:26:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:26:58 +0100 (CET) Subject: SUSE-CU-2022:15-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220106072658.2B1FEFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:15-1 Container Tags : bci/dotnet-aspnet:3.1 Container Release : 7.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:27:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:27:10 +0100 (CET) Subject: SUSE-CU-2022:16-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220106072710.F1429FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:16-1 Container Tags : bci/dotnet-aspnet:6.0 Container Release : 4.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:27:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:27:34 +0100 (CET) Subject: SUSE-CU-2022:17-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220106072734.6C8EDFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:17-1 Container Tags : bci/dotnet-aspnet:5.0 Container Release : 7.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:28:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:28:25 +0100 (CET) Subject: SUSE-CU-2022:18-1: Recommended update of bci/dotnet-sdk Message-ID: <20220106072825.C2BAAFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:18-1 Container Tags : bci/dotnet-sdk:3.1 Container Release : 14.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:28:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:28:38 +0100 (CET) Subject: SUSE-CU-2022:19-1: Recommended update of bci/dotnet-sdk Message-ID: <20220106072838.47951FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:19-1 Container Tags : bci/dotnet-sdk:6.0 Container Release : 4.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:29:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:29:25 +0100 (CET) Subject: SUSE-CU-2022:20-1: Recommended update of bci/dotnet-runtime Message-ID: <20220106072925.C6902FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:20-1 Container Tags : bci/dotnet-runtime:3.1 Container Release : 16.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:29:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:29:37 +0100 (CET) Subject: SUSE-CU-2022:21-1: Recommended update of bci/dotnet-runtime Message-ID: <20220106072937.AD456FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:21-1 Container Tags : bci/dotnet-runtime:6.0 Container Release : 4.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:30:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:30:11 +0100 (CET) Subject: SUSE-CU-2022:22-1: Recommended update of bci/dotnet-runtime Message-ID: <20220106073011.ACD3FFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:22-1 Container Tags : bci/dotnet-runtime:5.0 Container Release : 14.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:30:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:30:46 +0100 (CET) Subject: SUSE-CU-2022:23-1: Recommended update of bci/dotnet-sdk Message-ID: <20220106073046.683A0FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:23-1 Container Tags : bci/dotnet-sdk:5.0 Container Release : 13.8 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china The following package changes have been done: - timezone-2021e-75.4.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:31:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:31:24 +0100 (CET) Subject: SUSE-CU-2022:24-1: Security update of bci/golang Message-ID: <20220106073124.4EF12FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:24-1 Container Tags : bci/golang:1.16 Container Release : 6.24 Severity : important Type : security References : 1029961 1113013 1161276 1162581 1174504 1174504 1182345 1187654 1190401 1191563 1191592 1192248 1192423 1192688 1192717 1192858 1193480 1193597 1193598 1193759 CVE-2021-43618 CVE-2021-44716 CVE-2021-44717 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4169-1 Released: Thu Dec 23 09:52:43 2021 Summary: Security update for go1.16 Type: security Severity: moderate References: 1182345,1193597,1193598,CVE-2021-44716,CVE-2021-44717 This update for go1.16 fixes the following issues: Updated to upstream version 1.16.12 to include security fixes to the compiler, syscall, runtime, the net/http, net/http/httptest, and time packages (bsc#1182345) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - glibc-devel-2.31-9.6.1 updated - glibc-2.31-9.6.1 updated - go1.16-1.16.12-1.37.2 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libsystemd0-246.16-7.28.1 updated - libudev1-246.16-7.28.1 updated - libz1-1.2.11-3.24.1 updated - permissions-20181225-23.9.1 updated - system-group-hardware-20170617-17.3.1 updated - container:sles15-image-15.0.0-17.8.54 updated From sle-updates at lists.suse.com Thu Jan 6 07:31:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:31:56 +0100 (CET) Subject: SUSE-CU-2022:25-1: Security update of bci/golang Message-ID: <20220106073156.2395EFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:25-1 Container Tags : bci/golang:1.17 Container Release : 4.26 Severity : important Type : security References : 1029961 1113013 1161276 1162581 1174504 1174504 1187654 1190401 1190649 1191563 1191592 1192248 1192423 1192688 1192717 1192858 1193480 1193597 1193598 1193759 CVE-2021-43618 CVE-2021-44716 CVE-2021-44717 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4186-1 Released: Thu Dec 23 12:35:45 2021 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1193597,1193598,CVE-2021-44716,CVE-2021-44717 This update for go1.17 fixes the following issues: Updated to upstream version 1.17.5 to include fixes to the compiler, linker, syscall, runtime, the net/http, go/types, and time packages (bsc#1190649) - CVE-2021-44717: syscall: don't close fd 0 on ForkExec error (bsc#1193598). - CVE-2021-44716: net/http: limit growth of header canonicalization cache (bsc#1193597). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - glibc-devel-2.31-9.6.1 updated - glibc-2.31-9.6.1 updated - go1.17-1.17.5-1.14.2 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libsystemd0-246.16-7.28.1 updated - libudev1-246.16-7.28.1 updated - libz1-1.2.11-3.24.1 updated - permissions-20181225-23.9.1 updated - system-group-hardware-20170617-17.3.1 updated - container:sles15-image-15.0.0-17.8.55 updated From sle-updates at lists.suse.com Thu Jan 6 07:32:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:32:18 +0100 (CET) Subject: SUSE-CU-2022:26-1: Security update of bci/init Message-ID: <20220106073218.750AEFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:26-1 Container Tags : bci/init:15.3 , bci/init:15.3.4.30 , bci/init:latest Container Release : 4.30 Severity : important Type : security References : 1161276 1174504 1183905 1187196 1190401 1191532 1191592 1191690 1192423 1192688 1192717 1192858 1193181 1193430 1193480 1193759 CVE-2021-43618 ----------------------------------------------------------------- The container bci/init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - glibc-2.31-9.6.1 updated - kmod-29-4.15.1 updated - libapparmor1-2.13.6-3.8.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libkmod2-29-4.15.1 updated - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libsystemd0-246.16-7.28.1 updated - libudev1-246.16-7.28.1 updated - libz1-1.2.11-3.24.1 updated - permissions-20181225-23.9.1 updated - suse-module-tools-15.3.15-3.17.1 updated - system-group-hardware-20170617-17.3.1 updated - system-group-kvm-20170617-17.3.1 updated - systemd-246.16-7.28.1 updated - udev-246.16-7.28.1 updated - container:sles15-image-15.0.0-17.8.55 updated From sle-updates at lists.suse.com Thu Jan 6 07:32:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:32:31 +0100 (CET) Subject: SUSE-CU-2022:27-1: Security update of bci/micro Message-ID: <20220106073231.97DF6FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:27-1 Container Tags : bci/micro:15.3 , bci/micro:15.3.4.9 , bci/micro:latest Container Release : 4.9 Severity : moderate Type : security References : 1191592 1192717 CVE-2021-43618 ----------------------------------------------------------------- The container bci/micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) The following package changes have been done: - glibc-2.31-9.6.1 updated - libgmp10-6.1.2-4.9.1 updated From sle-updates at lists.suse.com Thu Jan 6 07:32:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:32:46 +0100 (CET) Subject: SUSE-CU-2022:28-1: Security update of bci/minimal Message-ID: <20220106073246.5FE6BFF27@maintenance.suse.de> SUSE Container Update Advisory: bci/minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:28-1 Container Tags : bci/minimal:15.3 , bci/minimal:15.3.14.23 , bci/minimal:latest Container Release : 14.23 Severity : moderate Type : security References : 1191592 1192688 1192717 1193480 CVE-2021-43618 ----------------------------------------------------------------- The container bci/minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) The following package changes have been done: - glibc-2.31-9.6.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libz1-1.2.11-3.24.1 updated - container:micro-image-15.3.0-4.9 updated From sle-updates at lists.suse.com Thu Jan 6 07:33:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:33:18 +0100 (CET) Subject: SUSE-CU-2022:29-1: Security update of bci/openjdk-devel Message-ID: <20220106073318.DFB51FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:29-1 Container Tags : bci/openjdk-devel:11 Container Release : 6.1 Severity : important Type : security References : 1029961 1113013 1161276 1162581 1174504 1174504 1180064 1183137 1186071 1187153 1187273 1187654 1187993 1188623 1190356 1190401 1190440 1190975 1190984 1191286 1191324 1191370 1191563 1191592 1191609 1191736 1192023 1192160 1192161 1192248 1192337 1192423 1192436 1192688 1192717 1192858 1193170 1193480 1193759 CVE-2020-29361 CVE-2021-28041 CVE-2021-41617 CVE-2021-43527 CVE-2021-43618 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:12-1 Released: Mon Jan 3 15:36:03 2022 Summary: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff Type: recommended Severity: moderate References: This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix: - Ship some missing binaries to PackageHub. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - git-core-2.31.1-10.6.1 updated - glibc-2.31-9.6.1 updated - libcrack2-2.9.7-11.6.1 updated - libfreebl3-hmac-3.68.1-3.61.1 updated - libfreebl3-3.68.1-3.61.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libjpeg8-8.1.2-32.2.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libp11-kit0-0.23.2-4.13.1 updated - libsoftokn3-hmac-3.68.1-3.61.1 updated - libsoftokn3-3.68.1-3.61.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.28.1 updated - libudev1-246.16-7.28.1 updated - libxcb1-1.13-3.7.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - mozilla-nss-certs-3.68.1-3.61.1 updated - mozilla-nss-3.68.1-3.61.1 updated - openssh-clients-8.4p1-3.9.1 updated - openssh-common-8.4p1-3.9.1 updated - openssh-fips-8.4p1-3.9.1 updated - openssl-1_1-1.1.1d-11.33.2 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - permissions-20181225-23.9.1 updated - rpm-config-SUSE-1-5.6.1 updated - system-group-hardware-20170617-17.3.1 updated - zypper-1.14.50-21.1 updated - container:openjdk11-image-15.3.0-6.23 updated From sle-updates at lists.suse.com Thu Jan 6 07:33:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:33:49 +0100 (CET) Subject: SUSE-CU-2022:30-1: Security update of bci/openjdk Message-ID: <20220106073349.37304FF27@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:30-1 Container Tags : bci/openjdk:11 Container Release : 6.23 Severity : important Type : security References : 1029961 1113013 1161276 1162581 1174504 1174504 1180064 1186071 1187153 1187273 1187654 1187993 1188623 1190356 1190401 1190440 1190984 1191286 1191324 1191370 1191563 1191592 1191609 1191736 1192160 1192161 1192248 1192337 1192423 1192436 1192688 1192717 1192858 1193170 1193480 1193759 CVE-2020-29361 CVE-2021-43527 CVE-2021-43618 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3934-1 Released: Mon Dec 6 13:22:27 2021 Summary: Security update for mozilla-nss Type: security Severity: important References: 1193170,CVE-2021-43527 This update for mozilla-nss fixes the following issues: Update to version 3.68.1: - CVE-2021-43527: Fixed a Heap overflow in NSS when verifying DER-encoded DSA or RSA-PSS signatures (bsc#1193170). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3980-1 Released: Thu Dec 9 16:42:19 2021 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1191592 glibc was updated to fix the following issue: - Support for new IBM Z Hardware (bsc#1191592, jsc#IBM-869) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:12-1 Released: Mon Jan 3 15:36:03 2022 Summary: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff Type: recommended Severity: moderate References: This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix: - Ship some missing binaries to PackageHub. The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - glibc-2.31-9.6.1 updated - libcrack2-2.9.7-11.6.1 updated - libfreebl3-hmac-3.68.1-3.61.1 updated - libfreebl3-3.68.1-3.61.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libjpeg8-8.1.2-32.2.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libopenssl1_1-hmac-1.1.1d-11.33.2 updated - libopenssl1_1-1.1.1d-11.33.2 updated - libp11-kit0-0.23.2-4.13.1 updated - libsoftokn3-hmac-3.68.1-3.61.1 updated - libsoftokn3-3.68.1-3.61.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.28.1 updated - libudev1-246.16-7.28.1 updated - libxcb1-1.13-3.7.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - mozilla-nss-certs-3.68.1-3.61.1 updated - mozilla-nss-3.68.1-3.61.1 updated - openssl-1_1-1.1.1d-11.33.2 updated - p11-kit-tools-0.23.2-4.13.1 updated - p11-kit-0.23.2-4.13.1 updated - permissions-20181225-23.9.1 updated - rpm-config-SUSE-1-5.6.1 updated - system-group-hardware-20170617-17.3.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-17.8.55 updated From sle-updates at lists.suse.com Thu Jan 6 07:34:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 08:34:29 +0100 (CET) Subject: SUSE-CU-2022:31-1: Recommended update of suse/sle15 Message-ID: <20220106073429.43098FF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:31-1 Container Tags : suse/sle15:15.4 , suse/sle15:15.4.150400.21.61 Container Release : 150400.21.61 Severity : moderate Type : recommended References : 1029961 1113013 1180603 1187654 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records The following package changes have been done: - bash-4.4-150400.23.43 updated - cpio-2.13-150400.1.30 updated - crypto-policies-20210917.c9d86d1-150400.1.3 updated - libblkid1-2.37.2-150400.2.15 updated - libbz2-1-1.0.8-150400.1.44 updated - libcom_err2-1.46.4-150400.1.16 updated - libdw1-0.185-150400.2.44 updated - libelf1-0.185-150400.2.44 updated - libfdisk1-2.37.2-150400.2.15 updated - libgcrypt20-hmac-1.9.4-150400.1.56 updated - libgcrypt20-1.9.4-150400.1.56 updated - libglib-2_0-0-2.70.1-150400.1.1 updated - libgpg-error0-1.42-150400.1.54 updated - libgpgme11-1.16.0-150400.1.29 updated - libkeyutils1-1.6.3-5.6.1 updated - libmount1-2.37.2-150400.2.15 updated - libopenssl1_1-hmac-1.1.1l-150400.2.28 updated - libopenssl1_1-1.1.1l-150400.2.28 updated - libreadline7-7.0-150400.23.43 updated - libsmartcols1-2.37.2-150400.2.15 updated - libsolv-tools-0.7.20-150400.1.7 updated - libsystemd0-249.7-150400.1.21 updated - libudev1-249.7-150400.1.21 updated - libuuid1-2.37.2-150400.2.15 updated - libzstd1-1.5.0-150400.1.10 updated - login_defs-4.8.1-150400.7.19 updated - openssl-1_1-1.1.1l-150400.2.28 updated - rpm-config-SUSE-1-150400.11.20 updated - shadow-4.8.1-150400.7.19 updated - sles-release-15.4-150400.30.2 updated - system-group-hardware-20170617-150400.21.19 updated - util-linux-2.37.2-150400.2.15 updated From sle-updates at lists.suse.com Thu Jan 6 14:17:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 15:17:58 +0100 (CET) Subject: SUSE-RU-2022:0035-1: Recommended update for telnet Message-ID: <20220106141758.99344FF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for telnet ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0035-1 Rating: low References: #1129925 Affected Products: SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for telnet fixes the following issues: - Update Source location to use Gentoo mirror, fixes bsc#1129925 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-35=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-35=1 Package List: - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): telnet-debuginfo-1.2-3.3.1 telnet-debugsource-1.2-3.3.1 telnet-server-1.2-3.3.1 telnet-server-debuginfo-1.2-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): telnet-1.2-3.3.1 telnet-debuginfo-1.2-3.3.1 telnet-debugsource-1.2-3.3.1 References: https://bugzilla.suse.com/1129925 From sle-updates at lists.suse.com Thu Jan 6 17:16:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 18:16:44 +0100 (CET) Subject: SUSE-RU-2022:0036-1: moderate: Recommended update for libzypp Message-ID: <20220106171644.4CBAEFF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0036-1 Rating: moderate References: #1193488 #954813 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-36=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-36=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-36=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-36=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-36=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libzypp-17.29.0-3.81.1 libzypp-debuginfo-17.29.0-3.81.1 libzypp-debugsource-17.29.0-3.81.1 libzypp-devel-17.29.0-3.81.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libzypp-17.29.0-3.81.1 libzypp-debuginfo-17.29.0-3.81.1 libzypp-debugsource-17.29.0-3.81.1 libzypp-devel-17.29.0-3.81.1 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libzypp-17.29.0-3.81.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libzypp-17.29.0-3.81.1 libzypp-debuginfo-17.29.0-3.81.1 libzypp-debugsource-17.29.0-3.81.1 libzypp-devel-17.29.0-3.81.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libzypp-17.29.0-3.81.1 libzypp-debuginfo-17.29.0-3.81.1 libzypp-debugsource-17.29.0-3.81.1 libzypp-devel-17.29.0-3.81.1 References: https://bugzilla.suse.com/1193488 https://bugzilla.suse.com/954813 From sle-updates at lists.suse.com Thu Jan 6 17:18:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 6 Jan 2022 18:18:06 +0100 (CET) Subject: SUSE-RU-2022:0037-1: moderate: Recommended update for s3fs Message-ID: <20220106171806.9A738FF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for s3fs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0037-1 Rating: moderate References: #1193236 SLE-23102 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for s3fs fixes the following issues: - Update to version 1.90 (bsc#1193236) + Don't ignore nomultipart when storage is low + Fix POSIX compatibility issues found by pjdfstest + Fail CheckBucket when S3 returns PermanentRedirect + Do not create zero-byte object when creating file + Allow arbitrary size AWS secret keys + Fix race conditions + Set explicit Content-Length: 0 when initiating MPU + Set CURLOPT_UNRESTRICTED_AUTH when authenticating + Add jitter to avoid thundering herd + Loosen CheckBucket to check only the bucket + Add support for AWS-style environment variables - Update to version 1.89 + Fix a regression when writing objects larger than 10 GB during periodic dirty data flush (on by default). + Propagate S3 errors to errno more accurately + Allow writing > 5 GB single-part objects supported by some non-AWS S3 + Allow configuration of multipart copy size and limit to 5 GB + Allow configuration of multipart upload threshold and reduce default to 25 MB + Set default stat timeout to 900 seconds correctly + Fix data corruption while updating metadata with use_cache - Update to version 1.88 + Fixed a bug about move file over limit of ensure space + Fix multiple race conditions + Dynamically determine whether lseek extended options are supported + Add support for deep archive storage class + Plug FdEntity leaks + Fix use_session_token option parsing + Allow 32-bit platforms to upload single-part objects > 2 GB + Fix dead lock in disk insufficient and optimize code + Ensure environment variable is set when using ECS + Do not call put headers if not exist pending meta + Do not send SSE headers during bucket creation + Add sigv4 only option + Add atime and correct atime/mtime/ctime operations + Fixed a bug that symlink could not be read after restarting s3fs + Periodically flush written data to reduce temporary local storage + Added logfile option for non-syslog logging + Add AWS IMDSv2 support + Fix multiple issues when retrying requests - Update to version 1.87 + use correct content-type when complete multipart upload + Fixed a bug of stats cache compression + Fixed the truncation bug of stat file for cache file + Improved strictness of cache file stats(file) + Fixed insufficient upload size for mix multipart upload + Warn about missing MIME types instead of exiting + Not abort process by exception threw from s3fs_strtoofft + Support Google Cloud Storage headers + Added a parameter to output body to curldbg option + Fix renames of open files with nocopyapi option + Relink cache stats file atomically via rename + Ignore case when comparing ETags + Retry with exponential backoff during 500 error + Fixed a bug about serializing from cache file + Fixed about ParallelMixMultipartUpload + Add support for glacier storage class + Fixed upload error about mixuploading sparse file and truncating file + Added SIGUSR1 option for cache file integrity test + Change default stat_cache_expire - Update to version 1.86 + enable various optimizations when using modern curl + allow SSE-C keys to have NUL bytes + add session token support + allow large files on 32-bit systems like Raspberry Pi + fix data corruption when external modification changes a cached object + fix data corruption when opening a second fd to an unflushed file + fix clock skew errors when writing large files + allow concurrent metadata queries during data operations + use server-side copy for partially modified files + fix multiple concurrency issues + add requester_pays support + add symlink cache + add intelligent_ia storage tier - Make COPYING file a license file - Update to version 1.85 + add Backblaze B2 + Fix typo s/mutliple/multiple/ + Made instructions for creating password file more obvious. + Enable big writes if capable + For RPM distributions fuse-libs is enough + Add support for storage class ONEZONE_IA. + Simplify hex conversion + New installation instructions for Fedora >= 27 and CentOS7 + Improve template for issues + Make the compilation instructions generic + Replace all mentions to MacOS X to macOS + Correct typo + Correctly compare list_object_max_keys + Allow credentials from ${HOME}/.aws/credentials + Replace ~ with ${HOME} in examples + Include StackOverflow in FAQs + Add icon for s3fs + Upload S3 parts without batching + Add 'profile' option to command line help. + fix multihead warning check + Multi-arch support for ppc64le + Correct typos in command-line parsing + Address cppcheck 1.86 errors + Check arguments and environment before .aws/creds + [curl] Assume long encryption keys are base64 encoded + Update s3fs_util.cpp for correspondence of Nextcloud contype + Add Server Fault to FAQs + Repair xattr tests + Store and retrieve file change time + Default uid/gid/mode when object lacks permissions + Emit more friendly error for buckets with dots + Flush file before renaming + Tighten up HTTP response code check + Plug memory leak + Plug memory leaks + Avoid pass-by-value when not necessary + Prefer find(char) over find(const char *) + Remove unnecessary calls to std::string::c_str + Fix comparison in s3fs_strtoofft + Prefer HTTPS links where possible + Added an error message when HTTP 301 status + Ignore after period character of floating point in x-amz-meta-mtime + Added a missing extension to .gitignore, and formatted dot files + Added detail error message when HTTP 301/307 status + Automatic region change made possible other than us-east-1(default) + Prefer abort over assert(false) + Issue readdir HEAD requests without batching + Reference better-known AWS CLI for compatibility + Load tail range during overwrite + Add test for mv non-empty directory + Remove unnecessary string copies + Remove redundant string initializations + Reverted automatic region change and changed messages + Prefer empty over size checks + Remove redundant null checks before delete + Accept paths with : in them + Correct enable_content_md5 docs + Correct sigv2 typo + Prefer AutoLock for synchronization + Remove mirror path when deleting cache + Checked and corrected all typo + Disable malloc_trim + Remove unneeded void parameter + Prefer specific [io]stringstream where possible + Copy parts in parallel + Ensure s3fs compiles with C++03 + Return not supported when hard linking + Repair utility mode + Simplify async request completion code + Add logging for too many parts + Implement exponential backoff for 503 + Added S3FS_MALLOC_TRIM build switch + Added a non-interactive option to utility mode + Automatically abort failed multipart requests + Update s3ql link + Clear containers instead of individual erases + Address miscellaneous clang-tidy warnings + Upgrade to S3Proxy 1.6.1 + Document lack of inotify support + Fixed code for latest cppcheck error on OSX + Wtf8 + Work around cppcheck warnings + Improvement of curl session pool for multipart + Increase FdEntity reference count when returning + Fix lazy typo + Remove from file from stat cache during rename + Add instructions for Amazon Linux + Changed the description order of man page options + Fixed ref-count when error occurred. + Make macOS instructions consistent with others - Update to version 1.84 + Update README.md with details about .passwd-s3fs + add disk space reservation + Added Cygwin build options + reduce lock contention on file open + don't fail multirequest on single thread error + add an instance_name option for logging + FreeBSD build fixes + More useful error message for dupe entries in passwd file + cleanup curl handle state on retries + don't fail mkdir when directory exists + fix xpath selector in bucket listing + Validate the URL format for http/https + Added reset curl handle when returning to handle pool + Optimize defaults + Simplify installation for Ubuntu 16.04 + Upgrade to S3Proxy 1.6.0 + cleanup curl handles before curl share + Remove false multihead warnings + Add Debian installation instructions + Remove s3fs-python + Fixed memory leak + Revert "enable FUSE read_sync by default" + Option for IAM authentication endpoint + gnutls_auth: initialize libgcrypt + Fixed an error by cppcheck on OSX + Log messages for 5xx and 4xx HTTP response code + Instructions for SUSE and openSUSE prebuilt packages + Added list_object_max_keys option based on #783 PR Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-37=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-37=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-37=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): s3fs-1.90-3.6.1 s3fs-debuginfo-1.90-3.6.1 s3fs-debugsource-1.90-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): s3fs-1.90-3.6.1 s3fs-debuginfo-1.90-3.6.1 s3fs-debugsource-1.90-3.6.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): s3fs-1.90-3.6.1 s3fs-debuginfo-1.90-3.6.1 s3fs-debugsource-1.90-3.6.1 References: https://bugzilla.suse.com/1193236 From sle-updates at lists.suse.com Fri Jan 7 07:47:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 7 Jan 2022 08:47:13 +0100 (CET) Subject: SUSE-CU-2022:32-1: Recommended update of suse/sle15 Message-ID: <20220107074713.BE46EFF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:32-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.497 Container Release : 4.22.497 Severity : moderate Type : recommended References : 1193488 954813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:36-1 Released: Thu Jan 6 12:48:36 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1193488,954813 This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData The following package changes have been done: - libzypp-17.29.0-3.81.1 updated From sle-updates at lists.suse.com Mon Jan 10 11:16:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 12:16:53 +0100 (CET) Subject: SUSE-FU-2022:0039-1: moderate: Feature update for zxing-cpp libreoffice Message-ID: <20220110111653.94D9CFF27@maintenance.suse.de> SUSE Feature Update: Feature update for zxing-cpp libreoffice ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0039-1 Rating: moderate References: #1158377 #1180479 #1181915 #1182969 #1183655 #1186871 #1187173 #1187982 #1189813 #901968 SLE-18213 Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 9 fixes is now available. Description: This feature update for zxing-cpp and libreoffice fixes the following issues: Update LibreOffice from version 7.1.3.2 to 7.2.3.2 (jsc#SLE-18213): - Fix external URL connections issues when WebDav is built using `libserf`. (bsc#1187173, bsc#1186871) - Fix an issue with PPTX where one column becomes two within one text frame. (bsc#1182969) - Fix inteaction between multi-column shape text and automatic height. (bsc#1187982) - Fix interaction of transparent cell fill and transparent shadow. (bsc#1189813) - Fix lost bullet mode while typing and text is not visible. - Use external `poppler` version 21.01.0 (jsc#SLE-18213) - Use external `CMIS` version 0.5.2 - Update external `boost` to version 1.75.0 - Update external `pdfium` to version 4500 - Update external `skia` to version 'm90' - Do not use `qrcodegen-devel` but move to `zxing-cpp` (jsc#SLE-18213) - Keep upstream desktop file names (bsc#1183655) - Display math icon (bsc#1180479) - Source `profile.d/alljava.sh` from either `/etc` (if found) or `/usr/etc`. Update libserf from version 1.3.7 to version 1.3.9 (jsc#SLE-18213): - `serf` is now Apache Software Foundation project - Reset state variables when resetting connection - Fix some usages of the openssl BIO api - Improve handling of bad data in the response state line - Support more overrides via SCons arguments - Adapt to OpenSSL 1.1.x api - CVE-2014-3566: Fix the handling of very large gzip-encoded HTTP responses and disables SSLv2 and SSLv3. (bsc#901968) * CRC calculation error for gzipped http reponses > 4GB. * SSPI CredHandle not freed when APR pool is destroyed. * Disable SSLv2 and SSLv3 as both are broken Provide `zxing-cpp` 1.2.0 as new LibreOffice dependency (jsc#SLE-18213): - Do not build examples to avoid a cycle with `QT5Multimedia` - Use `cmake3-full` package instead of `cmake` on SUSE Linux Enterprise 12 - Do not build examples on SUSE Linux Enterprise 12 - Only build blackbox tests on openSUSE Tumbleweed - New BarcodeFormat - New ZXingQtCamReader demo app based on `QtMultimedia` and `QtQuick` - New QRCode reader, faster and better support for rotated symbols - Add `Structured Append` support for `DataMatrix`, `Aztec` and `MaxiCode` - Add `DMRE` support for `DataMatrix` - Switch to the reimplemented 1D detectors, about 5x faster - Faster and more capable `isPure` detection for all 2D codes - 20% faster `ReedSolomon` error correction. - `ReedSolomon` error detection code 2x speedup. - PDF417 is faster and supports flipped symbols - Reduced false positive rate for `UPC/EAN` barcodes and improved Add-On symbol handling - Fix country-code metadata decoding for UPC/EAN codes. - Proper ECI handling in all 2D barcodes - Add `baselibs.conf` - Many performance improvements for 1D readers - More meta-data exported when reading specific format - Improve DataMatrix encoder - Add interface to simplify basic usage - WASM API to support pixels array as input - 'LuminanceSource' based API is now deprecated but still compiles. - New BarcodeFormats flag type to specify the set of barcodes to look for. - New simplified and consistent Python API - Slightly improved QRCode detection for rotated symbols. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-39=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-39=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libZXing1-1.2.0-8.3.3 libreoffice-7.2.3.2-48.11.4 libreoffice-base-7.2.3.2-48.11.4 libreoffice-base-debuginfo-7.2.3.2-48.11.4 libreoffice-base-drivers-postgresql-7.2.3.2-48.11.4 libreoffice-base-drivers-postgresql-debuginfo-7.2.3.2-48.11.4 libreoffice-calc-7.2.3.2-48.11.4 libreoffice-calc-debuginfo-7.2.3.2-48.11.4 libreoffice-calc-extensions-7.2.3.2-48.11.4 libreoffice-debuginfo-7.2.3.2-48.11.4 libreoffice-debugsource-7.2.3.2-48.11.4 libreoffice-draw-7.2.3.2-48.11.4 libreoffice-draw-debuginfo-7.2.3.2-48.11.4 libreoffice-filters-optional-7.2.3.2-48.11.4 libreoffice-gnome-7.2.3.2-48.11.4 libreoffice-gnome-debuginfo-7.2.3.2-48.11.4 libreoffice-gtk3-7.2.3.2-48.11.4 libreoffice-gtk3-debuginfo-7.2.3.2-48.11.4 libreoffice-impress-7.2.3.2-48.11.4 libreoffice-impress-debuginfo-7.2.3.2-48.11.4 libreoffice-librelogo-7.2.3.2-48.11.4 libreoffice-mailmerge-7.2.3.2-48.11.4 libreoffice-math-7.2.3.2-48.11.4 libreoffice-math-debuginfo-7.2.3.2-48.11.4 libreoffice-officebean-7.2.3.2-48.11.4 libreoffice-officebean-debuginfo-7.2.3.2-48.11.4 libreoffice-pyuno-7.2.3.2-48.11.4 libreoffice-pyuno-debuginfo-7.2.3.2-48.11.4 libreoffice-writer-7.2.3.2-48.11.4 libreoffice-writer-debuginfo-7.2.3.2-48.11.4 libreoffice-writer-extensions-7.2.3.2-48.11.4 libserf-1-1-1.3.9-9.5.3 libserf-1-1-debuginfo-1.3.9-9.5.3 libserf-debugsource-1.3.9-9.5.3 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-7.2.3.2-48.11.4 libreoffice-icon-themes-7.2.3.2-48.11.4 libreoffice-l10n-af-7.2.3.2-48.11.4 libreoffice-l10n-ar-7.2.3.2-48.11.4 libreoffice-l10n-bg-7.2.3.2-48.11.4 libreoffice-l10n-ca-7.2.3.2-48.11.4 libreoffice-l10n-cs-7.2.3.2-48.11.4 libreoffice-l10n-da-7.2.3.2-48.11.4 libreoffice-l10n-de-7.2.3.2-48.11.4 libreoffice-l10n-en-7.2.3.2-48.11.4 libreoffice-l10n-es-7.2.3.2-48.11.4 libreoffice-l10n-fi-7.2.3.2-48.11.4 libreoffice-l10n-fr-7.2.3.2-48.11.4 libreoffice-l10n-gu-7.2.3.2-48.11.4 libreoffice-l10n-hi-7.2.3.2-48.11.4 libreoffice-l10n-hr-7.2.3.2-48.11.4 libreoffice-l10n-hu-7.2.3.2-48.11.4 libreoffice-l10n-it-7.2.3.2-48.11.4 libreoffice-l10n-ja-7.2.3.2-48.11.4 libreoffice-l10n-ko-7.2.3.2-48.11.4 libreoffice-l10n-lt-7.2.3.2-48.11.4 libreoffice-l10n-nb-7.2.3.2-48.11.4 libreoffice-l10n-nl-7.2.3.2-48.11.4 libreoffice-l10n-nn-7.2.3.2-48.11.4 libreoffice-l10n-pl-7.2.3.2-48.11.4 libreoffice-l10n-pt_BR-7.2.3.2-48.11.4 libreoffice-l10n-pt_PT-7.2.3.2-48.11.4 libreoffice-l10n-ro-7.2.3.2-48.11.4 libreoffice-l10n-ru-7.2.3.2-48.11.4 libreoffice-l10n-sk-7.2.3.2-48.11.4 libreoffice-l10n-sv-7.2.3.2-48.11.4 libreoffice-l10n-uk-7.2.3.2-48.11.4 libreoffice-l10n-xh-7.2.3.2-48.11.4 libreoffice-l10n-zh_CN-7.2.3.2-48.11.4 libreoffice-l10n-zh_TW-7.2.3.2-48.11.4 libreoffice-l10n-zu-7.2.3.2-48.11.4 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libZXing1-1.2.0-8.3.3 libZXing1-debuginfo-1.2.0-8.3.3 libserf-1-1-1.3.9-9.5.3 libserf-1-1-debuginfo-1.3.9-9.5.3 libserf-debugsource-1.3.9-9.5.3 libserf-devel-1.3.9-9.5.3 zxing-cpp-debugsource-1.2.0-8.3.3 zxing-cpp-devel-1.2.0-8.3.3 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-7.2.3.2-48.11.4 libreoffice-debugsource-7.2.3.2-48.11.4 libreoffice-sdk-7.2.3.2-48.11.4 libreoffice-sdk-debuginfo-7.2.3.2-48.11.4 References: https://www.suse.com/security/cve/CVE-2014-3566.html https://bugzilla.suse.com/1158377 https://bugzilla.suse.com/1180479 https://bugzilla.suse.com/1181915 https://bugzilla.suse.com/1182969 https://bugzilla.suse.com/1183655 https://bugzilla.suse.com/1186871 https://bugzilla.suse.com/1187173 https://bugzilla.suse.com/1187982 https://bugzilla.suse.com/1189813 https://bugzilla.suse.com/901968 From sle-updates at lists.suse.com Mon Jan 10 14:17:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 15:17:01 +0100 (CET) Subject: SUSE-SU-2022:0040-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Message-ID: <20220110141701.C2216FF27@maintenance.suse.de> SUSE Security Update: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0040-1 Rating: important References: #1190587 #1190839 #1193930 Cross-References: CVE-2021-43565 CVSS scores: CVE-2021-43565 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-40=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64): kubevirt-manifests-0.45.0-8.7.1 kubevirt-virtctl-0.45.0-8.7.1 kubevirt-virtctl-debuginfo-0.45.0-8.7.1 References: https://www.suse.com/security/cve/CVE-2021-43565.html https://bugzilla.suse.com/1190587 https://bugzilla.suse.com/1190839 https://bugzilla.suse.com/1193930 From sle-updates at lists.suse.com Mon Jan 10 14:19:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 15:19:31 +0100 (CET) Subject: SUSE-SU-2022:0042-1: important: Security update for libvirt Message-ID: <20220110141931.5A020FF27@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0042-1 Rating: important References: #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-42=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-42=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-42=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-42=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libvirt-4.0.0-8.26.1 libvirt-admin-4.0.0-8.26.1 libvirt-admin-debuginfo-4.0.0-8.26.1 libvirt-client-4.0.0-8.26.1 libvirt-client-debuginfo-4.0.0-8.26.1 libvirt-daemon-4.0.0-8.26.1 libvirt-daemon-config-network-4.0.0-8.26.1 libvirt-daemon-config-nwfilter-4.0.0-8.26.1 libvirt-daemon-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-interface-4.0.0-8.26.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-libxl-4.0.0-8.26.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-lxc-4.0.0-8.26.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-network-4.0.0-8.26.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-qemu-4.0.0-8.26.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-secret-4.0.0-8.26.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-hooks-4.0.0-8.26.1 libvirt-daemon-lxc-4.0.0-8.26.1 libvirt-daemon-qemu-4.0.0-8.26.1 libvirt-daemon-xen-4.0.0-8.26.1 libvirt-debugsource-4.0.0-8.26.1 libvirt-doc-4.0.0-8.26.1 libvirt-libs-4.0.0-8.26.1 libvirt-libs-debuginfo-4.0.0-8.26.1 libvirt-lock-sanlock-4.0.0-8.26.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.26.1 libvirt-nss-4.0.0-8.26.1 libvirt-nss-debuginfo-4.0.0-8.26.1 - SUSE OpenStack Cloud 9 (x86_64): libvirt-4.0.0-8.26.1 libvirt-admin-4.0.0-8.26.1 libvirt-admin-debuginfo-4.0.0-8.26.1 libvirt-client-4.0.0-8.26.1 libvirt-client-debuginfo-4.0.0-8.26.1 libvirt-daemon-4.0.0-8.26.1 libvirt-daemon-config-network-4.0.0-8.26.1 libvirt-daemon-config-nwfilter-4.0.0-8.26.1 libvirt-daemon-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-interface-4.0.0-8.26.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-libxl-4.0.0-8.26.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-lxc-4.0.0-8.26.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-network-4.0.0-8.26.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-qemu-4.0.0-8.26.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-secret-4.0.0-8.26.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-hooks-4.0.0-8.26.1 libvirt-daemon-lxc-4.0.0-8.26.1 libvirt-daemon-qemu-4.0.0-8.26.1 libvirt-daemon-xen-4.0.0-8.26.1 libvirt-debugsource-4.0.0-8.26.1 libvirt-doc-4.0.0-8.26.1 libvirt-libs-4.0.0-8.26.1 libvirt-libs-debuginfo-4.0.0-8.26.1 libvirt-lock-sanlock-4.0.0-8.26.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.26.1 libvirt-nss-4.0.0-8.26.1 libvirt-nss-debuginfo-4.0.0-8.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libvirt-4.0.0-8.26.1 libvirt-admin-4.0.0-8.26.1 libvirt-admin-debuginfo-4.0.0-8.26.1 libvirt-client-4.0.0-8.26.1 libvirt-client-debuginfo-4.0.0-8.26.1 libvirt-daemon-4.0.0-8.26.1 libvirt-daemon-config-network-4.0.0-8.26.1 libvirt-daemon-config-nwfilter-4.0.0-8.26.1 libvirt-daemon-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-interface-4.0.0-8.26.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-lxc-4.0.0-8.26.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-network-4.0.0-8.26.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-qemu-4.0.0-8.26.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-secret-4.0.0-8.26.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-hooks-4.0.0-8.26.1 libvirt-daemon-lxc-4.0.0-8.26.1 libvirt-daemon-qemu-4.0.0-8.26.1 libvirt-debugsource-4.0.0-8.26.1 libvirt-doc-4.0.0-8.26.1 libvirt-libs-4.0.0-8.26.1 libvirt-libs-debuginfo-4.0.0-8.26.1 libvirt-lock-sanlock-4.0.0-8.26.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.26.1 libvirt-nss-4.0.0-8.26.1 libvirt-nss-debuginfo-4.0.0-8.26.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.26.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.26.1 libvirt-daemon-xen-4.0.0-8.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libvirt-4.0.0-8.26.1 libvirt-admin-4.0.0-8.26.1 libvirt-admin-debuginfo-4.0.0-8.26.1 libvirt-client-4.0.0-8.26.1 libvirt-client-debuginfo-4.0.0-8.26.1 libvirt-daemon-4.0.0-8.26.1 libvirt-daemon-config-network-4.0.0-8.26.1 libvirt-daemon-config-nwfilter-4.0.0-8.26.1 libvirt-daemon-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-interface-4.0.0-8.26.1 libvirt-daemon-driver-interface-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-lxc-4.0.0-8.26.1 libvirt-daemon-driver-lxc-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-network-4.0.0-8.26.1 libvirt-daemon-driver-network-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-4.0.0-8.26.1 libvirt-daemon-driver-nodedev-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-4.0.0-8.26.1 libvirt-daemon-driver-nwfilter-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-qemu-4.0.0-8.26.1 libvirt-daemon-driver-qemu-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-secret-4.0.0-8.26.1 libvirt-daemon-driver-secret-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-4.0.0-8.26.1 libvirt-daemon-driver-storage-core-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-4.0.0-8.26.1 libvirt-daemon-driver-storage-disk-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-iscsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-4.0.0-8.26.1 libvirt-daemon-driver-storage-logical-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-4.0.0-8.26.1 libvirt-daemon-driver-storage-mpath-debuginfo-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-4.0.0-8.26.1 libvirt-daemon-driver-storage-scsi-debuginfo-4.0.0-8.26.1 libvirt-daemon-hooks-4.0.0-8.26.1 libvirt-daemon-lxc-4.0.0-8.26.1 libvirt-daemon-qemu-4.0.0-8.26.1 libvirt-debugsource-4.0.0-8.26.1 libvirt-doc-4.0.0-8.26.1 libvirt-libs-4.0.0-8.26.1 libvirt-libs-debuginfo-4.0.0-8.26.1 libvirt-lock-sanlock-4.0.0-8.26.1 libvirt-lock-sanlock-debuginfo-4.0.0-8.26.1 libvirt-nss-4.0.0-8.26.1 libvirt-nss-debuginfo-4.0.0-8.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-4.0.0-8.26.1 libvirt-daemon-driver-storage-rbd-debuginfo-4.0.0-8.26.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): libvirt-daemon-driver-libxl-4.0.0-8.26.1 libvirt-daemon-driver-libxl-debuginfo-4.0.0-8.26.1 libvirt-daemon-xen-4.0.0-8.26.1 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Mon Jan 10 14:22:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 15:22:14 +0100 (CET) Subject: SUSE-SU-2022:0041-1: important: Security update for libvirt Message-ID: <20220110142214.7B1B5FF27@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0041-1 Rating: important References: #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-41=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-41=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-41=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-41=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-41=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-41=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libvirt-3.3.0-5.49.1 libvirt-admin-3.3.0-5.49.1 libvirt-admin-debuginfo-3.3.0-5.49.1 libvirt-client-3.3.0-5.49.1 libvirt-client-debuginfo-3.3.0-5.49.1 libvirt-daemon-3.3.0-5.49.1 libvirt-daemon-config-network-3.3.0-5.49.1 libvirt-daemon-config-nwfilter-3.3.0-5.49.1 libvirt-daemon-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-interface-3.3.0-5.49.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-libxl-3.3.0-5.49.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-lxc-3.3.0-5.49.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-network-3.3.0-5.49.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-qemu-3.3.0-5.49.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-secret-3.3.0-5.49.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-hooks-3.3.0-5.49.1 libvirt-daemon-lxc-3.3.0-5.49.1 libvirt-daemon-qemu-3.3.0-5.49.1 libvirt-daemon-xen-3.3.0-5.49.1 libvirt-debugsource-3.3.0-5.49.1 libvirt-doc-3.3.0-5.49.1 libvirt-libs-3.3.0-5.49.1 libvirt-libs-debuginfo-3.3.0-5.49.1 libvirt-lock-sanlock-3.3.0-5.49.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.49.1 libvirt-nss-3.3.0-5.49.1 libvirt-nss-debuginfo-3.3.0-5.49.1 - SUSE OpenStack Cloud 8 (x86_64): libvirt-3.3.0-5.49.1 libvirt-admin-3.3.0-5.49.1 libvirt-admin-debuginfo-3.3.0-5.49.1 libvirt-client-3.3.0-5.49.1 libvirt-client-debuginfo-3.3.0-5.49.1 libvirt-daemon-3.3.0-5.49.1 libvirt-daemon-config-network-3.3.0-5.49.1 libvirt-daemon-config-nwfilter-3.3.0-5.49.1 libvirt-daemon-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-interface-3.3.0-5.49.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-libxl-3.3.0-5.49.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-lxc-3.3.0-5.49.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-network-3.3.0-5.49.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-qemu-3.3.0-5.49.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-secret-3.3.0-5.49.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-hooks-3.3.0-5.49.1 libvirt-daemon-lxc-3.3.0-5.49.1 libvirt-daemon-qemu-3.3.0-5.49.1 libvirt-daemon-xen-3.3.0-5.49.1 libvirt-debugsource-3.3.0-5.49.1 libvirt-doc-3.3.0-5.49.1 libvirt-libs-3.3.0-5.49.1 libvirt-libs-debuginfo-3.3.0-5.49.1 libvirt-lock-sanlock-3.3.0-5.49.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.49.1 libvirt-nss-3.3.0-5.49.1 libvirt-nss-debuginfo-3.3.0-5.49.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libvirt-3.3.0-5.49.1 libvirt-admin-3.3.0-5.49.1 libvirt-admin-debuginfo-3.3.0-5.49.1 libvirt-client-3.3.0-5.49.1 libvirt-client-debuginfo-3.3.0-5.49.1 libvirt-daemon-3.3.0-5.49.1 libvirt-daemon-config-network-3.3.0-5.49.1 libvirt-daemon-config-nwfilter-3.3.0-5.49.1 libvirt-daemon-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-interface-3.3.0-5.49.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-lxc-3.3.0-5.49.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-network-3.3.0-5.49.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-qemu-3.3.0-5.49.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-secret-3.3.0-5.49.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-hooks-3.3.0-5.49.1 libvirt-daemon-lxc-3.3.0-5.49.1 libvirt-daemon-qemu-3.3.0-5.49.1 libvirt-debugsource-3.3.0-5.49.1 libvirt-doc-3.3.0-5.49.1 libvirt-libs-3.3.0-5.49.1 libvirt-libs-debuginfo-3.3.0-5.49.1 libvirt-lock-sanlock-3.3.0-5.49.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.49.1 libvirt-nss-3.3.0-5.49.1 libvirt-nss-debuginfo-3.3.0-5.49.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.49.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.49.1 libvirt-daemon-xen-3.3.0-5.49.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libvirt-3.3.0-5.49.1 libvirt-admin-3.3.0-5.49.1 libvirt-admin-debuginfo-3.3.0-5.49.1 libvirt-client-3.3.0-5.49.1 libvirt-client-debuginfo-3.3.0-5.49.1 libvirt-daemon-3.3.0-5.49.1 libvirt-daemon-config-network-3.3.0-5.49.1 libvirt-daemon-config-nwfilter-3.3.0-5.49.1 libvirt-daemon-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-interface-3.3.0-5.49.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-lxc-3.3.0-5.49.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-network-3.3.0-5.49.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-qemu-3.3.0-5.49.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-secret-3.3.0-5.49.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-hooks-3.3.0-5.49.1 libvirt-daemon-lxc-3.3.0-5.49.1 libvirt-daemon-qemu-3.3.0-5.49.1 libvirt-debugsource-3.3.0-5.49.1 libvirt-doc-3.3.0-5.49.1 libvirt-libs-3.3.0-5.49.1 libvirt-libs-debuginfo-3.3.0-5.49.1 libvirt-lock-sanlock-3.3.0-5.49.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.49.1 libvirt-nss-3.3.0-5.49.1 libvirt-nss-debuginfo-3.3.0-5.49.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.49.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): libvirt-daemon-driver-libxl-3.3.0-5.49.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.49.1 libvirt-daemon-xen-3.3.0-5.49.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libvirt-3.3.0-5.49.1 libvirt-admin-3.3.0-5.49.1 libvirt-admin-debuginfo-3.3.0-5.49.1 libvirt-client-3.3.0-5.49.1 libvirt-client-debuginfo-3.3.0-5.49.1 libvirt-daemon-3.3.0-5.49.1 libvirt-daemon-config-network-3.3.0-5.49.1 libvirt-daemon-config-nwfilter-3.3.0-5.49.1 libvirt-daemon-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-interface-3.3.0-5.49.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-libxl-3.3.0-5.49.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-lxc-3.3.0-5.49.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-network-3.3.0-5.49.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-qemu-3.3.0-5.49.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-secret-3.3.0-5.49.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-hooks-3.3.0-5.49.1 libvirt-daemon-lxc-3.3.0-5.49.1 libvirt-daemon-qemu-3.3.0-5.49.1 libvirt-daemon-xen-3.3.0-5.49.1 libvirt-debugsource-3.3.0-5.49.1 libvirt-doc-3.3.0-5.49.1 libvirt-libs-3.3.0-5.49.1 libvirt-libs-debuginfo-3.3.0-5.49.1 libvirt-lock-sanlock-3.3.0-5.49.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.49.1 libvirt-nss-3.3.0-5.49.1 libvirt-nss-debuginfo-3.3.0-5.49.1 - HPE Helion Openstack 8 (x86_64): libvirt-3.3.0-5.49.1 libvirt-admin-3.3.0-5.49.1 libvirt-admin-debuginfo-3.3.0-5.49.1 libvirt-client-3.3.0-5.49.1 libvirt-client-debuginfo-3.3.0-5.49.1 libvirt-daemon-3.3.0-5.49.1 libvirt-daemon-config-network-3.3.0-5.49.1 libvirt-daemon-config-nwfilter-3.3.0-5.49.1 libvirt-daemon-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-interface-3.3.0-5.49.1 libvirt-daemon-driver-interface-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-libxl-3.3.0-5.49.1 libvirt-daemon-driver-libxl-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-lxc-3.3.0-5.49.1 libvirt-daemon-driver-lxc-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-network-3.3.0-5.49.1 libvirt-daemon-driver-network-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-3.3.0-5.49.1 libvirt-daemon-driver-nodedev-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-3.3.0-5.49.1 libvirt-daemon-driver-nwfilter-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-qemu-3.3.0-5.49.1 libvirt-daemon-driver-qemu-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-secret-3.3.0-5.49.1 libvirt-daemon-driver-secret-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-3.3.0-5.49.1 libvirt-daemon-driver-storage-core-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-3.3.0-5.49.1 libvirt-daemon-driver-storage-disk-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-iscsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-3.3.0-5.49.1 libvirt-daemon-driver-storage-logical-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-3.3.0-5.49.1 libvirt-daemon-driver-storage-mpath-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-3.3.0-5.49.1 libvirt-daemon-driver-storage-rbd-debuginfo-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-3.3.0-5.49.1 libvirt-daemon-driver-storage-scsi-debuginfo-3.3.0-5.49.1 libvirt-daemon-hooks-3.3.0-5.49.1 libvirt-daemon-lxc-3.3.0-5.49.1 libvirt-daemon-qemu-3.3.0-5.49.1 libvirt-daemon-xen-3.3.0-5.49.1 libvirt-debugsource-3.3.0-5.49.1 libvirt-doc-3.3.0-5.49.1 libvirt-libs-3.3.0-5.49.1 libvirt-libs-debuginfo-3.3.0-5.49.1 libvirt-lock-sanlock-3.3.0-5.49.1 libvirt-lock-sanlock-debuginfo-3.3.0-5.49.1 libvirt-nss-3.3.0-5.49.1 libvirt-nss-debuginfo-3.3.0-5.49.1 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Mon Jan 10 16:33:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 17:33:59 +0100 (CET) Subject: SUSE-CU-2022:33-1: Security update of suse/sles/15.3/virt-api Message-ID: <20220110163359.64F09FF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.3/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:33-1 Container Tags : suse/sles/15.3/virt-api:0.45.0 , suse/sles/15.3/virt-api:0.45.0-8.7.1 , suse/sles/15.3/virt-api:0.45.0.8.8.1 Container Release : 8.8.1 Severity : important Type : security References : 1190587 1190839 1193930 CVE-2021-43565 ----------------------------------------------------------------- The container suse/sles/15.3/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important References: 1190587,1190839,1193930,CVE-2021-43565 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) The following package changes have been done: - kubevirt-virt-api-0.45.0-8.7.1 updated From sle-updates at lists.suse.com Mon Jan 10 16:34:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 17:34:12 +0100 (CET) Subject: SUSE-CU-2022:34-1: Security update of suse/sles/15.3/virt-controller Message-ID: <20220110163412.A9D0DFF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.3/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:34-1 Container Tags : suse/sles/15.3/virt-controller:0.45.0 , suse/sles/15.3/virt-controller:0.45.0-8.7.1 , suse/sles/15.3/virt-controller:0.45.0.8.8.1 Container Release : 8.8.1 Severity : important Type : security References : 1190587 1190839 1193930 CVE-2021-43565 ----------------------------------------------------------------- The container suse/sles/15.3/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important References: 1190587,1190839,1193930,CVE-2021-43565 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) The following package changes have been done: - kubevirt-virt-controller-0.45.0-8.7.1 updated From sle-updates at lists.suse.com Mon Jan 10 16:34:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 17:34:27 +0100 (CET) Subject: SUSE-CU-2022:35-1: Security update of suse/sles/15.3/virt-handler Message-ID: <20220110163427.ABA2EFF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.3/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:35-1 Container Tags : suse/sles/15.3/virt-handler:0.45.0 , suse/sles/15.3/virt-handler:0.45.0-8.7.1 , suse/sles/15.3/virt-handler:0.45.0.8.10.1 Container Release : 8.10.1 Severity : important Type : security References : 1134353 1160242 1177902 1178236 1180125 1183247 1183374 1183858 1183905 1184994 1185588 1186071 1186398 1187196 1187668 1188291 1188588 1188713 1188921 1189176 1189234 1189241 1189287 1189441 1189446 1189480 1189537 1189702 1189841 1189938 1190190 1190401 1190420 1190425 1190440 1190493 1190587 1190598 1190622 1190693 1190695 1190839 1190917 1190984 1191019 1191200 1191242 1191260 1191480 1191532 1191668 1191690 1191690 1191804 1191804 1191922 1192017 1192104 1192161 1192423 1192858 1193181 1193430 1193623 1193719 1193759 1193930 1193981 1194041 CVE-2021-3426 CVE-2021-3713 CVE-2021-3733 CVE-2021-3737 CVE-2021-3748 CVE-2021-37600 CVE-2021-4147 CVE-2021-43565 ----------------------------------------------------------------- The container suse/sles/15.3/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3241-1 Released: Tue Sep 28 00:24:49 2021 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1189176,1190622 This update for multipath-tools provides the following fixes: - Update to version 0.8.5+82+suse.746b76e: * libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176) - Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3306-1 Released: Wed Oct 6 18:11:57 2021 Summary: Recommended update for numactl Type: recommended Severity: moderate References: This update for numactl fixes the following issues: - Fix System call numbers on s390x. - Debug verify for --preferred option. - Description for the usage of numactl. - Varios memleacks on source files: sysfs.c, shm.c and numactl.c - Description for numa_node_size64 and definition for numa_node_size in manpage. - link with -latomic when needed. - Clear race conditions on numa_police_memory(). - numademo: Use first two nodes instead of node 0 and 1 - Enhance _service settings - Enable automake ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1191242 This update for xkeyboard-config fixes the following issue: - Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189441,1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) - Fixed an issue where initrd was not always rebuilding after installing any kernel-*-extra package (bsc#1189441) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3538-1 Released: Wed Oct 27 10:40:32 2021 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1160242 This update for iproute2 fixes the following issues: - Follow-up fixes backported from upstream. (bsc#1160242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3605-1 Released: Wed Nov 3 14:59:32 2021 Summary: Security update for qemu Type: security Severity: important References: 1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3619-1 Released: Fri Nov 5 12:29:52 2021 Summary: Security update for libvirt Type: security Severity: moderate References: 1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. (bsc#1183247) - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917) - spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693) - spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695) - libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493) - libxl: Fix driver reload. (bsc#1190420) - qemu: Set label on virtual host network device when hotplugging. (bsc#1186398) - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver- package instead of libvirt-daemon-. The latter are not required packages for a functioning hypervisor driver. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:21-1 Released: Tue Jan 4 16:06:08 2022 Summary: Security update for libvirt Type: security Severity: important References: 1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important References: 1190587,1190839,1193930,CVE-2021-43565 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) The following package changes have been done: - kubevirt-container-disk-0.45.0-8.7.1 updated - kubevirt-virt-handler-0.45.0-8.7.1 updated - libapparmor1-2.13.6-3.8.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libkmod2-29-4.15.1 updated - libnuma1-2.0.14.20.g4ee5e0c-10.1 updated - system-group-kvm-20170617-17.3.1 updated - suse-module-tools-15.3.15-3.17.1 updated - libpython3_6m1_0-3.6.15-10.9.1 updated - libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated - iproute2-5.3-5.5.1 updated - xkeyboard-config-2.23.1-3.9.1 updated - system-user-qemu-20170617-17.3.1 updated - kmod-29-4.15.1 updated - python3-base-3.6.15-10.9.1 updated - systemd-246.16-7.28.1 updated - udev-246.16-7.28.1 updated - qemu-tools-5.2.0-106.4 updated - util-linux-systemd-2.36.2-4.5.1 updated - libvirt-libs-7.1.0-6.11.1 updated - libvirt-client-7.1.0-6.11.1 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Mon Jan 10 16:34:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 17:34:46 +0100 (CET) Subject: SUSE-CU-2022:36-1: Security update of suse/sles/15.3/virt-launcher Message-ID: <20220110163446.6BF94FF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.3/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:36-1 Container Tags : suse/sles/15.3/virt-launcher:0.45.0 , suse/sles/15.3/virt-launcher:0.45.0-8.7.1 , suse/sles/15.3/virt-launcher:0.45.0.8.17.1 Container Release : 8.17.1 Severity : important Type : security References : 1027519 1029961 1073299 1093392 1104700 1112310 1113013 1113554 1120402 1130557 1134353 1140016 1150451 1160242 1169582 1172055 1173646 1177460 1177460 1177460 1177460 1177460 1177902 1178346 1178350 1178353 1180125 1180914 1183247 1183374 1183709 1183858 1183905 1184994 1185016 1185524 1185588 1186071 1186398 1186910 1187190 1187196 1187270 1187512 1187654 1187668 1187958 1188127 1188291 1188344 1188588 1188713 1188869 1189176 1189234 1189241 1189287 1189441 1189446 1189480 1189537 1189702 1189841 1189938 1190190 1190401 1190420 1190425 1190440 1190493 1190587 1190598 1190622 1190645 1190693 1190695 1190739 1190839 1190915 1190917 1190933 1190984 1191019 1191054 1191200 1191242 1191260 1191339 1191363 1191480 1191532 1191668 1191690 1191690 1191804 1191804 1191922 1192013 1192017 1192104 1192126 1192161 1192423 1192529 1192554 1192557 1192559 1192568 1192840 1192858 1193181 1193430 1193623 1193719 1193759 1193930 1193981 1194041 CVE-2020-14312 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-3426 CVE-2021-3448 CVE-2021-3713 CVE-2021-3733 CVE-2021-3737 CVE-2021-3748 CVE-2021-4147 CVE-2021-43565 ----------------------------------------------------------------- The container suse/sles/15.3/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:1332-1 Released: Tue Jul 17 09:01:19 2018 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1073299,1093392 This update for timezone provides the following fixes: - North Korea switches back from +0830 to +09 on 2018-05-05. - Ireland's standard time is in the summer, with negative DST offset to standard time used in Winter. (bsc#1073299) - yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid setting an incorrect timezone. (bsc#1093392) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2463-1 Released: Thu Oct 25 14:48:34 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1104700,1112310 This update for timezone, timezone-java fixes the following issues: The timezone database was updated to 2018f: - Volgograd moves from +03 to +04 on 2018-10-28. - Fiji ends DST 2019-01-13, not 2019-01-20. - Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700) - Corrections to past timestamps of DST transitions - Use 'PST' and 'PDT' for Philippine time - minor code changes to zic handling of the TZif format - documentation updates Other bugfixes: - Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2018:2550-1 Released: Wed Oct 31 16:16:56 2018 Summary: Recommended update for timezone, timezone-java Type: recommended Severity: moderate References: 1113554 This update provides the latest time zone definitions (2018g), including the following change: - Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:102-1 Released: Tue Jan 15 18:02:58 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1120402 This update for timezone fixes the following issues: - Update 2018i: S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402) - Update 2018h: Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21 New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move Metlakatla, Alaska observes PST this winter only Guess Morocco will continue to adjust clocks around Ramadan Add predictions for Iran from 2038 through 2090 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:790-1 Released: Thu Mar 28 12:06:17 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1130557 This update for timezone fixes the following issues: timezone was updated 2019a: * Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23 * Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00 * Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25) * zic now has an -r option to limit the time range of output data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:1815-1 Released: Thu Jul 11 07:47:55 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1140016 This update for timezone fixes the following issues: - Timezone update 2019b. (bsc#1140016): - Brazil no longer observes DST. - 'zic -b slim' outputs smaller TZif files. - Palestine's 2019 spring-forward transition was on 03-29, not 03-30. - Add info about the Crimea situation. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2019:2762-1 Released: Thu Oct 24 07:08:44 2019 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1150451 This update for timezone fixes the following issues: - Fiji observes DST from 2019-11-10 to 2020-01-12. - Norfolk Island starts observing Australian-style DST. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1303-1 Released: Mon May 18 09:40:36 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1169582 This update for timezone fixes the following issues: - timezone update 2020a. (bsc#1169582) * Morocco springs forward on 2020-05-31, not 2020-05-24. * Canada's Yukon advanced to -07 year-round on 2020-03-08. * America/Nuuk renamed from America/Godthab. * zic now supports expiration dates for leap second lists. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1542-1 Released: Thu Jun 4 13:24:37 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1172055 This update for timezone fixes the following issue: - zdump --version reported 'unknown' (bsc#1172055) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3099-1 Released: Thu Oct 29 19:33:41 2020 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020b (bsc#1177460) * Revised predictions for Morocco's changes starting in 2023. * Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08. * Macquarie Island has stayed in sync with Tasmania since 2011. * Casey, Antarctica is at +08 in winter and +11 in summer. * zic no longer supports -y, nor the TYPE field of Rules. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3123-1 Released: Tue Nov 3 09:48:13 2020 Summary: Recommended update for timezone Type: recommended Severity: important References: 1177460,1178346,1178350,1178353 This update for timezone fixes the following issues: - Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353) - Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460) - Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:179-1 Released: Wed Jan 20 13:38:51 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. - timezone update 2020f (bsc#1177460) * 'make rearguard_tarballs' no longer generates a bad rearguard.zi, fixing a 2020e bug. - timezone update 2020e (bsc#1177460) * Volgograd switches to Moscow time on 2020-12-27 at 02:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:301-1 Released: Thu Feb 4 08:46:27 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. - timezone update 2021a (bsc#1177460) * South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2573-1 Released: Thu Jul 29 14:21:52 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1188127 This update for timezone fixes the following issue: - From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3241-1 Released: Tue Sep 28 00:24:49 2021 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1189176,1190622 This update for multipath-tools provides the following fixes: - Update to version 0.8.5+82+suse.746b76e: * libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176) - Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3306-1 Released: Wed Oct 6 18:11:57 2021 Summary: Recommended update for numactl Type: recommended Severity: moderate References: This update for numactl fixes the following issues: - Fix System call numbers on s390x. - Debug verify for --preferred option. - Description for the usage of numactl. - Varios memleacks on source files: sysfs.c, shm.c and numactl.c - Description for numa_node_size64 and definition for numa_node_size in manpage. - link with -latomic when needed. - Clear race conditions on numa_police_memory(). - numademo: Use first two nodes instead of node 0 and 1 - Enhance _service settings - Enable automake ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1191242 This update for xkeyboard-config fixes the following issue: - Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189441,1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) - Fixed an issue where initrd was not always rebuilding after installing any kernel-*-extra package (bsc#1189441) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3530-1 Released: Wed Oct 27 09:24:29 2021 Summary: Security update for dnsmasq Type: security Severity: moderate References: 1173646,1180914,1183709,CVE-2020-14312,CVE-2021-3448 This update for dnsmasq fixes the following issues: Update to version 2.86 - CVE-2021-3448: fixed outgoing port used when --server is used with an interface name. (bsc#1183709) - CVE-2020-14312: Set --local-service by default (bsc#1173646). - Open inotify socket only when used (bsc#1180914). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3532-1 Released: Wed Oct 27 10:11:20 2021 Summary: Recommended update for pmdk Type: recommended Severity: important References: 1191339 This update for pmdk fixes the following issues: - Fixed an issue when 'PMDK' causes data corruption on power failure. (bsc#1191339) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3538-1 Released: Wed Oct 27 10:40:32 2021 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1160242 This update for iproute2 fixes the following issues: - Follow-up fixes backported from upstream. (bsc#1160242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3605-1 Released: Wed Nov 3 14:59:32 2021 Summary: Security update for qemu Type: security Severity: important References: 1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3619-1 Released: Fri Nov 5 12:29:52 2021 Summary: Security update for libvirt Type: security Severity: moderate References: 1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. (bsc#1183247) - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917) - spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693) - spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695) - libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493) - libxl: Fix driver reload. (bsc#1190420) - qemu: Set label on virtual host network device when hotplugging. (bsc#1186398) - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver- package instead of libvirt-daemon-. The latter are not required packages for a functioning hypervisor driver. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3790-1 Released: Wed Nov 24 06:10:31 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1187190,1187958,1188869,1191054,1192013,1192568 This update for open-iscsi fixes the following issues: - Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054) - iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190) - IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958) - iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869) - The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Update timezone to 2021e (bsc#1177460) - Palestine will fall back 10-29 (not 10-30) at 01:00 - Fiji suspends DST for the 2021/2022 season - 'zic -r' marks unspecified timestamps with '-00' - Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers - Refresh timezone info for china ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3961-1 Released: Mon Dec 6 19:55:49 2021 Summary: Recommended update for dnsmasq Type: recommended Severity: moderate References: 1192529 This update for dnsmasq fixes the following issues: - Fix a segfault when re-reading an empty resolv.conf (bsc#1192529) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3968-1 Released: Tue Dec 7 15:31:00 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4166-1 Released: Wed Dec 22 22:52:39 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1192840 This update for ceph fixes the following issues: - Rebase on top of Ceph v15.2.15 tag - Re-do some downstream patches - Fix parsing of kwargs arguments. (bsc#1192840, jsc#SES-704) (fixes an issue caused by downstream commit 'pybing/mgr/mgr_module: allow keyword arguments') ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:9-1 Released: Mon Jan 3 11:15:25 2022 Summary: Recommended update for ovmf Type: recommended Severity: important References: 1192126 This update for ovmf fixes the following issue: - VM enters crash/reset loop inside OVMF on reboots (bsc#1192126) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:12-1 Released: Mon Jan 3 15:36:03 2022 Summary: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff Type: recommended Severity: moderate References: This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix: - Ship some missing binaries to PackageHub. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:21-1 Released: Tue Jan 4 16:06:08 2022 Summary: Security update for libvirt Type: security Severity: important References: 1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important References: 1190587,1190839,1193930,CVE-2021-43565 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) The following package changes have been done: - augeas-lenses-1.10.1-3.3.1 updated - augeas-1.10.1-3.3.1 updated - kubevirt-container-disk-0.45.0-8.7.1 updated - libapparmor1-2.13.6-3.8.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libjpeg8-8.1.2-32.2.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libkmod2-29-4.15.1 updated - libnuma1-2.0.14.20.g4ee5e0c-10.1 updated - libpixman-1-0-0.34.0-7.2.1 updated - qemu-ipxe-1.0.0+-106.4 updated - qemu-seabios-1.14.0_0_g155821a-106.4 updated - qemu-sgabios-8-106.4 updated - qemu-vgabios-1.14.0_0_g155821a-106.4 updated - system-group-kvm-20170617-17.3.1 updated - system-group-libvirt-20170617-17.3.1 updated - system-user-daemon-20170617-17.3.1 updated - system-user-nobody-20170617-17.3.1 updated - system-user-tss-20170617-17.3.1 updated - timezone-2021e-75.4.1 added - suse-module-tools-15.3.15-3.17.1 updated - libxcb1-1.13-3.7.1 updated - liblvm2cmd2_03-2.03.05-8.39.1 updated - libdevmapper-event1_03-1.02.163-8.39.1 updated - libpython3_6m1_0-3.6.15-10.9.1 updated - keyutils-1.6.3-5.6.1 updated - libopeniscsiusr0_2_0-2.1.5-32.12.1 updated - libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated - iproute2-5.3-5.5.1 updated - xkeyboard-config-2.23.1-3.9.1 updated - system-user-qemu-20170617-17.3.1 updated - kmod-29-4.15.1 updated - device-mapper-1.02.163-8.39.1 updated - python3-base-3.6.15-10.9.1 updated - libpmem1-1.9-3.3.1 updated - dnsmasq-2.86-7.17.1 updated - xen-libs-4.14.3_04-3.15.1 updated - python3-3.6.15-10.9.1 updated - systemd-246.16-7.28.1 updated - udev-246.16-7.28.1 updated - qemu-tools-5.2.0-106.4 updated - systemd-container-246.16-7.28.1 updated - open-iscsi-2.1.5-32.12.1 updated - lvm2-2.03.05-8.39.1 updated - apparmor-parser-2.13.6-3.8.1 updated - libvirt-libs-7.1.0-6.11.1 updated - apparmor-abstractions-2.13.6-3.8.1 updated - libvirt-client-7.1.0-6.11.1 updated - kubevirt-virt-launcher-0.45.0-8.7.1 updated - qemu-5.2.0-106.4 updated - librados2-15.2.15.83+gf72054fa653-3.34.1 updated - qemu-x86-5.2.0-106.4 updated - librbd1-15.2.15.83+gf72054fa653-3.34.1 updated - qemu-ovmf-x86_64-202008-10.11.1 updated - libvirt-daemon-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-core-7.1.0-6.11.1 updated - libvirt-daemon-driver-secret-7.1.0-6.11.1 updated - libvirt-daemon-driver-qemu-7.1.0-6.11.1 updated - libvirt-daemon-driver-nwfilter-7.1.0-6.11.1 updated - libvirt-daemon-driver-nodedev-7.1.0-6.11.1 updated - libvirt-daemon-driver-network-7.1.0-6.11.1 updated - libvirt-daemon-driver-interface-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-scsi-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-rbd-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-mpath-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-logical-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-iscsi-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-disk-7.1.0-6.11.1 updated - libvirt-daemon-driver-storage-7.1.0-6.11.1 updated - libvirt-daemon-qemu-7.1.0-6.11.1 updated - libidn11-1.34-3.2.2 removed - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Mon Jan 10 16:35:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 17:35:05 +0100 (CET) Subject: SUSE-CU-2022:37-1: Security update of suse/sles/15.3/libguestfs-tools Message-ID: <20220110163505.1E3F6FF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.3/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:37-1 Container Tags : suse/sles/15.3/libguestfs-tools:0.45.0 , suse/sles/15.3/libguestfs-tools:0.45.0-8.4.3 , suse/sles/15.3/libguestfs-tools:0.45.0.7.7.56 Container Release : 7.7.56 Severity : important Type : security References : 1027519 1040364 1065729 1065729 1065729 1085030 1085030 1085917 1089118 1094840 1127650 1133021 1134353 1135481 1148868 1152472 1152472 1152489 1152489 1152489 1152489 1152489 1154353 1154353 1156395 1156395 1157177 1159886 1160010 1167773 1167773 1168202 1169263 1170269 1170774 1171420 1171688 1172073 1172073 1173604 1173604 1173746 1174003 1174969 1175052 1175543 1176447 1176447 1176447 1176774 1176774 1176914 1176914 1176940 1176940 1177028 1177399 1177902 1178134 1178134 1178134 1178236 1180100 1180100 1180100 1180125 1180141 1180347 1180749 1181006 1181147 1181147 1181148 1181299 1181306 1181309 1181535 1181536 1181972 1183247 1183374 1183858 1183905 1184180 1184439 1184673 1184673 1184804 1184924 1184970 1184994 1185016 1185302 1185524 1185550 1185588 1185677 1185726 1185762 1185762 1185762 1185902 1186063 1186063 1186071 1186109 1186109 1186260 1186264 1186398 1186731 1186910 1187115 1187167 1187167 1187190 1187196 1187211 1187211 1187270 1187455 1187468 1187470 1187483 1187512 1187619 1187668 1187774 1187959 1188067 1188067 1188172 1188231 1188270 1188291 1188344 1188412 1188418 1188418 1188563 1188563 1188588 1188601 1188616 1188651 1188651 1188700 1188713 1188713 1188768 1188780 1188781 1188782 1188783 1188784 1188786 1188787 1188788 1188790 1188878 1188885 1188921 1188924 1188982 1188983 1188985 1188986 1189021 1189057 1189060 1189077 1189153 1189176 1189197 1189209 1189210 1189212 1189213 1189214 1189215 1189216 1189217 1189218 1189219 1189220 1189221 1189222 1189225 1189229 1189233 1189234 1189241 1189257 1189262 1189287 1189291 1189292 1189296 1189297 1189298 1189301 1189305 1189323 1189384 1189385 1189392 1189393 1189399 1189400 1189427 1189441 1189446 1189480 1189503 1189504 1189505 1189506 1189507 1189537 1189552 1189562 1189563 1189564 1189565 1189566 1189567 1189568 1189569 1189573 1189574 1189575 1189576 1189577 1189579 1189581 1189582 1189583 1189585 1189586 1189587 1189702 1189706 1189760 1189762 1189832 1189841 1189841 1189841 1189841 1189841 1189870 1189872 1189883 1189884 1189938 1189983 1189984 1189996 1190006 1190006 1190022 1190023 1190025 1190062 1190067 1190067 1190115 1190115 1190117 1190138 1190159 1190190 1190326 1190349 1190349 1190351 1190351 1190358 1190373 1190374 1190401 1190406 1190412 1190413 1190420 1190425 1190428 1190432 1190440 1190467 1190479 1190479 1190493 1190523 1190523 1190534 1190543 1190544 1190561 1190576 1190595 1190596 1190598 1190598 1190620 1190620 1190620 1190622 1190626 1190642 1190642 1190645 1190679 1190693 1190695 1190705 1190717 1190739 1190746 1190758 1190784 1190785 1190795 1190795 1190795 1190801 1190801 1190845 1190915 1190917 1190933 1190941 1190941 1190984 1191019 1191172 1191193 1191200 1191229 1191229 1191240 1191240 1191241 1191241 1191242 1191260 1191292 1191315 1191315 1191317 1191317 1191339 1191349 1191349 1191363 1191384 1191384 1191449 1191449 1191450 1191450 1191451 1191451 1191452 1191452 1191455 1191455 1191456 1191456 1191480 1191500 1191532 1191566 1191628 1191628 1191645 1191645 1191663 1191663 1191668 1191675 1191690 1191690 1191731 1191731 1191790 1191800 1191800 1191804 1191804 1191851 1191867 1191867 1191922 1191934 1191934 1191958 1191958 1191961 1191980 1192017 1192040 1192040 1192041 1192041 1192045 1192074 1192074 1192104 1192107 1192107 1192145 1192145 1192161 1192217 1192229 1192267 1192273 1192288 1192328 1192375 1192423 1192473 1192549 1192554 1192557 1192559 1192718 1192740 1192745 1192750 1192753 1192758 1192781 1192802 1192858 1192896 1192906 1192918 1193181 1193430 1193512 1193623 1193719 1193759 1193981 1194041 CVE-2020-12770 CVE-2020-3702 CVE-2021-0941 CVE-2021-20322 CVE-2021-22946 CVE-2021-22947 CVE-2021-28702 CVE-2021-28704 CVE-2021-28705 CVE-2021-28706 CVE-2021-28707 CVE-2021-28708 CVE-2021-28709 CVE-2021-31916 CVE-2021-33033 CVE-2021-33033 CVE-2021-3426 CVE-2021-34556 CVE-2021-34866 CVE-2021-34866 CVE-2021-34981 CVE-2021-3542 CVE-2021-3542 CVE-2021-35477 CVE-2021-3622 CVE-2021-3640 CVE-2021-3653 CVE-2021-3655 CVE-2021-3655 CVE-2021-3656 CVE-2021-3669 CVE-2021-3679 CVE-2021-3713 CVE-2021-3715 CVE-2021-3715 CVE-2021-37159 CVE-2021-3732 CVE-2021-3733 CVE-2021-3737 CVE-2021-3739 CVE-2021-3743 CVE-2021-3744 CVE-2021-3748 CVE-2021-3752 CVE-2021-3753 CVE-2021-3759 CVE-2021-3759 CVE-2021-3760 CVE-2021-3760 CVE-2021-37600 CVE-2021-3764 CVE-2021-3772 CVE-2021-3772 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 CVE-2021-3896 CVE-2021-3896 CVE-2021-40490 CVE-2021-4147 CVE-2021-41864 CVE-2021-41864 CVE-2021-42008 CVE-2021-42008 CVE-2021-42252 CVE-2021-42252 CVE-2021-42739 CVE-2021-42739 CVE-2021-43056 CVE-2021-43056 CVE-2021-43389 ----------------------------------------------------------------- The container suse/sles/15.3/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3201-1 Released: Thu Sep 23 11:28:23 2021 Summary: Security update for hivex Type: security Severity: moderate References: 1189060,CVE-2021-3622 This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3203-1 Released: Thu Sep 23 14:41:35 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1189537,1190190 This update for kmod fixes the following issues: - Use docbook 4 rather than docbook 5 for building man pages (bsc#1190190). - Enable support for ZSTD compressed modules - Display module information even for modules built into the running kernel (bsc#1189537) - '/usr/lib' should override '/lib' where both are available. Support '/usr/lib' for depmod.d as well. - Remove test patches included in release 29 - Update to release 29 * Fix `modinfo -F` not working for built-in modules and certain fields. * Fix a memory leak, overflow and double free on error path. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3205-1 Released: Thu Sep 23 16:15:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1040364,1127650,1135481,1152489,1160010,1168202,1171420,1174969,1175052,1175543,1177399,1180100,1180141,1180347,1181006,1181148,1181972,1184180,1185902,1186264,1186731,1187211,1187455,1187468,1187483,1187619,1187959,1188067,1188172,1188231,1188270,1188412,1188418,1188616,1188700,1188780,1188781,1188782,1188783,1188784,1188786,1188787,1188788,1188790,1188878,1188885,1188924,1188982,1188983,1188985,1189021,1189057,1189077,1189153,1189197,1189209,1189210,1189212,1189213,1189214,1189215,1189216,1189217,1189218,1189219,1189220,1189221,1189222,1189225,1189229,1189233,1189262,1189291,1189292,1189296,1189298,1189301,1189305,1189323,1189384,1189385,1189392,1189393,1189399,1189400,1189427,1189503,1189504,1189505,1189506,1189507,1189562,1189563,1189564,1189565,1189566,1189567,1189568,1189569,1189573,1189574,1189575,1189576,1189577,1189579,1189581,1189582,1189583,1189585,1189586,1189587,1189706,1189760,1189762,1189832,1189841,1189870,1189872,1189883,1190022,1190025,1190115,1190117,1 190412,1190413,1190428,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-3640,CVE-2021-3653,CVE-2021-3656,CVE-2021-3679,CVE-2021-3732,CVE-2021-3739,CVE-2021-3743,CVE-2021-3753,CVE-2021-3759,CVE-2021-38160,CVE-2021-38166,CVE-2021-38198,CVE-2021-38204,CVE-2021-38205,CVE-2021-38206,CVE-2021-38207,CVE-2021-38209 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup 'rpm: support gz and zst compression methods' (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name at unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes 'allloc' -> 'alloc' (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use 'SEV: ' prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3241-1 Released: Tue Sep 28 00:24:49 2021 Summary: Recommended update for multipath-tools Type: recommended Severity: important References: 1189176,1190622 This update for multipath-tools provides the following fixes: - Update to version 0.8.5+82+suse.746b76e: * libmultipath: avoid buffer size warning with systemd 240+. (bsc#1189176) - Add a versioned dependency of multipath-tools on libmpath0. (bsc#1190622) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3306-1 Released: Wed Oct 6 18:11:57 2021 Summary: Recommended update for numactl Type: recommended Severity: moderate References: This update for numactl fixes the following issues: - Fix System call numbers on s390x. - Debug verify for --preferred option. - Description for the usage of numactl. - Varios memleacks on source files: sysfs.c, shm.c and numactl.c - Description for numa_node_size64 and definition for numa_node_size in manpage. - link with -latomic when needed. - Clear race conditions on numa_police_memory(). - numademo: Use first two nodes instead of node 0 and 1 - Enhance _service settings - Enable automake ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3310-1 Released: Wed Oct 6 18:12:41 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1134353,1184994,1188291,1188588,1188713,1189446,1189480 This update for systemd fixes the following issues: - Switch I/O scheduler from 'mq-deadline' to 'bfq' for rotating disks(HD's) (jsc#SLE-21032, bsc#1134353). - Multipath: Rules weren't applied to dm devices (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994). - Remove kernel unsupported single-queue block I/O. - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when updating active udev on sockets restart (bsc#1188291). - Merge of v246.16, for a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/8d8f5fc31eece95644b299b784bbfb8f836d0108...f5c33d9f82d3d782d28938df9ff09484360c540d - Drop 1007-tmpfiles-follow-SUSE-policies.patch: Since most of the tmpfiles config files shipped by upstream are ignored (see previous commit 'Drop most of the tmpfiles that deal with generic paths'), this patch is no more relevant. Additional fixes: - core: make sure cgroup_oom_queue is flushed on manager exit. - cgroup: do 'catchup' for unit cgroup inotify watch files. - journalctl: never fail at flushing when the flushed flag is set (bsc#1188588). - manager: reexecute on SIGRTMIN+25, user instances only. - manager: fix HW watchdog when systemd starts before driver loaded (bsc#1189446). - pid1: watchdog modernizations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3311-1 Released: Wed Oct 6 18:12:56 2021 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1188768 This update for perl-Bootloader fixes the following issues: - Report error if config file could not be updated (bsc#1188768). - Fix typo in update-bootloader. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3387-1 Released: Tue Oct 12 17:09:16 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1171688,1173746,1174003,1176447,1176940,1177028,1178134,1184439,1184804,1185302,1185550,1185677,1185726,1185762,1187211,1188067,1188418,1188651,1188986,1189257,1189297,1189841,1189884,1190023,1190062,1190115,1190138,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190544,1190561,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3759,CVE-2021-3764,CVE-2021-40490 The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: Fix platform ID matching (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: rt5682: Implement remove callback (git-fixes). - ASoC: rt5682: Properly turn off regulators if wrong device ID (git-fixes). - ASoC: rt5682: Remove unused variable in rt5682_i2c_remove() (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - backlight: pwm_bl: Improve bootloader/kernel device handover (git-fixes). - bareudp: Fix invalid read beyond skb's linear data (jsc#SLE-15172). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Fix asic.rev in devlink dev info command (jsc#SLE-16649). - bnxt_en: fix stored FW_PSID version masks (jsc#SLE-16649). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - bpf, samples: Add missing mprog-disable to xdp_redirect_cpu's optstring (git-fixes). - bpf: Fix ringbuf helper function compatibility (git-fixes). - bpftool: Add sock_release help info for cgroup attach/prog load command (bsc#1177028). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (bsc#1185550 ltc#192610 git-fixes jsc#SLE-18128). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - devlink: Clear whole devlink_flash_notify struct (bsc#1176447). - dma-buf: DMABUF_MOVE_NOTIFY should depend on DMA_SHARED_BUFFER (git-fixes). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/ast: Fix missing conversions to managed API (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/i915: Allow the sysadmin to override security mitigations (git-fixes). - drm/i915/rkl: Remove require_force_probe protection (bsc#1189257). - drm/ingenic: Switch IPU plane to type OVERLAY (git-fixes). - drm/mgag200: Select clock in PLL update functions (git-fixes). - drm/msm/mdp4: move HW revision detection to earlier phase (git-fixes). - drm/msm/mdp4: refactor HW revision detection into read_mdp_hw_revision (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - drm/pl111: depend on CONFIG_VEXPRESS_CONFIG (git-fixes). - drm/rockchip: cdn-dp-core: Make cdn_dp_core_resume __maybe_unused (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/mce_amd: Do not load edac_mce_amd module on guests (bsc#1190138). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - enetc: Fix uninitialized struct dim_sample field usage (git-fixes). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - i40e: improve locking of mac_filter_hash (jsc#SLE-13701). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - IB/hfi1: Indicate DMA wait when txq is queued for wakeup (jsc#SLE-13208). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: do not abort devlink info if board identifier can't be found (jsc#SLE-12878). - ice: do not remove netdev->dev_addr from uc sync list (git-fixes). - ice: Prevent probing virtual functions (git-fixes). - igc: Use num_tx_queues when iterating over tx_ring queue (jsc#SLE-13533). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ionic: drop useless check of PCI driver data validity (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi Add support for ax201 in Samsung Galaxy Book Flex2 Alpha (git-fixes). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - libbpf: Fix removal of inner map in bpf_object__create_map (git-fixes). - libbpf: Fix the possible memory leak on error (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - misc: sram: Only map reserved areas in Tegra SYSRAM (git-fixes). - misc: sram: use devm_platform_ioremap_resource_wc() (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - mmc: sdhci: Fix issue with uninitialized dma_slave_config (git-fixes). - net: ethernet: ti: cpsw: fix min eth packet size for non-switch use-cases (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix missing return value in mlx5_devlink_eswitch_inline_mode_set() (jsc#SLE-15172). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme-multipath: revalidate paths during rescan (bsc#1187211). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - optee: Fix memory leak when failing to register shm pages (git-fixes). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: of: Do not fail devm_pci_alloc_host_bridge() on missing 'ranges' (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - phy: tegra: xusb: Fix dangling pointer on probe failure (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/numa: Consider the max NUMA node for migratable LPAR (bsc#1190544 ltc#194520). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - RDMA/hns: Fix QP's resp incomplete assignment (jsc#SLE-14777). - RDMA/mlx5: Delay emptying a cache entry when a new MR is added to it recently (jsc#SLE-15175). - RDMA/mlx5: Delete not-available udata check (jsc#SLE-15175). - RDMA/rtrs: Remove a useless kfree() (jsc#SLE-15176). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sch_cake: fix srchost/dsthost hashing mode (bsc#1176447). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - scsi/fc: kABI fixes for new ELS_EDC, ELS_RDP definition (bsc#1171688 bsc#1174003 bsc#1190576). - selftests/bpf: Define string const as global for test_sysctl_prog.c (git-fixes). - selftests/bpf: Fix bpf-iter-tcp4 test to print correctly the dest IP (git-fixes). - selftests/bpf: Fix test_sysctl_loop{1, 2} failure due to clang change (git-fixes). - selftests/bpf: Whitelist test_progs.h from .gitignore (git-fixes). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tools: bpf: Fix error in 'make -C tools/ bpf_install' (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1190561). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/asm: Fix SETZ size enqcmds() build failure (bsc#1178134). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3410-1 Released: Wed Oct 13 10:41:36 2021 Summary: Recommended update for xkeyboard-config Type: recommended Severity: moderate References: 1191242 This update for xkeyboard-config fixes the following issue: - Wrong keyboard mapping causing input delays with ABNT2 keyboards. (bsc#1191242) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3413-1 Released: Wed Oct 13 10:50:45 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189441,1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) - Fixed an issue where initrd was not always rebuilding after installing any kernel-*-extra package (bsc#1189441) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3474-1 Released: Wed Oct 20 08:41:31 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c. (bsc#1188921) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3479-1 Released: Wed Oct 20 11:23:45 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1184970,1186260,1187115,1187470,1187774,1190845 This update for dracut fixes the following issues: - Fix usage information for -f parameter. (bsc#1187470) - Fix obsolete reference to 96insmodpost in manpage. (bsc#1187774) - Remove references to INITRD_MODULES. (bsc#1187115) - Multipath FCoE configurations may not boot when using only one path. (bsc#1186260) - Adjust path for SUSE: /var/lib/nfs/statd/sm to /var/lib/nfs/sm. (bsc#1184970) - Systemd coredump unit files are missing in initrd. (1190845) - Use $kernel rather than $(uname -r). - Exclude modules that are built-in. - Restore INITRD_MODULES in mkinitrd script. - Call dracut_instmods with hostonly. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3509-1 Released: Tue Oct 26 09:47:40 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.3.13: - Fix bad exit status in openQA. (bsc#1191922) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Don't pass existing files to weak-modules2. (bsc#1191200) - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3532-1 Released: Wed Oct 27 10:11:20 2021 Summary: Recommended update for pmdk Type: recommended Severity: important References: 1191339 This update for pmdk fixes the following issues: - Fixed an issue when 'PMDK' causes data corruption on power failure. (bsc#1191339) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3589-1 Released: Mon Nov 1 19:27:52 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3605-1 Released: Wed Nov 3 14:59:32 2021 Summary: Security update for qemu Type: security Severity: important References: 1189234,1189702,1189938,1190425,CVE-2021-3713,CVE-2021-3748 This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device emulation (bsc#1189702) - CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu (bsc#1189938) Non-security issues fixed: - Add transfer length item in block limits page of scsi vpd (bsc#1190425) - Fix qemu crash while deleting xen-block (bsc#1189234) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3619-1 Released: Fri Nov 5 12:29:52 2021 Summary: Security update for libvirt Type: security Severity: moderate References: 1177902,1183247,1186398,1190420,1190493,1190693,1190695,1190917 This update for libvirt fixes the following issues: - lxc: controller: Fix container launch on cgroup v1. (bsc#1183247) - supportconfig: Use systemctl command 'is-active' instead of 'is-enabled' when checking if libvirtd is active. - qemu: Do not report error in the logs when processing monitor IO. (bsc#1190917) - spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693) - spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when running in traditional mode without socket activation. (bsc#1190695) - libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493) - libxl: Fix driver reload. (bsc#1190420) - qemu: Set label on virtual host network device when hotplugging. (bsc#1186398) - supportconfig: When checking for installed hypervisor drivers, use the libvirtr-daemon-driver- package instead of libvirt-daemon-. The latter are not required packages for a functioning hypervisor driver. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3655-1 Released: Thu Nov 11 11:59:22 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3675-1 Released: Tue Nov 16 17:47:44 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev->rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve: report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm->arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). - KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops->suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events (git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187: fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path (git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3782-1 Released: Tue Nov 23 23:49:03 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187190,1188713,1190326 This update for dracut fixes the following issues: - Fixed multipath devices that always default to bfq scheduler (bsc#1188713) - Fixed unbootable system when testing kernel 5.14 (bsc#1190326) - Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190) - Add iscsid.service requirements (bsc#1187190) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3941-1 Released: Mon Dec 6 14:45:20 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1152489,1169263,1170269,1184924,1190523,1190795,1191790,1191961,1192045,1192217,1192273,1192328,1192375,1192473,1192718,1192740,1192745,1192750,1192753,1192758,1192781,1192802,1192896,1192906,1192918,CVE-2021-0941,CVE-2021-20322,CVE-2021-31916,CVE-2021-34981 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) - CVE-2021-0941: In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1192045 ). - CVE-2021-31916: An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel A bound check failure allowed an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability (bnc#1192781). - CVE-2021-20322: Make the ipv4 and ipv6 ICMP exception caches less predictive to avoid information leaks about UDP ports in use. (bsc#1191790) - CVE-2021-34981: Fixed file refcounting in cmtp when cmtp_attach_device fails (bsc#1191961). The following non-security bugs were fixed: - ABI: sysfs-kernel-slab: Document some stats (git-fixes). - ALSA: hda: fix general protection fault in azx_runtime_idle (git-fixes). - ALSA: hda: Free card instance properly at probe errors (git-fixes). - ALSA: usb-audio: Add Audient iD14 to mixer map quirk table (git-fixes). - ALSA: usb-audio: Add minimal-mute notion in dB mapping table (bsc#1192375). - ALSA: usb-audio: Add Schiit Hel device to mixer map quirk table (git-fixes). - ALSA: usb-audio: Fix dB level of Bose Revolve+ SoundLink (bsc#1192375). - ALSA: usb-audio: Use int for dB map values (bsc#1192375). - ARM: socfpga: Fix crash with CONFIG_FORTIRY_SOURCE (bsc#1192473). - auxdisplay: ht16k33: Connect backlight to fbdev (git-fixes). - auxdisplay: ht16k33: Fix frame buffer device blanking (git-fixes). - auxdisplay: img-ascii-lcd: Fix lock-up when displaying empty string (git-fixes). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22573) - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22574) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22573). - bpf: Disallow unprivileged bpf by default (jsc#SLE-22574). - bpf: Fix BPF_JIT kconfig symbol dependency (git-fixes jsc#SLE-22574). - bpf: Fix potential race in tail call compatibility check (git-fixes). - bpf, kconfig: Add consolidated menu entry for bpf with core options (jsc#SLE-22574). - btrfs: block-group: Rework documentation of check_system_chunk function (bsc#1192896). - btrfs: fix deadlock between chunk allocation and chunk btree modifications (bsc#1192896). - btrfs: fix memory ordering between normal and ordered work functions (git-fixes). - btrfs: update comments for chunk allocation -ENOSPC cases (bsc#1192896). - cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (git-fixes). - config: disable unprivileged BPF by default (jsc#SLE-22573) Backport of mainline commit 8a03e56b253e ('bpf: Disallow unprivileged bpf by default') only changes kconfig default, used e.g. for 'make oldconfig' when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - crypto: caam - disable pkc for non-E SoCs (git-fixes). - crypto: qat - detect PFVF collision after ACK (git-fixes). - crypto: qat - disregard spurious PFVF interrupts (git-fixes). - drm/i915: Introduce intel_hpd_hotplug_irqs() (bsc#1192758). - drm: prevent spectre issue in vmw_execbuf_ioctl (bsc#1192802). - EDAC/sb_edac: Fix top-of-high-memory value for Broadwell/Haswell (bsc#1152489). - Eradicate Patch-mainline: No The pre-commit check can reject this deprecated tag then. - exfat: fix erroneous discard when clear cluster bit (git-fixes). - exfat: handle wrong stream entry size in exfat_readdir() (git-fixes). - exfat: properly set s_time_gran (bsc#1192328). - exfat: truncate atimes to 2s granularity (bsc#1192328). - Fix problem with missing installkernel on Tumbleweed. - fuse: fix page stealing (bsc#1192718). - gpio: mpc8xxx: Use 'devm_gpiochip_add_data()' to simplify the code and avoid a leak (git-fixes). - gpio/rockchip: add driver for rockchip gpio (bsc#1192217). - gpio/rockchip: drop irq_gc_lock/irq_gc_unlock for irq set type (bsc#1192217). - gpio/rockchip: extended debounce support is only available on v2 (bsc#1192217). - gpio/rockchip: fetch deferred output settings on probe (bsc#1192217). - gpio/rockchip: fix get_direction value handling (bsc#1192217). - gpio/rockchip: support next version gpio controller (bsc#1192217). - gpio/rockchip: use struct rockchip_gpio_regs for gpio controller (bsc#1192217). - HID: u2fzero: clarify error check and length calculations (git-fixes). - HID: u2fzero: properly handle timeouts in usb_submit_urb (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: do not stop queue in xmit (bsc#1192273 ltc#194629). - ibmvnic: Process crqs after enabling interrupts (bsc#1192273 ltc#194629). - iio: dac: ad5446: Fix ad5622_write() return value (git-fixes). - Input: elantench - fix misreporting trackpoint coordinates (bsc#1192918). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - mm/hugetlb: initialize hugetlb_usage in mm_init (bsc#1192906). - Move upstreamed sound fix into sorted section - net: dsa: felix: re-enable TX flow control in ocelot_port_flush() (git-fixes). - net: mscc: ocelot: fix hardware timestamp dequeue logic. - net: mscc: ocelot: warn when a PTP IRQ is raised for an unknown skb (git-fixes). - net/smc: Correct smc link connection counter in case of smc client (git-fixes). - net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work (git-fixes). - ocfs2: do not zero pages beyond i_size (bsc#1190795). - ocfs2: fix data corruption on truncate (bsc#1190795). - PCI: aardvark: Do not clear status bits of masked interrupts (git-fixes). - PCI: aardvark: Do not spam about PIO Response Status (git-fixes). - PCI: aardvark: Do not unmask unused interrupts (git-fixes). - PCI: aardvark: Fix checking for link up via LTSSM state (git-fixes). - PCI: aardvark: Fix reporting Data Link Layer Link Active (git-fixes). - PCI: aardvark: Fix return value of MSI domain .alloc() method (git-fixes). - PCI: aardvark: Read all 16-bits from PCIE_MSI_PAYLOAD_REG (git-fixes). - PCI/ACPI: Check for _OSC support in acpi_pci_osc_control_set() (bsc#1169263). - PCI/ACPI: Clarify message about _OSC failure (bsc#1169263). - PCI/ACPI: Move _OSC query checks to separate function (bsc#1169263). - PCI/ACPI: Move supported and control calculations to separate functions (bsc#1169263). - PCI/ACPI: Remove OSC_PCI_SUPPORT_MASKS and OSC_PCI_CONTROL_MASKS (bsc#1169263). - PCI/ACPI: Remove unnecessary osc_lock (bsc#1169263). - PCI: pci-bridge-emul: Fix emulation of W1C bits (git-fixes). - PCI: uniphier: Serialize INTx masking/unmasking and fix the bit operation (git-fixes). - pinctrl: core: fix possible memory leak in pinctrl_enable() (git-fixes). - pinctrl: pinctrl-rockchip: Fix a bunch of kerneldoc misdemeanours (bsc#1192217). - pinctrl/rockchip: add a queue for deferred pin output settings on probe (bsc#1192217). - pinctrl/rockchip: add pinctrl device to gpio bank struct (bsc#1192217). - pinctrl: rockchip: add rk3308 SoC support (bsc#1192217). - pinctrl: rockchip: add support for rk3568 (bsc#1192217). - pinctrl/rockchip: always enable clock for gpio controller (bsc#1192217). - pinctrl: rockchip: clear int status when driver probed (bsc#1192217). - pinctrl: rockchip: create irq mapping in gpio_to_irq (bsc#1192217). - pinctrl: rockchip: do coding style for mux route struct (bsc#1192217). - pinctrl/rockchip: drop the gpio related codes (bsc#1192217). - pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (bsc#1192217). - pinctrl: rockchip: make driver be tristate module (bsc#1192217). - pinctrl: rockchip: Replace HTTP links with HTTPS ones (bsc#1192217). - pinctrl: rockchip: return ENOMEM instead of EINVAL if allocation fails (bsc#1192217). - pinctrl/rockchip: separate struct rockchip_pin_bank to a head file (bsc#1192217). - power: supply: bq27xxx: Fix kernel crash on IRQ handler register error (git-fixes). - power: supply: max17042_battery: Prevent int underflow in set_soc_threshold (git-fixes). - power: supply: max17042_battery: use VFSOC for capacity when no rsns (git-fixes). - power: supply: rt5033-battery: Change voltage values to 5V (git-fixes). - printk/console: Allow to disable console output by using console='' or console=null (bsc#1192753). - printk: handle blank console arguments passed in (bsc#1192753). - qtnfmac: fix potential Spectre vulnerabilities (bsc#1192802). - r8152: add a helper function about setting EEE (git-fixes). - r8152: Add macpassthru support for ThinkPad Thunderbolt 3 Dock Gen 2 (git-fixes). - r8152: Disable PLA MCU clock speed down (git-fixes). - r8152: disable U2P3 for RTL8153B (git-fixes). - r8152: divide the tx and rx bottom functions (git-fixes). - r8152: do not enable U1U2 with USB_SPEED_HIGH for RTL8153B (git-fixes). - r8152: fix runtime resume for linking change (git-fixes). - r8152: replace array with linking list for rx information (git-fixes). - r8152: reset flow control patch when linking on for RTL8153B (git-fixes). - r8152: saving the settings of EEE (git-fixes). - r8152: separate the rx buffer size (git-fixes). - r8152: use alloc_pages for rx buffer (git-fixes). - random: fix crash on multiple early calls to add_bootloader_randomness() (bsc#1184924) - Revert 'ibmvnic: check failover_pending in login response' (bsc#1190523 ltc#194510). - Revert 'platform/x86: i2c-multi-instantiate: Do not create platform device for INT3515 ACPI nodes' (git-fixes). - Revert 'r8152: adjust the settings about MAC clock speed down for RTL8153' (git-fixes). - Revert 'scsi: ufs: fix a missing check of devm_reset_control_get' (git-fixes). - Revert 'x86/kvm: fix vcpu-id indexed array sizes' (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - s390/dasd: fix use after free in dasd path handling (git-fixes). - s390/pci: fix use after free of zpci_dev (git-fixes). - s390/pci: fix zpci_zdev_put() on reserve (git-fixes). - s390/qeth: fix deadlock during failing recovery (git-fixes). - s390/qeth: Fix deadlock in remove_discipline (git-fixes). - s390/qeth: fix NULL deref in qeth_clear_working_pool_list() (git-fixes). - s390/topology: clear thread/group maps for offline cpus (git-fixes). - scsi: be2iscsi: Fix an error handling path in beiscsi_dev_probe() (git-fixes). - scsi: BusLogic: Fix missing pr_cont() use (git-fixes). - scsi: core: Fix spelling in a source code comment (git-fixes). - scsi: csiostor: Add module softdep on cxgb4 (git-fixes). - scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (git-fixes). - scsi: dc395: Fix error case unwinding (git-fixes). - scsi: fdomain: Fix error return code in fdomain_probe() (git-fixes). - scsi: FlashPoint: Rename si_flags field (git-fixes). - scsi: iscsi: Fix iface sysfs attr detection (git-fixes). - scsi: libsas: Use _safe() loop in sas_resume_port() (git-fixes). - scsi: mpt3sas: Fix error return value in _scsih_expander_add() (git-fixes). - scsi: qedf: Add pointer checks in qedf_update_link_speed() (git-fixes). - scsi: qedf: Fix error codes in qedf_alloc_global_queues() (git-fixes). - scsi: qedi: Fix error codes in qedi_alloc_global_queues() (git-fixes). - scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() (git-fixes). - scsi: qla2xxx: Make sure that aborted commands are freed (git-fixes). - scsi: smartpqi: Fix an error code in pqi_get_raid_map() (git-fixes). - scsi: snic: Fix an error message (git-fixes). - scsi: ufs-pci: Add quirk for broken auto-hibernate for Intel EHL (git-fixes). - scsi: ufs: ufshcd-pltfrm: Fix memory leak due to probe defer (git-fixes). - serial: 8250_dw: Drop wrong use of ACPI_PTR() (git-fixes). - serial: xilinx_uartps: Fix race condition causing stuck TX (git-fixes). - staging: r8712u: fix control-message timeout (git-fixes). - staging: rtl8192u: fix control-message timeouts (git-fixes). - stmmac: platform: Fix signedness bug in stmmac_probe_config_dt() (git-fixes). - tracing: Increase PERF_MAX_TRACE_SIZE to handle Sentinel1 and docker together (bsc#1192745). - Update config files: Add CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set - Update config files: pull BPF configs together - usb: gadget: hid: fix error code in do_config() (git-fixes). - USB: iowarrior: fix control-message timeouts (git-fixes). - usb: max-3421: Use driver data instead of maintaining a list of bound devices (git-fixes). - usb: musb: Balance list entry in musb_gadget_queue (git-fixes). - USB: serial: keyspan: fix memleak on probe errors (git-fixes). - video: fbdev: chipsfb: use memset_io() instead of memset() (git-fixes). - x86/sme: Use #define USE_EARLY_PGTABLE_L5 in mem_encrypt_identity.c (bsc#1152489). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (git-fixes). - xen-pciback: Fix return in pm_ctrl_init() (git-fixes). - xen: Fix implicit type conversion (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3963-1 Released: Mon Dec 6 19:57:39 2021 Summary: Recommended update for system-users Type: recommended Severity: moderate References: 1190401 This update for system-users fixes the following issues: - system-user-tss.conf: Removed group entry because it's not needed and contained syntax errors (bsc#1190401) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3968-1 Released: Tue Dec 7 15:31:00 2021 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1191363,1192554,1192557,1192559,CVE-2021-28702,CVE-2021-28704,CVE-2021-28705,CVE-2021-28706,CVE-2021-28707,CVE-2021-28708,CVE-2021-28709 This update for xen fixes the following issues: - CVE-2021-28702: Fixed PCI devices with RMRRs not deassigned correctly (XSA-386) (bsc#1191363). - CVE-2021-28704, CVE-2021-28707, CVE-2021-28708: Fixed PoD operations on misaligned GFNs (XSA-388) (bsc#1192557). - CVE-2021-28705, CVE-2021-28709: Fixed issues with partially successful P2M updates on x86 (XSA-389) (bsc#1192559). - CVE-2021-28706: Fixed guests may exceed their designated memory limit (XSA-385) (bsc#1192554). - Update to Xen 4.14.3 bug fix release (bsc#1027519). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3985-1 Released: Fri Dec 10 06:08:24 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1187196 This update for suse-module-tools fixes the following issues: - Blacklist isst_if_mbox_msr driver because uses hardware information based on CPU family and model, which is too unspecific. On large systems, this causes a lot of failing loading attempts for this driver, leading to slow or even stalled boot (bsc#1187196) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4014-1 Released: Mon Dec 13 13:57:39 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191532,1191690 This update for apparmor fixes the following issues: Changes in apparmor: - Add a profile for 'samba-bgqd'. (bsc#1191532) - Fix 'Requires' of python3 module. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4104-1 Released: Thu Dec 16 11:14:12 2021 Summary: Security update for python3 Type: security Severity: moderate References: 1180125,1183374,1183858,1185588,1187668,1189241,1189287,CVE-2021-3426,CVE-2021-3733,CVE-2021-3737 This update for python3 fixes the following issues: - CVE-2021-3426: Fixed information disclosure via pydoc (bsc#1183374). - CVE-2021-3733: Fixed infinitely reading potential HTTP headers after a 100 Continue status response from the server (bsc#1189241). - CVE-2021-3737: Fixed ReDoS in urllib.request (bsc#1189287). - We do not require python-rpm-macros package (bsc#1180125). - Use versioned python-Sphinx to avoid dependency on other version of Python (bsc#1183858). - Stop providing 'python' symbol, which means python2 currently (bsc#1185588). - Modify Lib/ensurepip/__init__.py to contain the same version numbers as are in reality the ones in the bundled wheels (bsc#1187668). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4141-1 Released: Wed Dec 22 05:22:23 2021 Summary: Recommended update for dracut Type: recommended Severity: important References: 1193512 This update for dracut fixes the following issues: - Add iscsi-init.service requirements (bsc#1193512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4165-1 Released: Wed Dec 22 22:52:11 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1193430 This update for kmod fixes the following issues: - Ensure that kmod and packages linking to libkmod provide same features. (bsc#1193430) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4175-1 Released: Thu Dec 23 11:22:33 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1192423,1192858,1193759 This update for systemd fixes the following issues: - Bump the max number of inodes for /dev to a million (bsc#1192858) - sleep: don't skip resume device with low priority/available space (bsc#1192423) - test: use kbd-mode-map we ship in one more test case - test-keymap-util: always use kbd-model-map we ship - Add rules for virtual devices and enforce 'none' for loop devices. (bsc#1193759) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:12-1 Released: Mon Jan 3 15:36:03 2022 Summary: Recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff Type: recommended Severity: moderate References: This recommended update for cairo, jbigkit, libjpeg-turbo, libwebp, libxcb, openjpeg2, pixman, poppler, tiff provides the following fix: - Ship some missing binaries to PackageHub. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:21-1 Released: Tue Jan 4 16:06:08 2022 Summary: Security update for libvirt Type: security Severity: important References: 1191668,1192017,1193623,1193719,1193981,1194041,CVE-2021-4147 This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) The following package changes have been done: - augeas-lenses-1.10.1-3.3.1 updated - augeas-1.10.1-3.3.1 updated - curl-7.66.0-4.27.1 updated - file-5.32-7.14.1 updated - libapparmor1-2.13.6-3.8.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libhivex0-1.3.14-5.6.1 updated - libjpeg8-8.1.2-32.2.1 updated - libkmod2-29-4.15.1 updated - libnuma1-2.0.14.20.g4ee5e0c-10.1 updated - libpixman-1-0-0.34.0-7.2.1 updated - perl-Bootloader-0.936-3.3.1 updated - qemu-ipxe-1.0.0+-106.4 updated - qemu-seabios-1.14.0_0_g155821a-106.4 updated - qemu-sgabios-8-106.4 updated - qemu-vgabios-1.14.0_0_g155821a-106.4 updated - system-group-kvm-20170617-17.3.1 updated - xfsprogs-4.15.0-4.52.1 updated - libxcb1-1.13-3.7.1 updated - python3-base-3.6.15-10.9.1 updated - libmpath0-0.8.5+82+suse.746b76e-2.7.1 updated - xkeyboard-config-2.23.1-3.9.1 updated - system-user-qemu-20170617-17.3.1 updated - libpython3_6m1_0-3.6.15-10.9.1 updated - perl-Win-Hivex-1.3.14-5.6.1 updated - libpmem1-1.9-3.3.1 updated - xen-libs-4.14.3_04-3.15.1 updated - systemd-246.16-7.28.1 updated - suse-module-tools-15.3.15-3.17.1 updated - udev-246.16-7.28.1 updated - qemu-tools-5.2.0-106.4 updated - systemd-sysvinit-246.16-7.28.1 updated - libvirt-libs-7.1.0-6.11.1 updated - dracut-049.1+suse.218.gca24e614-3.48.3 updated - kmod-29-4.15.1 updated - util-linux-systemd-2.36.2-4.5.1 updated - kernel-kvmsmall-5.3.18-59.37.2 updated - dracut-fips-049.1+suse.218.gca24e614-3.48.3 updated - qemu-5.2.0-106.4 updated - qemu-x86-5.2.0-106.4 updated - python-rpm-macros-20200207.5feb6c1-3.11.1 removed From sle-updates at lists.suse.com Mon Jan 10 16:35:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 10 Jan 2022 17:35:18 +0100 (CET) Subject: SUSE-CU-2022:38-1: Security update of suse/sles/15.3/virt-operator Message-ID: <20220110163518.91164FF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.3/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:38-1 Container Tags : suse/sles/15.3/virt-operator:0.45.0 , suse/sles/15.3/virt-operator:0.45.0-8.7.1 , suse/sles/15.3/virt-operator:0.45.0.8.9.1 Container Release : 8.9.1 Severity : important Type : security References : 1190587 1190839 1193930 CVE-2021-43565 ----------------------------------------------------------------- The container suse/sles/15.3/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:40-1 Released: Mon Jan 10 10:45:12 2022 Summary: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Type: security Severity: important References: 1190587,1190839,1193930,CVE-2021-43565 This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) The following package changes have been done: - kubevirt-virt-operator-0.45.0-8.7.1 updated From sle-updates at lists.suse.com Tue Jan 11 11:17:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 12:17:42 +0100 (CET) Subject: SUSE-RU-2022:0047-1: moderate: Recommended update for wsmancli Message-ID: <20220111111742.47E8EFF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for wsmancli ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0047-1 Rating: moderate References: #1047218 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for wsmancli fixes the following issues: - Add patch to have fixed build date (bsc#1047218) - Version 2.6.0 - add '-L locale' flag to specify request-locale - Update to version 2.5.0 - 'wsman -h' exits with zero - properties and selectors are kept sorted (requires Openwsman 2.5 now) - use API to set properties - exit with non-zero code if connection fails - add man pages (Kent Baxley) - add '--non-interactive' option to prevent asking for credentials in scripts - don't crash on filter parse error - remove -Q (don't send request) option - complain about bad filter expression - fix autotools build for MacOS - adapt to reduced libu exposure in openwsman - openwsman C++ bindings need libwsman_clientpp-devel now - add wseventmgr - fix the default port setting to match wsmc_create() call. Use https (port 5986) when CA info is set. - in debug mode, dump the complete response XML if it can't be parsed - fix '--sslkey' handling - add warning if ssl used without --cacert - Enhance enumerate with association filter to have the ability to specify the optional elements Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-47=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-47=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): wsmancli-2.6.0-7.3.1 wsmancli-debuginfo-2.6.0-7.3.1 wsmancli-debugsource-2.6.0-7.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): wsmancli-2.6.0-7.3.1 wsmancli-debuginfo-2.6.0-7.3.1 wsmancli-debugsource-2.6.0-7.3.1 References: https://bugzilla.suse.com/1047218 From sle-updates at lists.suse.com Tue Jan 11 11:19:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 12:19:00 +0100 (CET) Subject: SUSE-SU-2022:0045-1: important: Security update for libvirt Message-ID: <20220111111900.9ECB4FF27@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0045-1 Rating: important References: #1183411 #1191668 #1192017 #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.0 SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that solves two vulnerabilities and has four fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-45=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-45=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-45=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-45=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-45=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-45=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-45=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-45=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-45=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-45=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Manager Server 4.1 (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 - SUSE Manager Server 4.1 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Manager Proxy 4.1 (x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Manager Proxy 4.1 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE Enterprise Storage 7 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE Enterprise Storage 7 (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): libvirt-6.0.0-13.24.1 libvirt-admin-6.0.0-13.24.1 libvirt-admin-debuginfo-6.0.0-13.24.1 libvirt-client-6.0.0-13.24.1 libvirt-client-debuginfo-6.0.0-13.24.1 libvirt-daemon-6.0.0-13.24.1 libvirt-daemon-config-network-6.0.0-13.24.1 libvirt-daemon-config-nwfilter-6.0.0-13.24.1 libvirt-daemon-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-interface-6.0.0-13.24.1 libvirt-daemon-driver-interface-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-lxc-6.0.0-13.24.1 libvirt-daemon-driver-lxc-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-network-6.0.0-13.24.1 libvirt-daemon-driver-network-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-6.0.0-13.24.1 libvirt-daemon-driver-nodedev-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-6.0.0-13.24.1 libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-qemu-6.0.0-13.24.1 libvirt-daemon-driver-qemu-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-secret-6.0.0-13.24.1 libvirt-daemon-driver-secret-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-6.0.0-13.24.1 libvirt-daemon-driver-storage-core-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-6.0.0-13.24.1 libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-6.0.0-13.24.1 libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-6.0.0-13.24.1 libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-6.0.0-13.24.1 libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-6.0.0-13.24.1 libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-13.24.1 libvirt-daemon-hooks-6.0.0-13.24.1 libvirt-daemon-lxc-6.0.0-13.24.1 libvirt-daemon-qemu-6.0.0-13.24.1 libvirt-debugsource-6.0.0-13.24.1 libvirt-devel-6.0.0-13.24.1 libvirt-libs-6.0.0-13.24.1 libvirt-libs-debuginfo-6.0.0-13.24.1 libvirt-lock-sanlock-6.0.0-13.24.1 libvirt-lock-sanlock-debuginfo-6.0.0-13.24.1 libvirt-nss-6.0.0-13.24.1 libvirt-nss-debuginfo-6.0.0-13.24.1 - SUSE CaaS Platform 4.5 (noarch): libvirt-bash-completion-6.0.0-13.24.1 libvirt-doc-6.0.0-13.24.1 - SUSE CaaS Platform 4.5 (x86_64): libvirt-daemon-driver-libxl-6.0.0-13.24.1 libvirt-daemon-driver-libxl-debuginfo-6.0.0-13.24.1 libvirt-daemon-xen-6.0.0-13.24.1 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1183411 https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1192017 https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Tue Jan 11 11:20:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 12:20:48 +0100 (CET) Subject: SUSE-RU-2022:0048-1: moderate: Recommended update for python3 Message-ID: <20220111112048.DBFFBFF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for python3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0048-1 Rating: moderate References: #1190566 #1192249 #1193179 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for python3 fixes the following issues: - Don't use OpenSSL 1.1 on platforms which don't have it. - Remove shebangs from python-base libraries in '_libdir'. (bsc#1193179, bsc#1192249). - Build against 'openssl 1.1' as it is incompatible with 'openssl 3.0+' (bsc#1190566) - Fix for permission error when changing the mtime of the source file in presence of 'SOURCE_DATE_EPOCH'. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-48=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-48=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): python3-core-debugsource-3.6.15-10.15.1 python3-tools-3.6.15-10.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-10.15.1 libpython3_6m1_0-debuginfo-3.6.15-10.15.1 python3-3.6.15-10.15.1 python3-base-3.6.15-10.15.1 python3-base-debuginfo-3.6.15-10.15.1 python3-core-debugsource-3.6.15-10.15.1 python3-curses-3.6.15-10.15.1 python3-curses-debuginfo-3.6.15-10.15.1 python3-dbm-3.6.15-10.15.1 python3-dbm-debuginfo-3.6.15-10.15.1 python3-debuginfo-3.6.15-10.15.1 python3-debugsource-3.6.15-10.15.1 python3-devel-3.6.15-10.15.1 python3-devel-debuginfo-3.6.15-10.15.1 python3-idle-3.6.15-10.15.1 python3-tk-3.6.15-10.15.1 python3-tk-debuginfo-3.6.15-10.15.1 References: https://bugzilla.suse.com/1190566 https://bugzilla.suse.com/1192249 https://bugzilla.suse.com/1193179 From sle-updates at lists.suse.com Tue Jan 11 11:23:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 12:23:34 +0100 (CET) Subject: SUSE-RU-2022:0046-1: moderate: Recommended update for java-1_8_0-openjdk Message-ID: <20220111112334.E42A5FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-1_8_0-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0046-1 Rating: moderate References: #1193314 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP2 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-1_8_0-openjdk fixes the following issues: - When system crypto policy files are not available, use the information from the java.security file that we distribute with OpenJDK as a fallback. (bsc#1193314) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-46=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-46=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-46=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-46=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-46=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-46=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP2: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2022-46=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-46=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le s390x x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-openjdk-1.8.0.312-3.61.3 java-1_8_0-openjdk-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-debugsource-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-1.8.0.312-3.61.3 java-1_8_0-openjdk-demo-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-1.8.0.312-3.61.3 java-1_8_0-openjdk-devel-debuginfo-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-1.8.0.312-3.61.3 java-1_8_0-openjdk-headless-debuginfo-1.8.0.312-3.61.3 References: https://bugzilla.suse.com/1193314 From sle-updates at lists.suse.com Tue Jan 11 11:24:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 12:24:54 +0100 (CET) Subject: SUSE-RU-2022:0049-1: moderate: Recommended update for apparmor Message-ID: <20220111112454.AEDDBFF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for apparmor ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0049-1 Rating: moderate References: #1191690 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-49=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-49=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-49=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-49=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-49=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-49=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-49=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-49=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-49=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-49=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server for SAP 15 (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise Server 15-LTSS (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 - SUSE Enterprise Storage 6 (x86_64): libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 - SUSE Enterprise Storage 6 (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE CaaS Platform 4.0 (noarch): apparmor-abstractions-2.12.3-7.25.3 apparmor-docs-2.12.3-7.25.3 apparmor-parser-lang-2.12.3-7.25.3 apparmor-profiles-2.12.3-7.25.3 apparmor-utils-2.12.3-7.25.3 apparmor-utils-lang-2.12.3-7.25.3 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_apparmor-2.12.3-7.25.3 apache2-mod_apparmor-debuginfo-2.12.3-7.25.3 apparmor-debugsource-2.12.3-7.25.3 apparmor-parser-2.12.3-7.25.3 apparmor-parser-debuginfo-2.12.3-7.25.3 libapparmor-debugsource-2.12.3-7.25.2 libapparmor-devel-2.12.3-7.25.2 libapparmor1-2.12.3-7.25.2 libapparmor1-32bit-2.12.3-7.25.2 libapparmor1-32bit-debuginfo-2.12.3-7.25.2 libapparmor1-debuginfo-2.12.3-7.25.2 pam_apparmor-2.12.3-7.25.3 pam_apparmor-32bit-2.12.3-7.25.3 pam_apparmor-32bit-debuginfo-2.12.3-7.25.3 pam_apparmor-debuginfo-2.12.3-7.25.3 perl-apparmor-2.12.3-7.25.3 perl-apparmor-debuginfo-2.12.3-7.25.3 python3-apparmor-2.12.3-7.25.3 python3-apparmor-debuginfo-2.12.3-7.25.3 References: https://bugzilla.suse.com/1191690 From sle-updates at lists.suse.com Tue Jan 11 11:26:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 12:26:09 +0100 (CET) Subject: SUSE-SU-2022:0043-1: moderate: Security update for systemd Message-ID: <20220111112609.8ED33FF27@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0043-1 Rating: moderate References: #1178561 #1190515 #1194178 Cross-References: CVE-2021-3997 CVSS scores: CVE-2021-3997 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-43=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-43=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-7.33.1 libsystemd0-debuginfo-246.16-7.33.1 libudev1-246.16-7.33.1 libudev1-debuginfo-246.16-7.33.1 systemd-246.16-7.33.1 systemd-container-246.16-7.33.1 systemd-container-debuginfo-246.16-7.33.1 systemd-debuginfo-246.16-7.33.1 systemd-debugsource-246.16-7.33.1 systemd-journal-remote-246.16-7.33.1 systemd-journal-remote-debuginfo-246.16-7.33.1 systemd-sysvinit-246.16-7.33.1 udev-246.16-7.33.1 udev-debuginfo-246.16-7.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-7.33.1 libsystemd0-debuginfo-246.16-7.33.1 libudev-devel-246.16-7.33.1 libudev1-246.16-7.33.1 libudev1-debuginfo-246.16-7.33.1 systemd-246.16-7.33.1 systemd-container-246.16-7.33.1 systemd-container-debuginfo-246.16-7.33.1 systemd-coredump-246.16-7.33.1 systemd-coredump-debuginfo-246.16-7.33.1 systemd-debuginfo-246.16-7.33.1 systemd-debugsource-246.16-7.33.1 systemd-devel-246.16-7.33.1 systemd-doc-246.16-7.33.1 systemd-journal-remote-246.16-7.33.1 systemd-journal-remote-debuginfo-246.16-7.33.1 systemd-sysvinit-246.16-7.33.1 udev-246.16-7.33.1 udev-debuginfo-246.16-7.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-7.33.1 libsystemd0-32bit-debuginfo-246.16-7.33.1 libudev1-32bit-246.16-7.33.1 libudev1-32bit-debuginfo-246.16-7.33.1 systemd-32bit-246.16-7.33.1 systemd-32bit-debuginfo-246.16-7.33.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-7.33.1 References: https://www.suse.com/security/cve/CVE-2021-3997.html https://bugzilla.suse.com/1178561 https://bugzilla.suse.com/1190515 https://bugzilla.suse.com/1194178 From sle-updates at lists.suse.com Tue Jan 11 14:17:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 15:17:30 +0100 (CET) Subject: SUSE-SU-2022:0052-1: important: Security update for libsndfile Message-ID: <20220111141730.928C1FF27@maintenance.suse.de> SUSE Security Update: Security update for libsndfile ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0052-1 Rating: important References: #1194006 Cross-References: CVE-2021-4156 CVSS scores: CVE-2021-4156 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 7 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.5 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libsndfile fixes the following issues: - CVE-2021-4156: Fixed heap buffer overflow in flac_buffer_copy that could potentially lead to heap exploitation (bsc#1194006). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-52=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-52=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-52=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-52=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-52=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-52=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-52=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-52=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-52=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-52=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-52=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-52=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-52=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-52=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-52=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-52=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-52=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-52=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-52=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-52=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-52=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Manager Proxy 4.1 (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile1-32bit-1.0.28-5.15.1 libsndfile1-32bit-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 - SUSE CaaS Platform 4.0 (x86_64): libsndfile-debugsource-1.0.28-5.15.1 libsndfile-devel-1.0.28-5.15.1 libsndfile1-1.0.28-5.15.1 libsndfile1-debuginfo-1.0.28-5.15.1 References: https://www.suse.com/security/cve/CVE-2021-4156.html https://bugzilla.suse.com/1194006 From sle-updates at lists.suse.com Tue Jan 11 14:20:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 15:20:07 +0100 (CET) Subject: SUSE-SU-2022:0050-1: important: Security update for net-snmp Message-ID: <20220111142007.6A060FF27@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0050-1 Rating: important References: #1027353 #1081164 #1102775 #1108471 #1111122 #1116807 #1140341 #1145864 #1152968 #1174961 #1178021 #1178351 #1179009 #1179699 #1181591 SLE-6120 Cross-References: CVE-2018-18065 CVE-2020-15862 CVSS scores: CVE-2018-18065 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-18065 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-15862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-15862 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has 13 fixes is now available. Description: This update for net-snmp fixes the following issues: - CVE-2020-15862: Make extended MIB read-only (bsc#1174961) - CVE-2018-18065: Fix remote DoS in agent/helpers/table.c (bsc#1111122) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-50=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-50=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-50=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-50=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-50=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-50=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-50=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-50=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libsnmp30-32bit-5.7.3-10.9.1 libsnmp30-32bit-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 - SUSE CaaS Platform 4.0 (x86_64): libsnmp30-5.7.3-10.9.1 libsnmp30-debuginfo-5.7.3-10.9.1 net-snmp-5.7.3-10.9.1 net-snmp-debuginfo-5.7.3-10.9.1 net-snmp-debugsource-5.7.3-10.9.1 net-snmp-devel-5.7.3-10.9.1 perl-SNMP-5.7.3-10.9.1 perl-SNMP-debuginfo-5.7.3-10.9.1 snmp-mibs-5.7.3-10.9.1 References: https://www.suse.com/security/cve/CVE-2018-18065.html https://www.suse.com/security/cve/CVE-2020-15862.html https://bugzilla.suse.com/1027353 https://bugzilla.suse.com/1081164 https://bugzilla.suse.com/1102775 https://bugzilla.suse.com/1108471 https://bugzilla.suse.com/1111122 https://bugzilla.suse.com/1116807 https://bugzilla.suse.com/1140341 https://bugzilla.suse.com/1145864 https://bugzilla.suse.com/1152968 https://bugzilla.suse.com/1174961 https://bugzilla.suse.com/1178021 https://bugzilla.suse.com/1178351 https://bugzilla.suse.com/1179009 https://bugzilla.suse.com/1179699 https://bugzilla.suse.com/1181591 From sle-updates at lists.suse.com Tue Jan 11 17:16:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 18:16:51 +0100 (CET) Subject: SUSE-RU-2022:0054-1: moderate: Recommended update for ceph-salt Message-ID: <20220111171651.34239FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0054-1 Rating: moderate References: #1187015 #1188079 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ceph-salt fixes the following issues: - Log SSH commands - Move ceph-salt-registry-json creation to container.sls (bsc#1187015) - Use cephadm registry-login --registry-json - Rely on cephadm package for cephadm user creation (bsc#1188079) - Fix broken cephadm link. - Add source dir as real directory to fake fs Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-54=1 Package List: - SUSE Enterprise Storage 7 (noarch): ceph-salt-15.2.16+1638177989.g512a7ee-3.6.1 ceph-salt-formula-15.2.16+1638177989.g512a7ee-3.6.1 References: https://bugzilla.suse.com/1187015 https://bugzilla.suse.com/1188079 From sle-updates at lists.suse.com Tue Jan 11 17:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 18:19:22 +0100 (CET) Subject: SUSE-RU-2022:0055-1: moderate: Recommended update for rsyslog Message-ID: <20220111171922.A7EF0FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0055-1 Rating: moderate References: #1029961 #1160414 #1178490 #1182653 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rsyslog fixes the following issues: - Upgrade to rsyslog 8.2106.0: * The prime new feature is support for TLS and non-TLS connections via imtcp in parallel. Furthermore, most TLS parameters can now be overriden at the input() level. The notable exceptions are certificate files, something that is due to be implemented as next step. * New global option "parser.supportCompressionExtension" This permits to turn off rsyslog's single-message compression extension when it interferes with non-syslog message processing (the parser subsystem expects syslog messages, not generic text) closes https://github.com/rsyslog/rsyslog/issues/4598 * imtcp: add more override config params to input() It is now possible to override all module parameters at the input() level. Module parameters serve as defaults. Existing configs need no modification. * imtcp: add stream driver parameter to input() configuration This permits to have different inputs use different stream drivers and stream driver parameters. * imtcp: permit to run multiple inputs in parallel Previously, a single server was used to run all imtcp inputs. This had a couple of drawsbacks. First and foremost, we could not use different stream drivers in the varios inputs. This patch now provides a baseline to do that, but does still not implement the capability (in this sense it is a staging patch). Secondly, we now ensure that each input has at least one exclusive thread for processing, untangling the performance of multiple inputs from each other. * tcpsrv bugfix: potential sluggishnes and hang on shutdown tcpsrv is used by multiple other modules (imtcp, imdiag, imgssapi, and, in theory, also others - even ones we do not know about). However, the internal synchornization did not properly take multiple tcpsrv users in consideration. As such, a single user could hang under some circumstances. This was caused by improperly awaking all users from a pthread condition wait. That in turn could lead to some sluggish behaviour and, in rare cases, a hang at shutdown. Note: it was highly unlikely to experience real problems with the officially provided modules. * refactoring of syslog/tcp driver parameter passing This has now been generalized to a parameter block, which makes it much cleaner and also easier to add new parameters in the future. * config script: add re_match_i() and re_extract_i() functions This provides case-insensitive regex functionality. - Upgrade to rsyslog 8.2104.0: * rainerscript: call getgrnam_r repeatedly to get all group members (bsc#1178490) * new built-in function get_property() to access property vars * mmdblookup: add support for mmdb DB reload on HUP * new contributed function module fmunflatten * test bugfix: some tests did not work with newer TLS library versions - Update 'remote.conf' example file to new 'Address' and 'Port' notation. (bsc#1182653) - Upgrade to rsyslog 8.2102.0: * omfwd: add stats counter for sent bytes * omfwd: add error reporting configuration option * action stats counter bugfix: failure count was not properly incremented * action stats counter bugfix: resume count was not incremented * omfwd bugfix: segfault or error if port not given * lookup table bugfix: data race on lookup table reload * testbench modernization * testbench: fix invalid sequence of kafka tests runs * testbench: fix kafkacat issues * testbench: fix year-dependendt clickhouse test - Upgrade to rsyslog 8.2012.0: * testbench bugfix: some tests did not work in make distcheck * immark: rewrite with many improvements * usability: re-phrase error message to help users better understand cause * add new system property $now-unixtimestamp * omfwd: add new rate limit option * omfwd bug: param "StreamDriver.PermitExpiredCerts" is not "off" by default - prepare usrmerge (bsc#1029961) - remove legacy stuff from specfile * sysvinit is not supported anymore, so remove all tests related to systemv in the specfile - Upgrade to rsyslog 8.2010.0: * gnutls TLS subsystem bugfix: handshake error handling * core/msg bugfix: memory leak * core/msg bugfix: segfault in jsonPathFindNext() when not an object * openssl TLS subsystem: improvments of error and status messages * core bugfix: do not create empty JSON objects on non-existent key access * gnutls subsysem bugfix: potential hang on session closure * core/network bugfix: obey net.enableDNS=off when querying local hostname * core bugfix: potential segfault on query of PROGRAMNAME property * imtcp bugfix: broken connection not necessariy detected * new module: imhttp - http input * mmdarwin bugfix: potential zero uuid when reusing existing one * imdocker bugfix: build issue on some platforms * omudpspoof bugfix: make compatbile with Solaris build * testbench fix: python 3 incompatibility * core bugfix: segfault if disk-queue file cannot be created * cosmetic: fix dummy module name in debug output * config bugfix: intended warning emitted as error - Upgrade to rsyslog 8.2008.0 - Added custom unit file rsyslog.service because systemd service file was removed from upstream project - Use systemd_ordering instead of requiring to make rsyslog useable in containers. - Fix the URL for bug reporting, should not point to 'novell.com'. (bsc#1173433) - Add support for 'omkafka'. - Avoid build error with gcc flag '-fno-common'. (bsc#1160414) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-55=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2022-55=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-55=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-55=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-4.13.1 rsyslog-debugsource-8.2106.0-4.13.1 rsyslog-module-gssapi-8.2106.0-4.13.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.13.1 rsyslog-module-gtls-8.2106.0-4.13.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.13.1 rsyslog-module-mmnormalize-8.2106.0-4.13.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.13.1 rsyslog-module-mysql-8.2106.0-4.13.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.13.1 rsyslog-module-pgsql-8.2106.0-4.13.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.13.1 rsyslog-module-relp-8.2106.0-4.13.1 rsyslog-module-relp-debuginfo-8.2106.0-4.13.1 rsyslog-module-snmp-8.2106.0-4.13.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-4.13.1 rsyslog-debugsource-8.2106.0-4.13.1 rsyslog-module-gssapi-8.2106.0-4.13.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.13.1 rsyslog-module-gtls-8.2106.0-4.13.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.13.1 rsyslog-module-mmnormalize-8.2106.0-4.13.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.13.1 rsyslog-module-mysql-8.2106.0-4.13.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.13.1 rsyslog-module-pgsql-8.2106.0-4.13.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.13.1 rsyslog-module-relp-8.2106.0-4.13.1 rsyslog-module-relp-debuginfo-8.2106.0-4.13.1 rsyslog-module-snmp-8.2106.0-4.13.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.8.1 librdkafka-devel-0.11.6-1.8.1 librdkafka1-0.11.6-1.8.1 librdkafka1-debuginfo-0.11.6-1.8.1 rsyslog-8.2106.0-4.13.1 rsyslog-debuginfo-8.2106.0-4.13.1 rsyslog-debugsource-8.2106.0-4.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): librdkafka-debugsource-0.11.6-1.8.1 librdkafka-devel-0.11.6-1.8.1 librdkafka1-0.11.6-1.8.1 librdkafka1-debuginfo-0.11.6-1.8.1 rsyslog-8.2106.0-4.13.1 rsyslog-debuginfo-8.2106.0-4.13.1 rsyslog-debugsource-8.2106.0-4.13.1 References: https://bugzilla.suse.com/1029961 https://bugzilla.suse.com/1160414 https://bugzilla.suse.com/1178490 https://bugzilla.suse.com/1182653 From sle-updates at lists.suse.com Tue Jan 11 17:20:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 18:20:57 +0100 (CET) Subject: SUSE-RU-2022:0053-1: moderate: Recommended update for rmt-server Message-ID: <20220111172057.D2A0CFF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0053-1 Rating: moderate References: #1176628 #1188043 #1189805 #951189 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for rmt-server fixes the following issues: - Version 2.7.0 - Allow to validate all versions when they are of the same product and arch. - De-register BYOS systems using RMT as a proxy from SCC. - De-activate a single product from a BYOS proxy system. - Add the handling of the BYOS systems that use RMT as a SCC proxy. - Add subscription support in RMT. RMT can now consume registration codes supplied when registering a system. - Add host's login header to API requests to SCC. If the information is available, RMT will send it on requests to attach the registration proxy to a host system in SCC. - Add extra check to product dependency on RMT API. Now, when a system tries to activate a module through RMT, if it requires a root product which is not activated, the activation will fail (bsc#951189). - Load global configuration only if it can be ready by the current process. - Handle special characters in package names (bsc#1189805) - Add release_stage to all api endpoints to allow external programm determine product stage. (bsc#1176628) - Fix broken links (bsc#1188043) - Additional debug output for mirroring subcommand with '--debug' flag. - Update translations. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-53=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-53=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-53=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-53=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-53=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-53=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-53=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.7.0-3.33.1 rmt-server-pubcloud-2.7.0-3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 - SUSE CaaS Platform 4.0 (x86_64): rmt-server-2.7.0-3.33.1 rmt-server-config-2.7.0-3.33.1 rmt-server-debuginfo-2.7.0-3.33.1 References: https://bugzilla.suse.com/1176628 https://bugzilla.suse.com/1188043 https://bugzilla.suse.com/1189805 https://bugzilla.suse.com/951189 From sle-updates at lists.suse.com Tue Jan 11 20:24:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 11 Jan 2022 21:24:42 +0100 (CET) Subject: SUSE-SU-2022:0056-1: important: Security update for the Linux Kernel Message-ID: <20220111202442.EF1FBFF29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0056-1 Rating: important References: #1139944 #1151927 #1152489 #1153275 #1154353 #1154355 #1161907 #1164565 #1166780 #1169514 #1176242 #1176447 #1176536 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176774 #1176940 #1176956 #1177440 #1178134 #1178270 #1179211 #1179424 #1179426 #1179427 #1179599 #1181148 #1181507 #1181710 #1182404 #1183534 #1183540 #1183897 #1184318 #1185726 #1185902 #1186332 #1187541 #1189126 #1189158 #1191793 #1191876 #1192267 #1192320 #1192507 #1192511 #1192569 #1192606 #1192691 #1192845 #1192847 #1192874 #1192877 #1192946 #1192969 #1192987 #1192990 #1192998 #1193002 #1193042 #1193139 #1193169 #1193306 #1193318 #1193349 #1193440 #1193442 #1193655 #1193993 #1194087 #1194094 #1194266 Cross-References: CVE-2020-24504 CVE-2020-27820 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4001 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2020-24504 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-24504 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4001 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities and has 62 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bnc#1192877) The following non-security bugs were fixed: - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert "mm: qsd8x50: Fix incorrect permission faults" (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can at 0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: mt7623: add missing pause for switchport (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - Bluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix "no previous prototype" warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: Assign boolean values to a bool variable (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not set ->i_mode of something we had not created (bsc#1192606). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix atime update check vs mtime (bsc#1164565). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: Fix data inconsistent when punch hole (bsc#1176544). - cifs: Fix data inconsistent when zero file range (bsc#1176536). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix double-put on late allocation failure (bsc#1192606). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix gcc warning in sid_to_id (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix misspellings using codespell tool (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: Fix preauth hash corruption (git-fixes). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: Fix resource leak (bsc#1192606). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: Fix unix perm bits to cifsacl conversion for "other" bits (bsc#1192606). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle "guest" mount parameter (bsc#1192606). - cifs: handle "nolease" option for vers=1.0 (bsc#1192606). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle ERRBaduid for SMB1 (bsc#1192606). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: Handle witness client move notification (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Initialize filesystem timestamp ranges (bsc#1164565). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: Make SMB2_notify_init static (bsc#1164565). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - cifs: New optype for session operations (bsc#1181507). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: Remove repeated struct declaration (bsc#1192606). - cifs: Remove set but not used variable 'capabilities' (bsc#1164565). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: Remove the superfluous break (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: Remove unnecessary struct declaration (bsc#1192606). - cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: Remove useless variable (bsc#1192606). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify bool comparison (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: Standardize logging output (bsc#1192606). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: use true,false for bool variable (bsc#1164565). - cifs: use true,false for bool variable (bsc#1164565). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dm: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: extend r10bio devs to raid disks (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - md: improve discard request for far layout (bsc#1192320). - md: improve raid10 discard request (bsc#1192320). - md: initialize r10_bio->read_slot before use (bsc#1192320). - md: pull the code that wait for blocked dev into one function (bsc#1192320). - md: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - mdio: aspeed: Fix "Link is Down" issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - NFS: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nvme: add NO APST quirk for Kioxia device (git-fixes). - nvme: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - Pass consistent param->type to fs_parse() (bsc#1192606). [ ematsumiya: - drop the case fs_param_is_fd - leave .has_value in fs_parse_result so it does not break kabi - still set .has_value in fs_parse() for real kabi compatibility ] - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390: mm: Fix secure storage access exception handling (git-fixes). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: Add new parm "nodelete" (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in "open on server" perf counter (bnc#1151927 5.3.4). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: Fix regression in time handling (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ("seal") (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for "SWAPPER" tasks (bsc#1191876). - supported.conf: add pwm-rockchip References: jsc#SLE-22615 - swiotlb-xen: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - update structure definitions from updated protocol documentation (bsc#1192606). - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-56=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-38.34.1 kernel-azure-debuginfo-5.3.18-38.34.1 kernel-azure-debugsource-5.3.18-38.34.1 kernel-azure-devel-5.3.18-38.34.1 kernel-azure-devel-debuginfo-5.3.18-38.34.1 kernel-syms-azure-5.3.18-38.34.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-38.34.1 kernel-source-azure-5.3.18-38.34.1 References: https://www.suse.com/security/cve/CVE-2020-24504.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-4001.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153275 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154355 https://bugzilla.suse.com/1161907 https://bugzilla.suse.com/1164565 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177440 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181710 https://bugzilla.suse.com/1182404 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184318 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186332 https://bugzilla.suse.com/1187541 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189158 https://bugzilla.suse.com/1191793 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192320 https://bugzilla.suse.com/1192507 https://bugzilla.suse.com/1192511 https://bugzilla.suse.com/1192569 https://bugzilla.suse.com/1192606 https://bugzilla.suse.com/1192691 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192874 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192969 https://bugzilla.suse.com/1192987 https://bugzilla.suse.com/1192990 https://bugzilla.suse.com/1192998 https://bugzilla.suse.com/1193002 https://bugzilla.suse.com/1193042 https://bugzilla.suse.com/1193139 https://bugzilla.suse.com/1193169 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193349 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193655 https://bugzilla.suse.com/1193993 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 https://bugzilla.suse.com/1194266 From sle-updates at lists.suse.com Wed Jan 12 07:33:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 08:33:49 +0100 (CET) Subject: SUSE-CU-2022:39-1: Security update of suse/sle15 Message-ID: <20220112073349.36963FF27@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:39-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.57 Container Release : 17.8.57 Severity : moderate Type : security References : 1178561 1190515 1194178 CVE-2021-3997 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:43-1 Released: Tue Jan 11 08:50:13 2022 Summary: Security update for systemd Type: security Severity: moderate References: 1178561,1190515,1194178,CVE-2021-3997 This update for systemd fixes the following issues: - CVE-2021-3997: Fixed an uncontrolled recursion in systemd's systemd-tmpfiles which could cause a minor denial of service. (bsc#1194178) The following package changes have been done: - libsystemd0-246.16-7.33.1 updated - libudev1-246.16-7.33.1 updated From sle-updates at lists.suse.com Wed Jan 12 11:16:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 12:16:53 +0100 (CET) Subject: SUSE-RU-2022:0057-1: moderate: Recommended update for libzypp Message-ID: <20220112111653.83EF0FF27@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0057-1 Rating: moderate References: #1193488 #954813 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-57=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-57=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-57=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-57=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-57=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-57=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-57=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libzypp-17.29.0-3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 - SUSE CaaS Platform 4.0 (x86_64): libzypp-17.29.0-3.64.1 libzypp-debuginfo-17.29.0-3.64.1 libzypp-debugsource-17.29.0-3.64.1 libzypp-devel-17.29.0-3.64.1 References: https://bugzilla.suse.com/1193488 https://bugzilla.suse.com/954813 From sle-updates at lists.suse.com Wed Jan 12 14:16:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 15:16:39 +0100 (CET) Subject: SUSE-SU-2022:0058-1: important: Security update for MozillaThunderbird Message-ID: <20220112141639.F0050FF27@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0058-1 Rating: important References: #1194020 #1194215 Cross-References: CVE-2021-4126 CVE-2021-44538 CVSS scores: CVE-2021-4126 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-44538 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Mozilla Thunderbird 91.4.1 - CVE-2021-4126: OpenPGP signature status doesn't consider additional message content. (bsc#1194215) - CVE-2021-44538: Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. (bsc#1194020) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-58=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.4.1-8.48.1 MozillaThunderbird-debuginfo-91.4.1-8.48.1 MozillaThunderbird-debugsource-91.4.1-8.48.1 MozillaThunderbird-translations-common-91.4.1-8.48.1 MozillaThunderbird-translations-other-91.4.1-8.48.1 References: https://www.suse.com/security/cve/CVE-2021-4126.html https://www.suse.com/security/cve/CVE-2021-44538.html https://bugzilla.suse.com/1194020 https://bugzilla.suse.com/1194215 From sle-updates at lists.suse.com Wed Jan 12 17:17:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 18:17:31 +0100 (CET) Subject: SUSE-SU-2022:0062-1: important: Security update for openexr Message-ID: <20220112171731.C330AFF27@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0062-1 Rating: important References: #1194333 Cross-References: CVE-2021-45942 CVSS scores: CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-62=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libIlmImf-2_2-23-2.2.1-3.41.1 libIlmImf-2_2-23-debuginfo-2.2.1-3.41.1 libIlmImfUtil-2_2-23-2.2.1-3.41.1 libIlmImfUtil-2_2-23-debuginfo-2.2.1-3.41.1 openexr-debuginfo-2.2.1-3.41.1 openexr-debugsource-2.2.1-3.41.1 openexr-devel-2.2.1-3.41.1 References: https://www.suse.com/security/cve/CVE-2021-45942.html https://bugzilla.suse.com/1194333 From sle-updates at lists.suse.com Wed Jan 12 17:18:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 18:18:43 +0100 (CET) Subject: SUSE-SU-2022:0060-1: moderate: Security update for python36-pip Message-ID: <20220112171843.BFF3FFF27@maintenance.suse.de> SUSE Security Update: Security update for python36-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0060-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python36-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-60=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python36-pip-20.2.4-8.9.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Wed Jan 12 17:19:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 18:19:55 +0100 (CET) Subject: SUSE-SU-2022:0061-1: important: Security update for openexr Message-ID: <20220112171955.A361EFF27@maintenance.suse.de> SUSE Security Update: Security update for openexr ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0061-1 Rating: important References: #1194333 Cross-References: CVE-2021-45942 CVSS scores: CVE-2021-45942 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openexr fixes the following issues: - CVE-2021-45942: Fixed heap-based buffer overflow in Imf_3_1:LineCompositeTask:execute. (bsc#1194333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-61=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-61=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-61=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libIlmImf-Imf_2_1-21-32bit-2.1.0-6.45.1 libIlmImf-Imf_2_1-21-debuginfo-32bit-2.1.0-6.45.1 openexr-debugsource-2.1.0-6.45.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): openexr-debuginfo-2.1.0-6.45.1 openexr-debugsource-2.1.0-6.45.1 openexr-devel-2.1.0-6.45.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libIlmImf-Imf_2_1-21-2.1.0-6.45.1 libIlmImf-Imf_2_1-21-debuginfo-2.1.0-6.45.1 openexr-2.1.0-6.45.1 openexr-debuginfo-2.1.0-6.45.1 openexr-debugsource-2.1.0-6.45.1 References: https://www.suse.com/security/cve/CVE-2021-45942.html https://bugzilla.suse.com/1194333 From sle-updates at lists.suse.com Wed Jan 12 20:17:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 21:17:07 +0100 (CET) Subject: SUSE-RU-2021:4173-2: important: Recommended update for samba Message-ID: <20220112201707.309B7FF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2021:4173-2 Rating: important References: #1192849 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for samba fixes the following issues: The username map advice from the CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails (bsc#1192849). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2022-63=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-63=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.11.14+git.313.d4e302805e1-4.32.1 samba-ad-dc-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-samr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard-devel-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi-devel-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy-python3-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-policy0-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap-devel-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util-devel-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient-devel-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-4.11.14+git.313.d4e302805e1-4.32.1 samba-client-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-core-devel-4.11.14+git.313.d4e302805e1-4.32.1 samba-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-debugsource-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-4.11.14+git.313.d4e302805e1-4.32.1 samba-dsdb-modules-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-4.11.14+git.313.d4e302805e1-4.32.1 samba-python3-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64): samba-ceph-4.11.14+git.313.d4e302805e1-4.32.1 samba-ceph-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libdcerpc0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr-standard0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libndr0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libnetapi0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamba-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsamdb0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbconf0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libsmbldap2-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libtevent-util0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-4.11.14+git.313.d4e302805e1-4.32.1 libwbclient0-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-libs-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-4.11.14+git.313.d4e302805e1-4.32.1 samba-winbind-32bit-debuginfo-4.11.14+git.313.d4e302805e1-4.32.1 References: https://www.suse.com/security/cve/CVE-2020-25717.html https://bugzilla.suse.com/1192849 From sle-updates at lists.suse.com Wed Jan 12 20:18:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 21:18:19 +0100 (CET) Subject: SUSE-SU-2022:0064-1: moderate: Security update for python39-pip Message-ID: <20220112201819.8EA2EFF29@maintenance.suse.de> SUSE Security Update: Security update for python39-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0064-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python39-pip fixes the following issues: - CVE-2021-3572: Fixed incorrect handling of unicode separators in git references (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-64=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python39-pip-20.2.4-7.8.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Wed Jan 12 20:19:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 12 Jan 2022 21:19:32 +0100 (CET) Subject: SUSE-SU-2022:0065-1: important: Security update for apache2 Message-ID: <20220112201932.CDC6EFF29@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0065-1 Rating: important References: #1193942 #1193943 Cross-References: CVE-2021-44224 CVE-2021-44790 CVSS scores: CVE-2021-44224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44790 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-65=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-65=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-65=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-65=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-65=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-65=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-65=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-65=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-65=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-65=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-65=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.83.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): apache2-doc-2.4.23-29.83.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.83.1 - SUSE OpenStack Cloud 8 (noarch): apache2-doc-2.4.23-29.83.1 - SUSE OpenStack Cloud 8 (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): apache2-doc-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): apache2-doc-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): apache2-doc-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.83.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - HPE Helion Openstack 8 (x86_64): apache2-2.4.23-29.83.1 apache2-debuginfo-2.4.23-29.83.1 apache2-debugsource-2.4.23-29.83.1 apache2-example-pages-2.4.23-29.83.1 apache2-prefork-2.4.23-29.83.1 apache2-prefork-debuginfo-2.4.23-29.83.1 apache2-utils-2.4.23-29.83.1 apache2-utils-debuginfo-2.4.23-29.83.1 apache2-worker-2.4.23-29.83.1 apache2-worker-debuginfo-2.4.23-29.83.1 - HPE Helion Openstack 8 (noarch): apache2-doc-2.4.23-29.83.1 References: https://www.suse.com/security/cve/CVE-2021-44224.html https://www.suse.com/security/cve/CVE-2021-44790.html https://bugzilla.suse.com/1193942 https://bugzilla.suse.com/1193943 From sle-updates at lists.suse.com Thu Jan 13 07:59:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 08:59:36 +0100 (CET) Subject: SUSE-CU-2022:41-1: Recommended update of suse/sle15 Message-ID: <20220113075936.A8544FF29@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:41-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.556 Container Release : 6.2.556 Severity : moderate Type : recommended References : 1193488 954813 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:57-1 Released: Wed Jan 12 07:10:42 2022 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1193488,954813 This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData The following package changes have been done: - libzypp-17.29.0-3.64.1 updated From sle-updates at lists.suse.com Thu Jan 13 14:17:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 15:17:26 +0100 (CET) Subject: SUSE-RU-2022:0066-1: moderate: Recommended update for rust Message-ID: <20220113141726.0D554FF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0066-1 Rating: moderate References: SLE-18626 SLE-18627 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for rust fixes the following issues: Rust is shipped in version 1.56.1. (jsc#SLE-18627 jsc#SLE-18626) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-66=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.56.1-21.12.1 cargo1.56-1.56.1-7.3.2 cargo1.56-debuginfo-1.56.1-7.3.2 rust-1.56.1-21.12.1 rust1.56-1.56.1-7.3.2 rust1.56-debuginfo-1.56.1-7.3.2 References: From sle-updates at lists.suse.com Thu Jan 13 17:17:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 18:17:05 +0100 (CET) Subject: SUSE-SU-2022:0069-1: Security update for libmspack Message-ID: <20220113171705.2F310FF29@maintenance.suse.de> SUSE Security Update: Security update for libmspack ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0069-1 Rating: low References: #1113040 Cross-References: CVE-2018-18586 CVSS scores: CVE-2018-18586 (NVD) : 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libmspack fixes the following issues: - CVE-2018-18586: Fixed directory traversal in chmextract by adding anti "../" and leading slash protection (bsc#1113040). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-69=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-69=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-69=1 Package List: - SUSE MicroOS 5.1 (x86_64): libmspack-debugsource-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 - SUSE MicroOS 5.0 (x86_64): libmspack-debugsource-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libmspack-debugsource-0.6-3.14.1 libmspack-devel-0.6-3.14.1 libmspack0-0.6-3.14.1 libmspack0-debuginfo-0.6-3.14.1 References: https://www.suse.com/security/cve/CVE-2018-18586.html https://bugzilla.suse.com/1113040 From sle-updates at lists.suse.com Thu Jan 13 17:18:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 18:18:25 +0100 (CET) Subject: SUSE-SU-2022:0068-1: important: Security update for the Linux Kernel Message-ID: <20220113171825.2EF7BFF29@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0068-1 Rating: important References: #1114648 #1124431 #1167162 #1169514 #1172073 #1179599 #1183678 #1183897 #1184804 #1185727 #1185762 #1187167 #1189126 #1189158 #1189305 #1189841 #1190317 #1190358 #1190428 #1191229 #1191384 #1191731 #1191876 #1192032 #1192145 #1192267 #1192740 #1192845 #1192847 #1192866 #1192877 #1192946 #1192974 #1193231 #1193306 #1193318 #1193440 #1193442 #1193575 #1193731 #1194087 #1194094 Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 ______________________________________________________________________________ An update that solves 16 vulnerabilities and has 26 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) The following non-security bugs were fixed: - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1190317). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1190317). - cifs: convert list_for_each to entry variant (jsc#SLE-20656). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1190317). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1190317). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317). - cifs: Fix a potencially linear read overflow (git-fixes). - cifs: fix a sign extension bug (git-fixes). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1190317). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317). - cifs: fix missed refcounting of ipc tcon (git-fixes). - cifs: fix potential use-after-free bugs (jsc#SLE-20656). - cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317). - cifs: for compound requests, use open handle if possible (bsc#1190317). - cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656). - cifs: move to generic async completion (bsc#1190317). - cifs: nosharesock should be set on new server (git-fixes). - cifs: nosharesock should not share socket with future sessions (bsc#1190317). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317). - cifs: properly invalidate cached root handle when closing it (bsc#1190317). - cifs: release lock earlier in dequeue_mid error case (bsc#1190317). - cifs: set a minimum of 120s for next dns resolution (bsc#1190317). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317). - cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656). - cifs: support nested dfs links over reconnect (jsc#SLE-20656). - cifs: support share failover when remounting (jsc#SLE-20656). - cifs: To match file servers, make sure the server hostname matches (bsc#1190317). - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - cred: allow get_cred() and put_cred() to be given NULL (git-fixes). - EDAC/amd64: Handle three rank interleaving mode (bsc#1114648). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - fuse: release pipe buf after last use (bsc#1193318). - genirq: Move initial affinity setup to irq_startup() (bsc#1193231). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231). - genirq: Remove mask argument from setup_affinity() (bsc#1193231). - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231). - genirq: Split out irq_startup() code (bsc#1193231). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: fix a lock order reversal in md_alloc (git-fixes). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185727). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185727). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (bsc#1183678). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc1192145). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc1192145). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc1192145). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Fix NPIV port deletion crash (bsc1192145). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc1192145). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - smb3: add additional null check in SMB2_ioctl (bsc#1190317). - smb3: add additional null check in SMB2_open (bsc#1190317). - smb3: add additional null check in SMB2_tcon (bsc#1190317). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1190317). - smb3: correct smb3 ACL security descriptor (bsc#1190317). - smb3: do not error on fsync when readonly (bsc#1190317). - smb3: remove trivial dfs compile warning (jsc#SLE-20656). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - usb: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add prod. id for Quectel EG91 (git-fixes). - usb: serial: option: add Quectel EC200S-CN module support (git-fixes). - usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: serial: qcserial: add EM9191 QDL support (git-fixes). - x86/msi: Force affinity setup before startup (bsc#1193231). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-68=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-68=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-68=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-68=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-68=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.106.1 kernel-default-debugsource-4.12.14-122.106.1 kernel-default-extra-4.12.14-122.106.1 kernel-default-extra-debuginfo-4.12.14-122.106.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.106.1 kernel-obs-build-debugsource-4.12.14-122.106.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.106.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.106.1 kernel-default-base-4.12.14-122.106.1 kernel-default-base-debuginfo-4.12.14-122.106.1 kernel-default-debuginfo-4.12.14-122.106.1 kernel-default-debugsource-4.12.14-122.106.1 kernel-default-devel-4.12.14-122.106.1 kernel-syms-4.12.14-122.106.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.106.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.106.1 kernel-macros-4.12.14-122.106.1 kernel-source-4.12.14-122.106.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.106.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.106.1 kernel-default-debugsource-4.12.14-122.106.1 kernel-default-kgraft-4.12.14-122.106.1 kernel-default-kgraft-devel-4.12.14-122.106.1 kgraft-patch-4_12_14-122_106-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.106.1 cluster-md-kmp-default-debuginfo-4.12.14-122.106.1 dlm-kmp-default-4.12.14-122.106.1 dlm-kmp-default-debuginfo-4.12.14-122.106.1 gfs2-kmp-default-4.12.14-122.106.1 gfs2-kmp-default-debuginfo-4.12.14-122.106.1 kernel-default-debuginfo-4.12.14-122.106.1 kernel-default-debugsource-4.12.14-122.106.1 ocfs2-kmp-default-4.12.14-122.106.1 ocfs2-kmp-default-debuginfo-4.12.14-122.106.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1183678 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185727 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189158 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1190428 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192145 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192866 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192974 https://bugzilla.suse.com/1193231 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 From sle-updates at lists.suse.com Thu Jan 13 17:23:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 18:23:36 +0100 (CET) Subject: SUSE-RU-2022:0067-1: important: Recommended update for mozilla-nss Message-ID: <20220113172336.C8392FF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0067-1 Rating: important References: #1193845 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nss fixes the following issues: Update mozilla-nss from version 3.68.1 to 3.68.2 (bsc#1193845): - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-67=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-67=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-67=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-67=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-67=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-67=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-67=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-67=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-67=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-67=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-67=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-67=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-67=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.68.2-58.60.1 libfreebl3-32bit-3.68.2-58.60.1 libfreebl3-debuginfo-3.68.2-58.60.1 libfreebl3-debuginfo-32bit-3.68.2-58.60.1 libfreebl3-hmac-3.68.2-58.60.1 libfreebl3-hmac-32bit-3.68.2-58.60.1 libsoftokn3-3.68.2-58.60.1 libsoftokn3-32bit-3.68.2-58.60.1 libsoftokn3-debuginfo-3.68.2-58.60.1 libsoftokn3-debuginfo-32bit-3.68.2-58.60.1 libsoftokn3-hmac-3.68.2-58.60.1 libsoftokn3-hmac-32bit-3.68.2-58.60.1 mozilla-nss-3.68.2-58.60.1 mozilla-nss-32bit-3.68.2-58.60.1 mozilla-nss-certs-3.68.2-58.60.1 mozilla-nss-certs-32bit-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-3.68.2-58.60.1 mozilla-nss-certs-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debuginfo-3.68.2-58.60.1 mozilla-nss-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-debugsource-3.68.2-58.60.1 mozilla-nss-devel-3.68.2-58.60.1 mozilla-nss-sysinit-3.68.2-58.60.1 mozilla-nss-sysinit-32bit-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-3.68.2-58.60.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.2-58.60.1 mozilla-nss-tools-3.68.2-58.60.1 mozilla-nss-tools-debuginfo-3.68.2-58.60.1 References: https://bugzilla.suse.com/1193845 From sle-updates at lists.suse.com Thu Jan 13 17:26:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 18:26:00 +0100 (CET) Subject: SUSE-RU-2022:0070-1: moderate: Recommended update for python-configshell-fb Message-ID: <20220113172600.2486DFF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-configshell-fb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0070-1 Rating: moderate References: SLE-17360 Affected Products: SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for python-configshell-fb fixes the following issues: - Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360): * setup.py: specify a version range for pyparsing * setup.py: lets stick to pyparsing v2.4.7 * Don't warn if prefs file doesn't exist - Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360): * version 1.1.28 * Ensure that all output reaches the client when daemonized * Remove Epydoc markup from command messages * Remove epydoc imports and epydoc calls Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-70=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-70=1 Package List: - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-configshell-fb-1.1.29-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-configshell-fb-1.1.29-3.3.1 References: From sle-updates at lists.suse.com Thu Jan 13 20:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 21:17:13 +0100 (CET) Subject: SUSE-RU-2022:14874-1: important: Recommended update for mozilla-nss Message-ID: <20220113201713.5B205FF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14874-1 Rating: important References: #1193845 Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Debuginfo 11-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nss fixes the following issues: Update mozilla-nss from version 3.68.1 to 3.68.2 (bsc#1193845): - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-14874=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-14874=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-14874=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-14874=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.68.2-47.22.2 libsoftokn3-3.68.2-47.22.2 mozilla-nss-3.68.2-47.22.2 mozilla-nss-certs-3.68.2-47.22.2 mozilla-nss-devel-3.68.2-47.22.2 mozilla-nss-tools-3.68.2-47.22.2 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.68.2-47.22.2 libsoftokn3-32bit-3.68.2-47.22.2 mozilla-nss-32bit-3.68.2-47.22.2 mozilla-nss-certs-32bit-3.68.2-47.22.2 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.68.2-47.22.2 libsoftokn3-3.68.2-47.22.2 mozilla-nss-3.68.2-47.22.2 mozilla-nss-certs-3.68.2-47.22.2 mozilla-nss-tools-3.68.2-47.22.2 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.68.2-47.22.2 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nss-debuginfo-3.68.2-47.22.2 References: https://bugzilla.suse.com/1193845 From sle-updates at lists.suse.com Thu Jan 13 20:19:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 21:19:28 +0100 (CET) Subject: SUSE-RU-2022:0071-1: moderate: Recommended update for container-suseconnect Message-ID: <20220113201928.B619EFF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for container-suseconnect ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0071-1 Rating: moderate References: Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-71=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-71=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-71=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-71=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-71=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-71=1 - SUSE Linux Enterprise Module for Containers 15-SP2: zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2022-71=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-71=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-71=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-71=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-71=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-71=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise Module for Containers 15-SP2 (aarch64 ppc64le s390x x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): container-suseconnect-2.3.0-4.17.1 - SUSE CaaS Platform 4.0 (x86_64): container-suseconnect-2.3.0-4.17.1 References: From sle-updates at lists.suse.com Thu Jan 13 20:20:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 13 Jan 2022 21:20:50 +0100 (CET) Subject: SUSE-RU-2022:0072-1: important: Recommended update for mozilla-nss and MozillaFirefox Message-ID: <20220113202050.3EDFAFF29@maintenance.suse.de> SUSE Recommended Update: Recommended update for mozilla-nss and MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0072-1 Rating: important References: #1193845 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 7 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.5 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for mozilla-nss and MozillaFirefox fix the following issues: mozilla-nss: - Update from version 3.68.1 to 3.68.2 (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation MozillaFirefox: - Firefox Extended Support Release 91.4.1 ESR (bsc#1193845) - Add SHA-2 support to mozilla::pkix's Online Certificate Status Protocol implementation to fix frequent MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING error messages when trying to connect to various microsoft.com domains Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-72=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-72=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-72=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-72=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-72=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-72=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-72=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-72=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-72=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-72=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-72=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-72=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-72=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-72=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-72=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-72=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-72=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-72=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-72=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-72=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-72=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-72=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-72=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE MicroOS 5.0 (aarch64 x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Manager Server 4.1 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Manager Proxy 4.1 (x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE CaaS Platform 4.5 (aarch64 x86_64): libfreebl3-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 - SUSE CaaS Platform 4.5 (x86_64): libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.4.1-150.12.2 MozillaFirefox-debuginfo-91.4.1-150.12.2 MozillaFirefox-debugsource-91.4.1-150.12.2 MozillaFirefox-devel-91.4.1-150.12.2 MozillaFirefox-translations-common-91.4.1-150.12.2 MozillaFirefox-translations-other-91.4.1-150.12.2 libfreebl3-3.68.2-3.64.2 libfreebl3-32bit-3.68.2-3.64.2 libfreebl3-32bit-debuginfo-3.68.2-3.64.2 libfreebl3-debuginfo-3.68.2-3.64.2 libfreebl3-hmac-3.68.2-3.64.2 libfreebl3-hmac-32bit-3.68.2-3.64.2 libsoftokn3-3.68.2-3.64.2 libsoftokn3-32bit-3.68.2-3.64.2 libsoftokn3-32bit-debuginfo-3.68.2-3.64.2 libsoftokn3-debuginfo-3.68.2-3.64.2 libsoftokn3-hmac-3.68.2-3.64.2 libsoftokn3-hmac-32bit-3.68.2-3.64.2 mozilla-nss-3.68.2-3.64.2 mozilla-nss-32bit-3.68.2-3.64.2 mozilla-nss-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-3.68.2-3.64.2 mozilla-nss-certs-32bit-3.68.2-3.64.2 mozilla-nss-certs-32bit-debuginfo-3.68.2-3.64.2 mozilla-nss-certs-debuginfo-3.68.2-3.64.2 mozilla-nss-debuginfo-3.68.2-3.64.2 mozilla-nss-debugsource-3.68.2-3.64.2 mozilla-nss-devel-3.68.2-3.64.2 mozilla-nss-sysinit-3.68.2-3.64.2 mozilla-nss-sysinit-debuginfo-3.68.2-3.64.2 mozilla-nss-tools-3.68.2-3.64.2 mozilla-nss-tools-debuginfo-3.68.2-3.64.2 References: https://bugzilla.suse.com/1193845 From sle-updates at lists.suse.com Fri Jan 14 07:48:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 08:48:04 +0100 (CET) Subject: SUSE-CU-2022:42-1: Recommended update of suse/sle15 Message-ID: <20220114074804.0FA4CFF47@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:42-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.500 Container Release : 4.22.500 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. The following package changes have been done: - container-suseconnect-2.3.0-4.17.1 updated From sle-updates at lists.suse.com Fri Jan 14 08:02:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 09:02:13 +0100 (CET) Subject: SUSE-CU-2022:43-1: Recommended update of suse/sle15 Message-ID: <20220114080213.DFCDDFF47@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:43-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.74 Container Release : 9.5.74 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. The following package changes have been done: - container-suseconnect-2.3.0-4.17.1 updated From sle-updates at lists.suse.com Fri Jan 14 08:09:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 09:09:23 +0100 (CET) Subject: SUSE-CU-2022:44-1: Recommended update of suse/sle15 Message-ID: <20220114080923.CBD27FF47@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:44-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.17.8.58 Container Release : 17.8.58 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. The following package changes have been done: - container-suseconnect-2.3.0-4.17.1 updated From sle-updates at lists.suse.com Fri Jan 14 11:16:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 12:16:56 +0100 (CET) Subject: SUSE-RU-2022:0075-1: moderate: Recommended update for drbd Message-ID: <20220114111656.02121FF47@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0075-1 Rating: moderate References: #1189995 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - Fix nodes being stuck in resync (bsc#1189995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-75=1 Package List: - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): drbd-9.0.22~1+git.fe2b5983-3.13.1 drbd-debugsource-9.0.22~1+git.fe2b5983-3.13.1 drbd-kmp-default-9.0.22~1+git.fe2b5983_k5.3.18_24.96-3.13.1 drbd-kmp-default-debuginfo-9.0.22~1+git.fe2b5983_k5.3.18_24.96-3.13.1 References: https://bugzilla.suse.com/1189995 From sle-updates at lists.suse.com Fri Jan 14 11:18:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 12:18:08 +0100 (CET) Subject: SUSE-RU-2022:0074-1: important: Recommended update for openssl-1_1 Message-ID: <20220114111808.EB517FF47@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0074-1 Rating: important References: #1192489 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-74=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-74=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-74=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-74=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-74=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-74=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenssl1_1-1.1.1d-2.54.1 libopenssl1_1-32bit-1.1.1d-2.54.1 libopenssl1_1-debuginfo-1.1.1d-2.54.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.54.1 libopenssl1_1-hmac-1.1.1d-2.54.1 libopenssl1_1-hmac-32bit-1.1.1d-2.54.1 openssl-1_1-1.1.1d-2.54.1 openssl-1_1-debuginfo-1.1.1d-2.54.1 openssl-1_1-debugsource-1.1.1d-2.54.1 - SUSE OpenStack Cloud 9 (x86_64): libopenssl1_1-1.1.1d-2.54.1 libopenssl1_1-32bit-1.1.1d-2.54.1 libopenssl1_1-debuginfo-1.1.1d-2.54.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.54.1 libopenssl1_1-hmac-1.1.1d-2.54.1 libopenssl1_1-hmac-32bit-1.1.1d-2.54.1 openssl-1_1-1.1.1d-2.54.1 openssl-1_1-debuginfo-1.1.1d-2.54.1 openssl-1_1-debugsource-1.1.1d-2.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-2.54.1 openssl-1_1-debuginfo-1.1.1d-2.54.1 openssl-1_1-debugsource-1.1.1d-2.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): libopenssl-1_1-devel-32bit-1.1.1d-2.54.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenssl1_1-1.1.1d-2.54.1 libopenssl1_1-debuginfo-1.1.1d-2.54.1 libopenssl1_1-hmac-1.1.1d-2.54.1 openssl-1_1-1.1.1d-2.54.1 openssl-1_1-debuginfo-1.1.1d-2.54.1 openssl-1_1-debugsource-1.1.1d-2.54.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libopenssl1_1-32bit-1.1.1d-2.54.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.54.1 libopenssl1_1-hmac-32bit-1.1.1d-2.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.54.1 libopenssl1_1-debuginfo-1.1.1d-2.54.1 libopenssl1_1-hmac-1.1.1d-2.54.1 openssl-1_1-1.1.1d-2.54.1 openssl-1_1-debuginfo-1.1.1d-2.54.1 openssl-1_1-debugsource-1.1.1d-2.54.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.54.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.54.1 libopenssl1_1-hmac-32bit-1.1.1d-2.54.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenssl1_1-1.1.1d-2.54.1 libopenssl1_1-debuginfo-1.1.1d-2.54.1 libopenssl1_1-hmac-1.1.1d-2.54.1 openssl-1_1-1.1.1d-2.54.1 openssl-1_1-debuginfo-1.1.1d-2.54.1 openssl-1_1-debugsource-1.1.1d-2.54.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libopenssl1_1-32bit-1.1.1d-2.54.1 libopenssl1_1-debuginfo-32bit-1.1.1d-2.54.1 libopenssl1_1-hmac-32bit-1.1.1d-2.54.1 References: https://bugzilla.suse.com/1192489 From sle-updates at lists.suse.com Fri Jan 14 11:19:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 12:19:22 +0100 (CET) Subject: SUSE-RU-2022:0076-1: moderate: Recommended update for drbd Message-ID: <20220114111922.110CFFF47@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0076-1 Rating: moderate References: #1189995 Affected Products: SUSE Linux Enterprise High Availability 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - Fix nodes being stuck in resync (bsc#1189995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-76=1 Package List: - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): drbd-9.0.15+git.c46d2790-3.26.1 drbd-debugsource-9.0.15+git.c46d2790-3.26.1 drbd-kmp-default-9.0.15+git.c46d2790_k4.12.14_150.78-3.26.1 drbd-kmp-default-debuginfo-9.0.15+git.c46d2790_k4.12.14_150.78-3.26.1 References: https://bugzilla.suse.com/1189995 From sle-updates at lists.suse.com Fri Jan 14 14:16:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 15:16:14 +0100 (CET) Subject: SUSE-RU-2022:0078-1: moderate: Recommended update for go1.17 Message-ID: <20220114141614.29793FF47@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0078-1 Rating: moderate References: #1190649 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.17 fixes the following issues: Update to go1.17.6 released 2022-01-06. (bsc#1190649) - It includes fixes to the compiler, linker, runtime, and the crypto/x509, net/http, and reflect packages. * go#50165 crypto/x509: error parsing large ASN.1 identifiers * go#50073 runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * go#49961 reflect: segmentation violation while using html/template * go#49921 x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * go#49413 cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` * go#48116 runtime: mallocs cause `base outside usable address space` panic when running on iOS 14 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-78=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.6-1.17.1 go1.17-doc-1.17.6-1.17.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.6-1.17.1 References: https://bugzilla.suse.com/1190649 From sle-updates at lists.suse.com Fri Jan 14 14:18:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 15:18:31 +0100 (CET) Subject: SUSE-SU-2022:0079-1: important: Security update for the Linux Kernel Message-ID: <20220114141831.0DB2DFF47@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0079-1 Rating: important References: #1139944 #1151927 #1152489 #1153275 #1154353 #1154355 #1161907 #1164565 #1166780 #1169514 #1176242 #1176447 #1176536 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176774 #1176940 #1176956 #1177440 #1178134 #1178270 #1179211 #1179426 #1179427 #1179599 #1181148 #1181507 #1181710 #1182404 #1183534 #1183540 #1183897 #1184318 #1185726 #1185902 #1186332 #1187541 #1189126 #1191793 #1191876 #1192267 #1192320 #1192507 #1192511 #1192569 #1192606 #1192845 #1192847 #1192877 #1192946 #1192969 #1192987 #1192990 #1192998 #1193002 #1193042 #1193139 #1193169 #1193306 #1193318 #1193349 #1193440 #1193442 #1193655 #1193993 #1194087 #1194094 #1194266 ECO-3666 SLE-17823 SLE-20042 SLE-23139 Cross-References: CVE-2020-24504 CVE-2020-27820 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4001 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2020-24504 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-24504 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4001 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Realtime 15-SP3 ______________________________________________________________________________ An update that solves 14 vulnerabilities, contains four features and has 58 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-33098: Fixed improper input validation in the Intel(R) Ethernet ixgbe driver that could allow an authenticate user to cause a denial of service (bnc#1192877). - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). The following non-security bugs were fixed: - acpi: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - acpi: battery: Accept charges over the design capacity as full (git-fixes). - acpica: Avoid evaluating methods too early during system resume (git-fixes). - alsa: ISA: not for M68K (git-fixes). - alsa: ctxfi: Fix out-of-range access (git-fixes). - alsa: gus: fix null pointer dereference on pointer block (git-fixes). - alsa: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - alsa: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - alsa: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - alsa: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - alsa: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - alsa: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - alsa: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - alsa: timer: Fix use-after-free problem (git-fixes). - alsa: timer: Unconditionally unlink slave instances, too (git-fixes). - alsa: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - arm: 8970/1: decompressor: increase tag size (git-fixes). - arm: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - arm: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - arm: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - arm: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - arm: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - arm: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - arm: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - arm: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - arm: 9091/1: Revert "mm: qsd8x50: Fix incorrect permission faults" (git-fixes) - arm: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - arm: 9134/1: remove duplicate memcpy() definition (git-fixes) - arm: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - arm: 9141/1: only warn about XIP address when not compile testing (git-fixes) - arm: 9155/1: fix early early_iounmap() (git-fixes) - arm: OMAP2+: Fix legacy mode dss_reset (git-fixes) - arm: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - arm: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - arm: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - arm: at91: pm: of_node_put() after its usage (git-fixes) - arm: at91: pm: use proper master clock register offset (git-fixes) - arm: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - arm: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - arm: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - arm: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - arm: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - arm: dts: Configure missing thermal interrupt for 4430 (git-fixes) - arm: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - arm: dts: Fix duovero smsc interrupt for suspend (git-fixes) - arm: dts: N900: fix onenand timings (git-fixes). - arm: dts: NSP: Correct FA2 mailbox node (git-fixes) - arm: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - arm: dts: NSP: Fixed QSPI compatible string (git-fixes) - arm: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - arm: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - arm: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - arm: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - arm: dts: am437x-l4: fix typo in can at 0 node (git-fixes) - arm: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - arm: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - arm: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - arm: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - arm: dts: aspeed: tiogapass: Remove vuart (git-fixes) - arm: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - arm: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - arm: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - arm: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - arm: dts: at91: sama5d2: map securam as device (git-fixes) - arm: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - arm: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - arm: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - arm: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - arm: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - arm: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - arm: dts: at91: tse850: the emac<->phy interface is rmii (git-fixes) - arm: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - arm: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - arm: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - arm: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - arm: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - arm: dts: dra76x: m_can: fix order of clocks (git-fixes) - arm: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - arm: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - arm: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - arm: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - arm: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - arm: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - arm: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - arm: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - arm: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - arm: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - arm: dts: gose: Fix ports node name for adv7180 (git-fixes) - arm: dts: gose: Fix ports node name for adv7612 (git-fixes) - arm: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - arm: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - arm: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - arm: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - arm: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - arm: dts: imx6: phycore-som: fix emmc supply (git-fixes) - arm: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - arm: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - arm: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - arm: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - arm: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - arm: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - arm: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - arm: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - arm: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - arm: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - arm: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - arm: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - arm: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - arm: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - arm: dts: imx6sl: fix rng node (git-fixes) - arm: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - arm: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - arm: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - arm: dts: imx6sx: Improve UART pins macro defines (git-fixes) - arm: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - arm: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - arm: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - arm: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - arm: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - arm: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - arm: dts: imx7d: Correct speed grading fuse settings (git-fixes) - arm: dts: imx7d: fix opp-supported-hw (git-fixes) - arm: dts: imx7ulp: Correct gpio ranges (git-fixes) - arm: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - arm: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - arm: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - arm: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - arm: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - arm: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - arm: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - arm: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - arm: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - arm: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - arm: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - arm: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - arm: dts: meson: fix PHY deassert timing requirements (git-fixes) - arm: dts: mt7623: add missing pause for switchport (git-fixes) - arm: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - arm: dts: omap3430-sdp: Fix NAND device node (git-fixes) - arm: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - arm: dts: oxnas: Fix clear-mask property (git-fixes) - arm: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - arm: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - arm: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - arm: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - arm: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - arm: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - arm: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - arm: dts: renesas: Fix IOMMU device node names (git-fixes) - arm: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - arm: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - arm: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - arm: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - arm: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - arm: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - arm: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - arm: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - arm: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - arm: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - arm: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - arm: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - arm: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - arm: dts: sunxi: Fix DE2 clocks register range (git-fixes) - arm: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - arm: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - arm: dts: turris-omnia: add SFP node (git-fixes) - arm: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - arm: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - arm: dts: turris-omnia: describe switch interrupt (git-fixes) - arm: dts: turris-omnia: enable HW buffer management (git-fixes) - arm: dts: turris-omnia: fix hardware buffer management (git-fixes) - arm: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - arm: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - arm: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - arm: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - arm: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - arm: exynos: add missing of_node_put for loop iteration (git-fixes) - arm: footbridge: fix PCI interrupt mapping (git-fixes) - arm: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - arm: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - arm: imx: add missing clk_disable_unprepare() (git-fixes) - arm: imx: add missing iounmap() (git-fixes) - arm: imx: build suspend-imx6.S with arm instruction set (git-fixes) - arm: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - arm: mvebu: drop pointless check for coherency_base (git-fixes) - arm: p2v: fix handling of LPAE translation in BE mode (git-fixes) - arm: s3c24xx: fix missing system reset (git-fixes) - arm: s3c24xx: fix mmc gpio lookup tables (git-fixes) - arm: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - arm: samsung: do not build plat/pm-common for Exynos (git-fixes) - arm: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - arm: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - asoc: DAPM: Cover regression by kctl change notification fix (git-fixes). - asoc: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - asoc: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - asoc: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - asoc: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - blacklist scsi commit that breaks kabi (git-fixes) - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - bluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix "no previous prototype" warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1192606). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: Fix preauth hash corruption (git-fixes). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: Fix unix perm bits to cifsacl conversion for "other" bits (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: Handle witness client move notification (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: New optype for session operations (bsc#1181507). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: Remove the superfluous break (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: Remove useless variable (bsc#1192606). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: Standardize logging output (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb 2 support for getting and setting SACLs (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(&server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs: cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs: cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: handle "guest" mount parameter (bsc#1192606). - cifs: handle "nolease" option for vers=1.0 (bsc#1192606). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle ERRBaduid for SMB1 (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB & cache=strict & vers=2.1+ (bsc#1192606). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: replace http links with https ones (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs: smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: use mod_delayed_work() for &server->reconnect if already queued (bsc#1164565). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm: panel-orientation-quirks: add Valve Steam Deck (git-fixes). - edac/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fix memory leak in large read decrypt offload (bsc#1164565). - fs: cifs: Assign boolean values to a bool variable (bsc#1192606). - fs: cifs: Fix atime update check vs mtime (bsc#1164565). - fs: cifs: Fix resource leak (bsc#1192606). - fs: cifs: Initialize filesystem timestamp ranges (bsc#1164565). - fs: cifs: Remove repeated struct declaration (bsc#1192606). - fs: cifs: Remove unnecessary struct declaration (bsc#1192606). - fs: cifs: Simplify bool comparison (bsc#1192606). - fs: cifs: cifssmb.c: use true,false for bool variable (bsc#1164565). - fs: cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - fs: cifs: fix gcc warning in sid_to_id (bsc#1192606). - fs: cifs: fix misspellings using codespell tool (bsc#1192606). - fs: cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - fs: cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - fs: cifs: sess.c: Remove set but not used variable 'capabilities' (bsc#1164565). - fs: cifs: smb2ops.c: use true,false for bool variable (bsc#1164565). - fs: cifs: smb2pdu.c: Make SMB2_notify_init static (bsc#1164565). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - handle status_io_timeout gracefully (bsc#1192606). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - input: iforce - fix control-message timeout (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kabi: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving "unused parameter" and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - kernel-source.spec: install-kernel-tools also required on 15.4 - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - mark commit as not needed (git-fixes) - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - md/raid10: extend r10bio devs to raid disks (bsc#1192320). - md/raid10: improve discard request for far layout (bsc#1192320). - md/raid10: improve raid10 discard request (bsc#1192320). - md/raid10: initialize r10_bio->read_slot before use (bsc#1192320). - md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - mdio: aspeed: Fix "Link is Down" issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - mm: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - move upstreamed usb fix into sorted section - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net: mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net: mlx5: Update error handler for UCTX and UMEM (git-fixes). - net: mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - nfc: add NCI_UNREG flag to eliminate the race (git-fixes). - nfc: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - nfc: reorder the logic in nfc_{un,}register_device (git-fixes). - nfc: reorganize the functions in nci_request (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfs: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - nfs: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nfs: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - nfs: Fix up commit deadlocks (git-fixes). - nfs: do not take i_rwsem for swap IO (bsc#1191876). - nfs: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - pci/msi: Deal with devices lying about their MSI mask capability (git-fixes). - pci: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - pci: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - pm: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - pm: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - rdma/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - s390: mm: Fix secure storage access exception handling (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1194266). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1194266). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1194266). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1194266). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1194266). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1194266). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1194266). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1194266). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1194266). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: Add new parm "nodelete" (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: Fix regression in time handling (bsc#1164565). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in "open on server" perf counter (bnc#1151927 5.3.4). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ("seal") (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - sunrpc/auth: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - sunrpc: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - sunrpc: remove scheduling boost for "SWAPPER" tasks (bsc#1191876). - swiotlb: Fix the type of index (git-fixes). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - wireguard: allowedips: add missing __rcu annotation to satisfy sparse (git-fixes). - wireguard: device: reset peer src endpoint when netns exits (git-fixes). - wireguard: ratelimiter: use kvcalloc() instead of kvzalloc() (git-fixes). - wireguard: receive: drop handshakes if queue lock is contended (git-fixes). - wireguard: receive: use ring buffer for incoming handshakes (git-fixes). - wireguard: selftests: actually test for routing loops (git-fixes). - wireguard: selftests: increase default dmesg log size (git-fixes). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-79=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-79=1 Package List: - SUSE MicroOS 5.1 (x86_64): kernel-rt-5.3.18-68.1 kernel-rt-debuginfo-5.3.18-68.1 kernel-rt-debugsource-5.3.18-68.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-68.1 cluster-md-kmp-rt-debuginfo-5.3.18-68.1 dlm-kmp-rt-5.3.18-68.1 dlm-kmp-rt-debuginfo-5.3.18-68.1 gfs2-kmp-rt-5.3.18-68.1 gfs2-kmp-rt-debuginfo-5.3.18-68.1 kernel-rt-5.3.18-68.1 kernel-rt-debuginfo-5.3.18-68.1 kernel-rt-debugsource-5.3.18-68.1 kernel-rt-devel-5.3.18-68.1 kernel-rt-devel-debuginfo-5.3.18-68.1 kernel-rt_debug-debuginfo-5.3.18-68.1 kernel-rt_debug-debugsource-5.3.18-68.1 kernel-rt_debug-devel-5.3.18-68.1 kernel-rt_debug-devel-debuginfo-5.3.18-68.1 kernel-syms-rt-5.3.18-68.1 ocfs2-kmp-rt-5.3.18-68.1 ocfs2-kmp-rt-debuginfo-5.3.18-68.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-68.1 kernel-source-rt-5.3.18-68.1 References: https://www.suse.com/security/cve/CVE-2020-24504.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-4001.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153275 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154355 https://bugzilla.suse.com/1161907 https://bugzilla.suse.com/1164565 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177440 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181710 https://bugzilla.suse.com/1182404 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184318 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186332 https://bugzilla.suse.com/1187541 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1191793 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192320 https://bugzilla.suse.com/1192507 https://bugzilla.suse.com/1192511 https://bugzilla.suse.com/1192569 https://bugzilla.suse.com/1192606 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192969 https://bugzilla.suse.com/1192987 https://bugzilla.suse.com/1192990 https://bugzilla.suse.com/1192998 https://bugzilla.suse.com/1193002 https://bugzilla.suse.com/1193042 https://bugzilla.suse.com/1193139 https://bugzilla.suse.com/1193169 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193349 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193655 https://bugzilla.suse.com/1193993 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 https://bugzilla.suse.com/1194266 From sle-updates at lists.suse.com Fri Jan 14 14:26:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 15:26:10 +0100 (CET) Subject: SUSE-SU-2022:0080-1: important: Security update for the Linux Kernel Message-ID: <20220114142610.B098FFF47@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0080-1 Rating: important References: #1114648 #1124431 #1167162 #1169514 #1172073 #1179599 #1183678 #1183897 #1184804 #1185727 #1185762 #1187167 #1189126 #1189158 #1189305 #1189841 #1190317 #1190358 #1190428 #1191229 #1191384 #1191731 #1191876 #1192032 #1192145 #1192267 #1192740 #1192845 #1192847 #1192866 #1192877 #1192946 #1192974 #1192987 #1193231 #1193306 #1193318 #1193440 #1193442 #1193575 #1193669 #1193727 #1193731 #1194001 #1194087 #1194094 Cross-References: CVE-2018-25020 CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4002 CVE-2021-4083 CVE-2021-4149 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2018-25020 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-4083 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4149 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 18 vulnerabilities and has 28 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2021-4083: Fixed a race condition with Unix domain socket garbage collection that can lead to read memory after free. (bsc#1193727) - CVE-2021-4149: Fixed an improper lock operation in btrfs which allows users to crash the kernel or deadlock the system. (bsc#1194001) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087) - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2018-25020: Fixed an issue in the BPF subsystem in the Linux kernel mishandled situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. (bsc#1193575) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) The following non-security bugs were fixed: - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - bpf: Add kconfig knob for disabling unpriv bpf by default (jsc#SLE-22913) - bpf: Disallow unprivileged bpf by default (jsc#SLE-22913). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1190317). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1190317). - cifs: convert list_for_each to entry variant (jsc#SLE-20656). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1190317). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1190317). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1190317). - cifs: Fix a potencially linear read overflow (git-fixes). - cifs: fix a sign extension bug (git-fixes). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1190317). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1190317). - cifs: fix missed refcounting of ipc tcon (git-fixes). - cifs: fix potential use-after-free bugs (jsc#SLE-20656). - cifs: fix print of hdr_flags in dfscache_proc_show() (jsc#SLE-20656). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1190317). - cifs: for compound requests, use open handle if possible (bsc#1190317). - cifs: introduce new helper for cifs_reconnect() (jsc#SLE-20656). - cifs: move to generic async completion (bsc#1190317). - cifs: nosharesock should be set on new server (git-fixes). - cifs: nosharesock should not share socket with future sessions (bsc#1190317). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1190317). - cifs: properly invalidate cached root handle when closing it (bsc#1190317). - cifs: release lock earlier in dequeue_mid error case (bsc#1190317). - cifs: set a minimum of 120s for next dns resolution (bsc#1190317). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1190317). - cifs: split out dfs code from cifs_reconnect() (jsc#SLE-20656). - cifs: support nested dfs links over reconnect (jsc#SLE-20656). - cifs: support share failover when remounting (jsc#SLE-20656). - cifs: To match file servers, make sure the server hostname matches (bsc#1190317). - config: disable unprivileged BPF by default (jsc#SLE-22913) Backport of mainline commit 8a03e56b253e ("bpf: Disallow unprivileged bpf by default") only changes kconfig default, used e.g. for "make oldconfig" when the config option is missing, but does not update our kernel configs used for build. Update also these to make sure unprivileged BPF is really disabled by default. - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - cred: allow get_cred() and put_cred() to be given NULL (git-fixes). - EDAC/amd64: Handle three rank interleaving mode (bsc#1114648). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - fuse: release pipe buf after last use (bsc#1193318). - genirq: Move initial affinity setup to irq_startup() (bsc#1193231). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231). - genirq: Remove mask argument from setup_affinity() (bsc#1193231). - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231). - genirq: Split out irq_startup() code (bsc#1193231). - kprobes: Limit max data_size of the kretprobe instances (bsc#1193669). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: fix a lock order reversal in md_alloc (git-fixes). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185727). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185727). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (bsc#1183678). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - rndis_host: set proper input size for OID_GEN_PHYSICAL_MEDIUM request (git-fixes). - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc1192145). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc1192145). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc1192145). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc1192145). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc1192145). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc1192145). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Fix NPIV port deletion crash (bsc1192145). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc1192145). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc1192145). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - smb3: add additional null check in SMB2_ioctl (bsc#1190317). - smb3: add additional null check in SMB2_open (bsc#1190317). - smb3: add additional null check in SMB2_tcon (bsc#1190317). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1190317). - smb3: correct smb3 ACL security descriptor (bsc#1190317). - smb3: do not error on fsync when readonly (bsc#1190317). - smb3: remove trivial dfs compile warning (jsc#SLE-20656). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: async tasks mustn't block waiting for memory (bsc#1191876 bsc#1192866). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876 bsc#1192866). - swiotlb-xen: avoid double free (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - USB: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - USB: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - USB: serial: option: add Fibocom FM101-GL variants (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - x86/msi: Force affinity setup before startup (bsc#1193231). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648). - x86/xen: Mark cpu_bringup_and_idle() as dead_end_function (bsc#1169514). - x86/xen: swap NX determination and GDT setup on BSP (git-fixes). - xen-pciback: redo VF placement in the virtual topology (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-80=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.85.1 kernel-azure-base-4.12.14-16.85.1 kernel-azure-base-debuginfo-4.12.14-16.85.1 kernel-azure-debuginfo-4.12.14-16.85.1 kernel-azure-debugsource-4.12.14-16.85.1 kernel-azure-devel-4.12.14-16.85.1 kernel-syms-azure-4.12.14-16.85.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.85.1 kernel-source-azure-4.12.14-16.85.1 References: https://www.suse.com/security/cve/CVE-2018-25020.html https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-4083.html https://www.suse.com/security/cve/CVE-2021-4149.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1183678 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185727 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189158 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190317 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1190428 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192145 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192866 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192974 https://bugzilla.suse.com/1192987 https://bugzilla.suse.com/1193231 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193575 https://bugzilla.suse.com/1193669 https://bugzilla.suse.com/1193727 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194001 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 From sle-updates at lists.suse.com Fri Jan 14 17:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 18:16:19 +0100 (CET) Subject: SUSE-RU-2022:0082-1: moderate: Recommended update for gnu-compilers-hpc Message-ID: <20220114171619.9CDA5FF47@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnu-compilers-hpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0082-1 Rating: moderate References: SLE-18780 SLE-18781 SLE-18782 SLE-18807 Affected Products: SUSE Linux Enterprise Module for HPC 12 ______________________________________________________________________________ An update that has 0 recommended fixes and contains four features can now be installed. Description: This update for gnu-compilers-hpc fixes the following issues: - Add build support for gcc11 to HPC build. (jsc#SLE-18780, jsc#SLE-18781, jsc#SLE-18782, jsc#SLE-18807) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 12: zypper in -t patch SUSE-SLE-Module-HPC-12-2022-82=1 Package List: - SUSE Linux Enterprise Module for HPC 12 (noarch): gnu-compilers-hpc-1.4-20.21 gnu-compilers-hpc-devel-1.4-20.21 gnu-compilers-hpc-macros-devel-1.4-20.21 gnu10-compilers-hpc-1.4-20.20 gnu10-compilers-hpc-devel-1.4-20.20 gnu10-compilers-hpc-macros-devel-1.4-20.20 gnu11-compilers-hpc-1.4-20.9 gnu11-compilers-hpc-devel-1.4-20.9 gnu11-compilers-hpc-macros-devel-1.4-20.9 gnu6-compilers-hpc-1.4-20.21 gnu6-compilers-hpc-devel-1.4-20.21 gnu6-compilers-hpc-macros-devel-1.4-20.21 gnu7-compilers-hpc-1.4-20.20 gnu7-compilers-hpc-devel-1.4-20.20 gnu7-compilers-hpc-macros-devel-1.4-20.20 gnu8-compilers-hpc-1.4-20.20 gnu8-compilers-hpc-devel-1.4-20.20 gnu8-compilers-hpc-macros-devel-1.4-20.20 gnu9-compilers-hpc-1.4-20.20 gnu9-compilers-hpc-devel-1.4-20.20 gnu9-compilers-hpc-macros-devel-1.4-20.20 References: From sle-updates at lists.suse.com Fri Jan 14 17:17:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 14 Jan 2022 18:17:26 +0100 (CET) Subject: SUSE-SU-2022:0081-1: moderate: Security update for ghostscript Message-ID: <20220114171726.0BE9FFF47@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0081-1 Rating: moderate References: #1194303 #1194304 Cross-References: CVE-2021-45944 CVE-2021-45949 CVSS scores: CVE-2021-45944 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45944 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45949 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45949 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-81=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-81=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-debuginfo-9.52-23.48.1 ghostscript-debugsource-9.52-23.48.1 ghostscript-devel-9.52-23.48.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-23.48.1 ghostscript-debuginfo-9.52-23.48.1 ghostscript-debugsource-9.52-23.48.1 ghostscript-devel-9.52-23.48.1 ghostscript-x11-9.52-23.48.1 ghostscript-x11-debuginfo-9.52-23.48.1 References: https://www.suse.com/security/cve/CVE-2021-45944.html https://www.suse.com/security/cve/CVE-2021-45949.html https://bugzilla.suse.com/1194303 https://bugzilla.suse.com/1194304 From sle-updates at lists.suse.com Sat Jan 15 07:41:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 15 Jan 2022 08:41:17 +0100 (CET) Subject: SUSE-CU-2022:45-1: Recommended update of suse/sle15 Message-ID: <20220115074117.D5A18FF4B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:45-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.557 Container Release : 6.2.557 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:71-1 Released: Thu Jan 13 15:37:28 2022 Summary: Recommended update for container-suseconnect Type: recommended Severity: moderate References: This update for container-suseconnect is a rebuild against updated go toolchain to ensure an up to date GO runtime. The following package changes have been done: - container-suseconnect-2.3.0-4.17.1 updated From sle-updates at lists.suse.com Mon Jan 17 08:16:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 09:16:32 +0100 (CET) Subject: SUSE-RU-2022:0083-1: moderate: Recommended update for drbd Message-ID: <20220117081632.DFFCBFF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for drbd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0083-1 Rating: moderate References: #1189995 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for drbd fixes the following issues: - Fix nodes being stuck in resync (bsc#1189995) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-83=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): drbd-9.0.16+git.ab9777df-8.25.1 drbd-debugsource-9.0.16+git.ab9777df-8.25.1 drbd-kmp-default-9.0.16+git.ab9777df_k4.12.14_197.102-8.25.1 drbd-kmp-default-debuginfo-9.0.16+git.ab9777df_k4.12.14_197.102-8.25.1 References: https://bugzilla.suse.com/1189995 From sle-updates at lists.suse.com Mon Jan 17 08:17:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 09:17:43 +0100 (CET) Subject: SUSE-RU-2022:0084-1: moderate: Recommended update for dosfstools Message-ID: <20220117081743.97750FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for dosfstools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0084-1 Rating: moderate References: #1172863 #1188401 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dosfstools fixes the following issues: - To be able to create filesystems compatible with previous version, add -g command line option to mkfs (bsc#1188401) - BREAKING CHANGES: After fixing of bsc#1172863 in the last update, mkfs started to create different images than before. Applications that depend on exact FAT file format (e. g. embedded systems) may be broken in two ways: * The introduction of the alignment may create smaller images than before, with a different positions of important image elements. It can break existing software that expect images in doststools <= 4.1 style. To work around these problems, use "-a" command line argument. * The new image may contain a different geometry values. Geometry sensitive applications expecting doststools <= 4.1 style images can fails to accept different geometry values. There is no direct work around for this problem. But you can take the old image, use "file -s $IMAGE", check its "sectors/track" and "heads", and use them in the newly introduced "-g" command line argument. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-84=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-84=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-84=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-84=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): dosfstools-4.1-3.6.1 dosfstools-debuginfo-4.1-3.6.1 dosfstools-debugsource-4.1-3.6.1 - SUSE MicroOS 5.0 (aarch64 x86_64): dosfstools-4.1-3.6.1 dosfstools-debuginfo-4.1-3.6.1 dosfstools-debugsource-4.1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dosfstools-4.1-3.6.1 dosfstools-debuginfo-4.1-3.6.1 dosfstools-debugsource-4.1-3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): dosfstools-4.1-3.6.1 dosfstools-debuginfo-4.1-3.6.1 dosfstools-debugsource-4.1-3.6.1 References: https://bugzilla.suse.com/1172863 https://bugzilla.suse.com/1188401 From sle-updates at lists.suse.com Mon Jan 17 14:18:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 15:18:44 +0100 (CET) Subject: SUSE-RU-2022:0085-1: moderate: Recommended update for patterns-sles Message-ID: <20220117141844.B9B83FF4C@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0085-1 Rating: moderate References: SLE-23033 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for patterns-sles fixes the following issues: - Include newly added libopenssl-1_1-hmac for openssl 1.1 (jsc#SLE-23033) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-85=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): patterns-sles-Basis-Devel-12-12.6.1 patterns-sles-Minimal-12-12.6.1 patterns-sles-WBEM-12-12.6.1 patterns-sles-apparmor-12-12.6.1 patterns-sles-base-12-12.6.1 patterns-sles-dhcp_dns_server-12-12.6.1 patterns-sles-directory_server-12-12.6.1 patterns-sles-documentation-12-12.6.1 patterns-sles-file_server-12-12.6.1 patterns-sles-fips-12-12.6.1 patterns-sles-gateway_server-12-12.6.1 patterns-sles-lamp_server-12-12.6.1 patterns-sles-mail_server-12-12.6.1 patterns-sles-ofed-12-12.6.1 patterns-sles-printing-12-12.6.1 patterns-sles-x11-12-12.6.1 patterns-sles-yast2-12-12.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 s390x x86_64): patterns-sles-kvm_server-12-12.6.1 patterns-sles-kvm_tools-12-12.6.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): patterns-sles-sap_server-12-12.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): patterns-sles-32bit-12-12.6.1 patterns-sles-Basis-Devel-32bit-12-12.6.1 patterns-sles-Minimal-32bit-12-12.6.1 patterns-sles-WBEM-32bit-12-12.6.1 patterns-sles-apparmor-32bit-12-12.6.1 patterns-sles-base-32bit-12-12.6.1 patterns-sles-dhcp_dns_server-32bit-12-12.6.1 patterns-sles-directory_server-32bit-12-12.6.1 patterns-sles-documentation-32bit-12-12.6.1 patterns-sles-file_server-32bit-12-12.6.1 patterns-sles-fips-32bit-12-12.6.1 patterns-sles-gateway_server-32bit-12-12.6.1 patterns-sles-kvm_server-32bit-12-12.6.1 patterns-sles-kvm_tools-32bit-12-12.6.1 patterns-sles-lamp_server-32bit-12-12.6.1 patterns-sles-laptop-32bit-12-12.6.1 patterns-sles-mail_server-32bit-12-12.6.1 patterns-sles-ofed-32bit-12-12.6.1 patterns-sles-oracle_server-12-12.6.1 patterns-sles-oracle_server-32bit-12-12.6.1 patterns-sles-printing-32bit-12-12.6.1 patterns-sles-sap_server-32bit-12-12.6.1 patterns-sles-x11-32bit-12-12.6.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): patterns-sles-laptop-12-12.6.1 patterns-sles-xen_server-12-12.6.1 patterns-sles-xen_server-32bit-12-12.6.1 patterns-sles-xen_tools-12-12.6.1 patterns-sles-xen_tools-32bit-12-12.6.1 patterns-sles-yast2-32bit-12-12.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): patterns-sles-hwcrypto-12-12.6.1 patterns-sles-hwcrypto-32bit-12-12.6.1 References: From sle-updates at lists.suse.com Mon Jan 17 17:18:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 18:18:56 +0100 (CET) Subject: SUSE-SU-2022:0088-1: moderate: Security update for ghostscript Message-ID: <20220117171856.DAFA5FF4B@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0088-1 Rating: moderate References: #1194303 #1194304 Cross-References: CVE-2021-45944 CVE-2021-45949 CVSS scores: CVE-2021-45944 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45944 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45949 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45949 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-88=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 References: https://www.suse.com/security/cve/CVE-2021-45944.html https://www.suse.com/security/cve/CVE-2021-45949.html https://bugzilla.suse.com/1194303 https://bugzilla.suse.com/1194304 From sle-updates at lists.suse.com Mon Jan 17 20:18:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 21:18:18 +0100 (CET) Subject: SUSE-SU-2022:0090-1: important: Security update for the Linux Kernel Message-ID: <20220117201818.574F5FF4B@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0090-1 Rating: important References: #1114648 #1124431 #1167162 #1179599 #1183678 #1183897 #1184804 #1185727 #1185762 #1187167 #1189126 #1189305 #1189841 #1190358 #1191229 #1191384 #1192032 #1192145 #1192267 #1192740 #1192845 #1192847 #1192877 #1192946 #1192974 #1193231 #1193306 #1193318 #1193440 #1193442 #1193731 #1194087 #1194094 SLE-17288 Cross-References: CVE-2019-15126 CVE-2020-27820 CVE-2021-0920 CVE-2021-0935 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-33098 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2019-15126 (NVD) : 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-15126 (SUSE): 3.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-0935 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-33098 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains one feature and has 18 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2019-15126: Fixed a vulnerability in Broadcom and Cypress Wi-Fi chips, used in RPi family of devices aka "Kr00k". (bsc#1167162) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bsc#1179599) - CVE-2021-0920: Fixed a local privilege escalation due to an use after free bug in unix_gc. (bsc#1193731) - CVE-2021-0935: Fixed out of bounds write due to a use after free which could lead to local escalation of privilege with System execution privileges needed in ip6_xmit. (bsc#1192032) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-33098: Fixed a potential denial of service in Intel(R) Ethernet ixgbe driver due to improper input validation. (bsc#1192877) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bsc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bsc#1192847) - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bsc#1194087) The following non-security bugs were fixed: - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - cifs: fix missed refcounting of ipc tcon (git-fixes). - cifs: nosharesock should be set on new server (git-fixes). - config: INPUT_EVBUG=n (bsc#1192974). Debug driver unsuitable for production, only enabled on ppc64. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - edac/amd64: Handle three rank interleaving mode (bsc#1114648). - elfcore: correct reference to CONFIG_UML (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - genirq: Move initial affinity setup to irq_startup() (bsc#1193231). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1193231). - genirq: Remove mask argument from setup_affinity() (bsc#1193231). - genirq: Rename setup_affinity() to irq_setup_affinity() (bsc#1193231). - genirq: Split out irq_startup() code (bsc#1193231). - kernel-*-subpackage: Add dependency on kernel scriptlets (bsc#1192740). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - kernel-binary.spec.in: add zstd to BuildRequires if used - kernel-binary.spec.in: make sure zstd is supported by kmod if used - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Define $image as rpm macro (bsc#1189841). - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Fix kernel-default-base scriptlets after packaging merge. - kernel-binary.spec: Require dwarves for kernel-binary-devel when BTF is enabled (jsc#SLE-17288). About the pahole version: v1.18 should be bare mnimum, v1.22 should be fully functional, for now we ship git snapshot with fixes on top of v1.21. - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).") - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). Fixes: d9a1357edd73 ("rpm: Define $certs as rpm macro (bsc#1189841).") - kernel-source.spec: install-kernel-tools also required on 15.4 - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). The semantic changed in an incompatible way so invoking the macro now causes a build failure. - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185727). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185727). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185727). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185727). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185727). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185727). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-fc: wait for queues to freeze before calling update_hr_hw_queues (bsc#1183678). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - post.sh: detect /usr mountpoint too - readme: Modernize build instructions. - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-<version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rpm/kernel-source.spec.in: do some more for vanilla_only Make sure: * sources are NOT executable * env is not used as interpreter * timestamps are correct We do all this for normal kernel builds, but not for vanilla_only kernels (linux-next and vanilla). - rpm: Abolish image suffix (bsc#1189841). This is used only with vanilla kernel which is not supported in any way. The only effect is has is that the image and initrd symlinks are created with this suffix. These symlinks are not used except on s390 where the unsuffixed symlinks are used by zipl. There is no reason why a vanilla kernel could not be used with zipl as well as it's quite unexpected to not be able to boot when only a vanilla kernel is installed. Finally we now have a backup zipl kernel so if the vanilla kernel is indeed unsuitable the backup kernel can be used. - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm: Define $certs as rpm macro (bsc#1189841). Also pass around only the shortened hash rather than full filename. As has been discussed in bsc#1124431 comment 51 https://bugzilla.suse.com/show_bug.cgi?id=1124431#c51 the placement of the certificates is an API which cannot be changed unless we can ensure that no two kernels that use different certificate location can be built with the same certificate. - rpm: Fold kernel-devel and kernel-source scriptlets into spec files (bsc#1189841). These are unchanged since 2011 when they were introduced. No need to track them separately. - rpm: fix kmp install path - rpm: support gz and zst compression methods Extend commit 18fcdff43a00 ("rpm: support compressed modules") for compression methods other than xz. - rpm: use _rpmmacrodir (boo#1191384) - scsi: core: Fix bad pointer dereference when ehandler kthread is invalid (git-fixes). - scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Add additional debugfs support for CMF (bsc#1192145). - scsi: lpfc: Adjust CMF total bytes and rxmonitor (bsc#1192145). - scsi: lpfc: Cap CMF read bytes to MBPI (bsc#1192145). - scsi: lpfc: Change return code on I/Os received during link bounce (bsc#1192145). - scsi: lpfc: Fix NPIV port deletion crash (bsc#1192145). - scsi: lpfc: Fix leaked lpfc_dmabuf mbox allocations with NPIV (bsc#1192145). - scsi: lpfc: Fix lpfc_force_rscn ndlp kref imbalance (bsc#1192145). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: lpfc: Trigger SLI4 firmware dump before doing driver cleanup (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.4 (bsc#1192145). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Fix mailbox direction flags in qla2xxx_get_adapter_id() (git-fixes). - scsi: qla2xxx: Format log strings only if needed (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: edif: Fix EDIF bsg (git-fixes). - scsi: qla2xxx: edif: Fix app start delay (git-fixes). - scsi: qla2xxx: edif: Fix app start fail (git-fixes). - scsi: qla2xxx: edif: Fix off by one bug in qla_edif_app_getfcinfo() (git-fixes). - scsi: qla2xxx: edif: Flush stale events and msgs on session down (git-fixes). - scsi: qla2xxx: edif: Increase ELS payload (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Quectel EC200S-CN module support (git-fixes). - usb: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: serial: option: add prod. id for Quectel EG91 (git-fixes). - usb: serial: qcserial: add EM9191 QDL support (git-fixes). - x86/msi: Force affinity setup before startup (bsc#1193231). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1114648). - x86/sme: Explicitly map new EFI memmap table as encrypted (bsc#1114648). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1114648). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-90=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.73.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.73.1 dlm-kmp-rt-4.12.14-10.73.1 dlm-kmp-rt-debuginfo-4.12.14-10.73.1 gfs2-kmp-rt-4.12.14-10.73.1 gfs2-kmp-rt-debuginfo-4.12.14-10.73.1 kernel-rt-4.12.14-10.73.1 kernel-rt-base-4.12.14-10.73.1 kernel-rt-base-debuginfo-4.12.14-10.73.1 kernel-rt-debuginfo-4.12.14-10.73.1 kernel-rt-debugsource-4.12.14-10.73.1 kernel-rt-devel-4.12.14-10.73.1 kernel-rt-devel-debuginfo-4.12.14-10.73.1 kernel-rt_debug-4.12.14-10.73.1 kernel-rt_debug-debuginfo-4.12.14-10.73.1 kernel-rt_debug-debugsource-4.12.14-10.73.1 kernel-rt_debug-devel-4.12.14-10.73.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.73.1 kernel-syms-rt-4.12.14-10.73.1 ocfs2-kmp-rt-4.12.14-10.73.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.73.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.73.1 kernel-source-rt-4.12.14-10.73.1 References: https://www.suse.com/security/cve/CVE-2019-15126.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-0935.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-33098.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1124431 https://bugzilla.suse.com/1167162 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1183678 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184804 https://bugzilla.suse.com/1185727 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190358 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1192032 https://bugzilla.suse.com/1192145 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192740 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192877 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192974 https://bugzilla.suse.com/1193231 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 From sle-updates at lists.suse.com Mon Jan 17 20:22:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 21:22:27 +0100 (CET) Subject: SUSE-SU-2022:0091-1: important: Security update for apache2 Message-ID: <20220117202227.989A6FF4B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0091-1 Rating: important References: #1193942 #1193943 SLE-22733 SLE-22849 Cross-References: CVE-2021-44224 CVE-2021-44790 CVSS scores: CVE-2021-44224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44790 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities, contains two features is now available. Description: This update for apache2 fixes the following issues: Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733 jsc#SLE-22849) It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51. See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log. Also fixed: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua (bsc#1193942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-91=1 - SUSE Linux Enterprise Module for Server Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP2-2022-91=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-91=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-91=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-91=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-3.37.1 apache2-debugsource-2.4.51-3.37.1 apache2-devel-2.4.51-3.37.1 apache2-worker-2.4.51-3.37.1 apache2-worker-debuginfo-2.4.51-3.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): apache2-doc-2.4.51-3.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-3.37.1 apache2-debugsource-2.4.51-3.37.1 apache2-devel-2.4.51-3.37.1 apache2-worker-2.4.51-3.37.1 apache2-worker-debuginfo-2.4.51-3.37.1 - SUSE Linux Enterprise Module for Server Applications 15-SP2 (noarch): apache2-doc-2.4.51-3.37.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-3.37.1 apache2-debugsource-2.4.51-3.37.1 apache2-event-2.4.51-3.37.1 apache2-event-debuginfo-2.4.51-3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-3.37.1 apache2-debuginfo-2.4.51-3.37.1 apache2-debugsource-2.4.51-3.37.1 apache2-prefork-2.4.51-3.37.1 apache2-prefork-debuginfo-2.4.51-3.37.1 apache2-utils-2.4.51-3.37.1 apache2-utils-debuginfo-2.4.51-3.37.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-3.37.1 apache2-debuginfo-2.4.51-3.37.1 apache2-debugsource-2.4.51-3.37.1 apache2-prefork-2.4.51-3.37.1 apache2-prefork-debuginfo-2.4.51-3.37.1 apache2-utils-2.4.51-3.37.1 apache2-utils-debuginfo-2.4.51-3.37.1 References: https://www.suse.com/security/cve/CVE-2021-44224.html https://www.suse.com/security/cve/CVE-2021-44790.html https://bugzilla.suse.com/1193942 https://bugzilla.suse.com/1193943 From sle-updates at lists.suse.com Mon Jan 17 20:24:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 17 Jan 2022 21:24:57 +0100 (CET) Subject: SUSE-RU-2022:0087-1: moderate: Recommended update for go1.16 Message-ID: <20220117202457.56AE1FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0087-1 Rating: moderate References: #1182345 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for go1.16 fixes the following issues: Update to go1.16.13 (bsc#1182345) - it includes fixes to the compiler, linker, runtime, and the net/http package. * x/net/http2: `http.Server.WriteTimeout` does not fire if the http2 stream's window is out of space. * runtime/race: building for iOS, but linking in object file built for macOS * runtime: race detector `SIGABRT` or `SIGSEGV` on macOS Monterey * runtime: mallocs cause "base outside usable address space" panic when running on iOS 14 * cmd/link: does not set section type of `.init_array` correctly * cmd/link: support more load commands on `Mach-O` * cmd/compile: internal compiler error: `Op...LECall and OpDereference have mismatched mem` Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-87=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.13-1.40.1 go1.16-doc-1.16.13-1.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.13-1.40.1 References: https://bugzilla.suse.com/1182345 From sle-updates at lists.suse.com Mon Jan 17 23:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 00:20:35 +0100 (CET) Subject: SUSE-RU-2022:0092-1: important: Recommended update for rsyslog Message-ID: <20220117232035.705D6FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rsyslog ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0092-1 Rating: important References: #1194593 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for rsyslog fixes the following issues: - Fix config parameters in specfile (bsc#1194593) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-92=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-92=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-92=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-92=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-92=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-92=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-92=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-92=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-92=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-92=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-92=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Manager Proxy 4.1 (x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rsyslog-8.2106.0-4.16.1 rsyslog-debuginfo-8.2106.0-4.16.1 rsyslog-debugsource-8.2106.0-4.16.1 rsyslog-module-gssapi-8.2106.0-4.16.1 rsyslog-module-gssapi-debuginfo-8.2106.0-4.16.1 rsyslog-module-gtls-8.2106.0-4.16.1 rsyslog-module-gtls-debuginfo-8.2106.0-4.16.1 rsyslog-module-mmnormalize-8.2106.0-4.16.1 rsyslog-module-mmnormalize-debuginfo-8.2106.0-4.16.1 rsyslog-module-mysql-8.2106.0-4.16.1 rsyslog-module-mysql-debuginfo-8.2106.0-4.16.1 rsyslog-module-pgsql-8.2106.0-4.16.1 rsyslog-module-pgsql-debuginfo-8.2106.0-4.16.1 rsyslog-module-relp-8.2106.0-4.16.1 rsyslog-module-relp-debuginfo-8.2106.0-4.16.1 rsyslog-module-snmp-8.2106.0-4.16.1 rsyslog-module-snmp-debuginfo-8.2106.0-4.16.1 rsyslog-module-udpspoof-8.2106.0-4.16.1 rsyslog-module-udpspoof-debuginfo-8.2106.0-4.16.1 References: https://bugzilla.suse.com/1194593 From sle-updates at lists.suse.com Tue Jan 18 07:40:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 08:40:12 +0100 (CET) Subject: SUSE-CU-2022:46-1: Recommended update of suse/sle15 Message-ID: <20220118074013.004BCFF4B@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:46-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.76 Container Release : 9.5.76 Severity : important Type : recommended References : 1180125 1192489 1193711 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - rpm-4.14.1-22.7.1 updated From sle-updates at lists.suse.com Tue Jan 18 08:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:19:47 +0100 (CET) Subject: SUSE-RU-2022:0098-1: moderate: Recommended update for xdg-desktop-portal-gtk Message-ID: <20220118081947.87C25FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for xdg-desktop-portal-gtk ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0098-1 Rating: moderate References: #1194102 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for xdg-desktop-portal-gtk fixes the following issues: - Fix regression that makes some dialogs disappear after one second (bsc#1194102) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-98=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-98=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-98=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-98=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-98=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-98=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-98=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-98=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-98=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-98=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Manager Server 4.1 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Manager Proxy 4.1 (x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Manager Proxy 4.1 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE Enterprise Storage 7 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): xdg-desktop-portal-gtk-1.8.0-3.9.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-3.9.1 xdg-desktop-portal-gtk-debugsource-1.8.0-3.9.1 - SUSE CaaS Platform 4.5 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-3.9.1 References: https://bugzilla.suse.com/1194102 From sle-updates at lists.suse.com Tue Jan 18 08:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:21:06 +0100 (CET) Subject: SUSE-RU-2022:0096-1: important: Recommended update for rpm Message-ID: <20220118082106.AAAB9FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0096-1 Rating: important References: #1180125 #1190824 #1193711 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-96=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-96=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-96=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-96=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-96=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-96=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-96=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): python-rpm-debugsource-4.14.3-43.1 python3-rpm-4.14.3-43.1 python3-rpm-debuginfo-4.14.3-43.1 rpm-4.14.3-43.1 rpm-debuginfo-4.14.3-43.1 rpm-debugsource-4.14.3-43.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-43.1 rpm-build-debuginfo-4.14.3-43.1 rpm-debuginfo-4.14.3-43.1 rpm-debugsource-4.14.3-43.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-43.1 rpm-build-debuginfo-4.14.3-43.1 rpm-debuginfo-4.14.3-43.1 rpm-debugsource-4.14.3-43.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-43.1 python2-rpm-4.14.3-43.1 python2-rpm-debuginfo-4.14.3-43.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.3-43.1 rpm-ndb-debuginfo-4.14.3-43.1 rpm-ndb-debugsource-4.14.3-43.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.3-43.1 rpm-build-debuginfo-4.14.3-43.1 rpm-debuginfo-4.14.3-43.1 rpm-debugsource-4.14.3-43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.3-43.1 python3-rpm-4.14.3-43.1 python3-rpm-debuginfo-4.14.3-43.1 rpm-4.14.3-43.1 rpm-debuginfo-4.14.3-43.1 rpm-debugsource-4.14.3-43.1 rpm-devel-4.14.3-43.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): rpm-32bit-4.14.3-43.1 rpm-32bit-debuginfo-4.14.3-43.1 References: https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1190824 https://bugzilla.suse.com/1193711 From sle-updates at lists.suse.com Tue Jan 18 08:24:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:24:36 +0100 (CET) Subject: SUSE-RU-2022:0099-1: moderate: Recommended update for yast2-samba-client Message-ID: <20220118082436.B3E8CFF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for yast2-samba-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0099-1 Rating: moderate References: #1193533 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for yast2-samba-client fixes the following issues: - With latest versions of samba (>=4.15.0) calling 'net ads lookup' with '-U%' fails; (bsc#1193533) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-99=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): yast2-samba-client-4.3.4-3.6.1 References: https://bugzilla.suse.com/1193533 From sle-updates at lists.suse.com Tue Jan 18 08:26:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:26:53 +0100 (CET) Subject: SUSE-RU-2022:0097-1: important: Recommended update for log4j12 Message-ID: <20220118082653.09348FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for log4j12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0097-1 Rating: important References: #1193184 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for log4j12 fixes the following issues: - Fix 'chainsaw' executable (bsc#1193184) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-97=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-97=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): log4j12-javadoc-1.2.17-4.6.1 log4j12-manual-1.2.17-4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): log4j12-1.2.17-4.6.1 References: https://bugzilla.suse.com/1193184 From sle-updates at lists.suse.com Tue Jan 18 08:30:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:30:14 +0100 (CET) Subject: SUSE-RU-2022:0094-1: important: Recommended update for rpm Message-ID: <20220118083014.48899FF4C@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0094-1 Rating: important References: #1180125 #1193711 Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Python2 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Development Tools 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-94=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-94=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-94=1 - SUSE Linux Enterprise Module for Python2 15-SP2: zypper in -t patch SUSE-SLE-Module-Python2-15-SP2-2022-94=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-94=1 - SUSE Linux Enterprise Module for Development Tools 15-SP2: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2022-94=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-94=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): python-rpm-debugsource-4.14.1-22.7.1 python3-rpm-4.14.1-22.7.1 python3-rpm-debuginfo-4.14.1-22.7.1 rpm-4.14.1-22.7.1 rpm-debuginfo-4.14.1-22.7.1 rpm-debugsource-4.14.1-22.7.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-22.7.1 rpm-build-debuginfo-4.14.1-22.7.1 rpm-debuginfo-4.14.1-22.7.1 rpm-debugsource-4.14.1-22.7.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-22.7.1 rpm-build-debuginfo-4.14.1-22.7.1 rpm-debuginfo-4.14.1-22.7.1 rpm-debugsource-4.14.1-22.7.1 - SUSE Linux Enterprise Module for Python2 15-SP2 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-22.7.1 python2-rpm-4.14.1-22.7.1 python2-rpm-debuginfo-4.14.1-22.7.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rpm-ndb-4.14.1-22.7.1 rpm-ndb-debuginfo-4.14.1-22.7.1 rpm-ndb-debugsource-4.14.1-22.7.1 - SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le s390x x86_64): rpm-build-4.14.1-22.7.1 rpm-build-debuginfo-4.14.1-22.7.1 rpm-debuginfo-4.14.1-22.7.1 rpm-debugsource-4.14.1-22.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): python-rpm-debugsource-4.14.1-22.7.1 python3-rpm-4.14.1-22.7.1 python3-rpm-debuginfo-4.14.1-22.7.1 rpm-4.14.1-22.7.1 rpm-debuginfo-4.14.1-22.7.1 rpm-debugsource-4.14.1-22.7.1 rpm-devel-4.14.1-22.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (x86_64): rpm-32bit-4.14.1-22.7.1 rpm-32bit-debuginfo-4.14.1-22.7.1 References: https://bugzilla.suse.com/1180125 https://bugzilla.suse.com/1193711 From sle-updates at lists.suse.com Tue Jan 18 08:31:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:31:40 +0100 (CET) Subject: SUSE-RU-2022:0093-1: important: Recommended update for openssl-1_1 Message-ID: <20220118083140.8A5CDFF4C@maintenance.suse.de> SUSE Recommended Update: Recommended update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0093-1 Rating: important References: #1192489 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-93=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-93=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-93=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-93=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-93=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-93=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-93=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-93=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-93=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-93=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-93=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-93=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE MicroOS 5.0 (aarch64 x86_64): libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Manager Server 4.1 (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Manager Proxy 4.1 (x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE Enterprise Storage 7 (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 - SUSE CaaS Platform 4.5 (aarch64 x86_64): libopenssl-1_1-devel-1.1.1d-11.38.1 libopenssl1_1-1.1.1d-11.38.1 libopenssl1_1-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-1.1.1d-11.38.1 openssl-1_1-1.1.1d-11.38.1 openssl-1_1-debuginfo-1.1.1d-11.38.1 openssl-1_1-debugsource-1.1.1d-11.38.1 - SUSE CaaS Platform 4.5 (x86_64): libopenssl1_1-32bit-1.1.1d-11.38.1 libopenssl1_1-32bit-debuginfo-1.1.1d-11.38.1 libopenssl1_1-hmac-32bit-1.1.1d-11.38.1 References: https://bugzilla.suse.com/1192489 From sle-updates at lists.suse.com Tue Jan 18 08:34:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:34:10 +0100 (CET) Subject: SUSE-RU-2022:0100-1: moderate: Recommended update for hwdata Message-ID: <20220118083410.1615BFF4C@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0100-1 Rating: moderate References: #1194338 Affected Products: SUSE Manager Tools 15 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata fixes the following issues: - Update hwdata from version 0.353 to 0.355 which includes updated pci, usb and vendor ids (bsc#1194338) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-100=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-100=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-100=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-100=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-100=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-100=1 Package List: - SUSE Manager Tools 15 (noarch): hwdata-0.355-3.39.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): hwdata-0.355-3.39.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hwdata-0.355-3.39.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): hwdata-0.355-3.39.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): hwdata-0.355-3.39.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): hwdata-0.355-3.39.1 References: https://bugzilla.suse.com/1194338 From sle-updates at lists.suse.com Tue Jan 18 08:35:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 09:35:25 +0100 (CET) Subject: SUSE-RU-2022:0095-1: moderate: Recommended update for grub2 Message-ID: <20220118083525.5EC1FFF4C@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0095-1 Rating: moderate References: #1193532 Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for grub2 fixes the following issues: - Add support for simplefb (bsc#1193532). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-95=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-95=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-95=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-22.9.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-22.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-22.9.1 grub2-debuginfo-2.04-22.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-22.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-22.9.1 grub2-i386-pc-2.04-22.9.1 grub2-powerpc-ieee1275-2.04-22.9.1 grub2-snapper-plugin-2.04-22.9.1 grub2-systemd-sleep-plugin-2.04-22.9.1 grub2-x86_64-efi-2.04-22.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-22.9.1 References: https://bugzilla.suse.com/1193532 From sle-updates at lists.suse.com Tue Jan 18 14:18:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:18:52 +0100 (CET) Subject: SUSE-SU-2022:0102-1: important: Security update for python-Django Message-ID: <20220118141852.7B194FF4B@maintenance.suse.de> SUSE Security Update: Security update for python-Django ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0102-1 Rating: important References: #1194115 #1194116 #1194117 Cross-References: CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVSS scores: CVE-2021-45115 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45116 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45452 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django fixes the following issues: - CVE-2021-45115: Fixed denial-of-service possibility in UserAttributeSimilarityValidator (bsc#1194115). - CVE-2021-45116: Fixed potential information disclosure in dictsort template filter (bsc#1194117). - CVE-2021-45452: Fixed potential directory-traversal via Storage.save() (bsc#1194116). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-102=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-102=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-102=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): python-Django-1.11.29-3.33.1 - SUSE OpenStack Cloud 8 (noarch): python-Django-1.11.29-3.33.1 - HPE Helion Openstack 8 (noarch): python-Django-1.11.29-3.33.1 References: https://www.suse.com/security/cve/CVE-2021-45115.html https://www.suse.com/security/cve/CVE-2021-45116.html https://www.suse.com/security/cve/CVE-2021-45452.html https://bugzilla.suse.com/1194115 https://bugzilla.suse.com/1194116 https://bugzilla.suse.com/1194117 From sle-updates at lists.suse.com Tue Jan 18 14:20:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:20:22 +0100 (CET) Subject: SUSE-SU-2022:0107-1: important: Security update for java-1_8_0-ibm Message-ID: <20220118142022.666FFFF4B@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0107-1 Rating: important References: #1185055 #1188564 #1188565 #1191902 #1191904 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35560 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-35560 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has two fixes is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-107=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-107=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-107=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-107=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-107=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-107=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-107=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-107=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-107=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-107=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-107=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-107=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-107=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 - HPE Helion Openstack 8 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-30.84.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-30.84.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35560.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35578.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1191902 https://bugzilla.suse.com/1191904 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 From sle-updates at lists.suse.com Tue Jan 18 14:27:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:27:51 +0100 (CET) Subject: SUSE-SU-2022:0108-1: important: Security update for java-1_8_0-ibm Message-ID: <20220118142751.A0ADAFF4B@maintenance.suse.de> SUSE Security Update: Security update for java-1_8_0-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0108-1 Rating: important References: #1185055 #1188564 #1188565 #1191902 #1191904 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-35556 CVE-2021-35559 CVE-2021-35560 CVE-2021-35564 CVE-2021-35565 CVE-2021-35578 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35560 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-35560 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Enterprise Storage 7 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.5 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has two fixes is now available. Description: This update for java-1_8_0-ibm fixes the following issues: - Update to Java 8.0 Service Refresh 7 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-35560: Fixed a vulnerability in the component Deployment. (bsc#1191902) - CVE-2021-35578: Fixed unexpected exception raised during TLS handshake. (bsc#1191904) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-108=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-108=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-108=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-108=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-108=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-108=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-108=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-108=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-108=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-108=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-108=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-108=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-108=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Manager Server 4.1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Manager Proxy 4.1 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (ppc64le s390x x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (x86_64): java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Enterprise Storage 7 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE Enterprise Storage 6 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE CaaS Platform 4.5 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 - SUSE CaaS Platform 4.0 (x86_64): java-1_8_0-ibm-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-alsa-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-devel-1.8.0_sr7.0-3.53.1 java-1_8_0-ibm-plugin-1.8.0_sr7.0-3.53.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35560.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35578.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1191902 https://bugzilla.suse.com/1191904 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 From sle-updates at lists.suse.com Tue Jan 18 14:30:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:30:34 +0100 (CET) Subject: SUSE-SU-2022:0110-1: important: Security update for virglrenderer Message-ID: <20220118143034.1D771FF4B@maintenance.suse.de> SUSE Security Update: Security update for virglrenderer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0110-1 Rating: important References: #1194601 Cross-References: CVE-2022-0175 CVSS scores: CVE-2022-0175 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virglrenderer fixes the following issues: - CVE-2022-0175: Fixed missing initialization of res->ptr (bsc#1194601). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-110=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-110=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): virglrenderer-debugsource-0.5.0-12.6.1 virglrenderer-devel-0.5.0-12.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.5.0-12.6.1 libvirglrenderer0-debuginfo-0.5.0-12.6.1 virglrenderer-debugsource-0.5.0-12.6.1 References: https://www.suse.com/security/cve/CVE-2022-0175.html https://bugzilla.suse.com/1194601 From sle-updates at lists.suse.com Tue Jan 18 14:31:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:31:52 +0100 (CET) Subject: SUSE-SU-2022:14875-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20220118143152.47BF5FF4B@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14875-1 Rating: moderate References: #1185055 #1188564 #1188565 #1188568 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2432 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-2432 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-java-1_7_1-ibm-14875=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-26.68.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-26.68.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-26.68.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-26.68.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-26.68.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2432.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188568 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 From sle-updates at lists.suse.com Tue Jan 18 14:35:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:35:37 +0100 (CET) Subject: SUSE-SU-2022:0104-1: important: Security update for SDL2 Message-ID: <20220118143537.EC040FF4B@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0104-1 Rating: important References: #1181201 #1181202 Cross-References: CVE-2020-14409 CVE-2020-14410 CVSS scores: CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for SDL2 fixes the following issues: - CVE-2020-14409: Fixed Integer Overflow resulting in heap corruption in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP (bsc#1181202). - CVE-2020-14410: Fixed heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c via a crafted .BMP (bsc#1181201). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-104=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-104=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-104=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-104=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-104=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-104=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-104=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-104=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-104=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-104=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-104=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Manager Proxy 4.1 (x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-32bit-2.0.8-11.3.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-11.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): SDL2-debugsource-2.0.8-11.3.1 libSDL2-2_0-0-2.0.8-11.3.1 libSDL2-2_0-0-debuginfo-2.0.8-11.3.1 libSDL2-devel-2.0.8-11.3.1 References: https://www.suse.com/security/cve/CVE-2020-14409.html https://www.suse.com/security/cve/CVE-2020-14410.html https://bugzilla.suse.com/1181201 https://bugzilla.suse.com/1181202 From sle-updates at lists.suse.com Tue Jan 18 14:36:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:36:59 +0100 (CET) Subject: SUSE-SU-2022:0103-1: important: Security update for python-Django1 Message-ID: <20220118143659.6A579FF4B@maintenance.suse.de> SUSE Security Update: Security update for python-Django1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0103-1 Rating: important References: #1194115 #1194116 #1194117 Cross-References: CVE-2021-45115 CVE-2021-45116 CVE-2021-45452 CVSS scores: CVE-2021-45115 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45116 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-45452 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for python-Django1 fixes the following issues: - CVE-2021-45115: Fixed denial-of-service possibility in UserAttributeSimilarityValidator (bsc#1194115). - CVE-2021-45116: Fixed potential information disclosure in dictsort template filter (bsc#1194117). - CVE-2021-45452: Fixed potential directory-traversal via Storage.save() (bsc#1194116). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-103=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-103=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-Django1-1.11.29-3.30.1 - SUSE OpenStack Cloud 9 (noarch): python-Django1-1.11.29-3.30.1 References: https://www.suse.com/security/cve/CVE-2021-45115.html https://www.suse.com/security/cve/CVE-2021-45116.html https://www.suse.com/security/cve/CVE-2021-45452.html https://bugzilla.suse.com/1194115 https://bugzilla.suse.com/1194116 https://bugzilla.suse.com/1194117 From sle-updates at lists.suse.com Tue Jan 18 14:38:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:38:24 +0100 (CET) Subject: SUSE-SU-2022:0101-1: important: Security update for nodejs12 Message-ID: <20220118143824.43C38FF4C@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0101-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 #1194511 #1194512 #1194513 #1194514 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37713 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39135 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers(bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite vulnerability in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite vulnerability in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary file creation/overwrite and arbitrary code execution vulnerability in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symlink following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symlink following vulnerability in nodejs-arborist (bsc#1190053). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-101=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.9-1.38.1 nodejs12-debuginfo-12.22.9-1.38.1 nodejs12-debugsource-12.22.9-1.38.1 nodejs12-devel-12.22.9-1.38.1 npm12-12.22.9-1.38.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.9-1.38.1 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 From sle-updates at lists.suse.com Tue Jan 18 14:40:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 15:40:33 +0100 (CET) Subject: SUSE-RU-2022:0105-1: important: Recommended update for libqb Message-ID: <20220118144033.0B071FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for libqb ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0105-1 Rating: important References: #1188212 #1193737 #1193912 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for libqb fixes the following issues: - Fix occasional Pacemaker commandline tool failures and interrupted system calls (bsc#1193737, bsc#1193912) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-105=1 Package List: - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): doxygen2man-2.0.2+20201203.def947e-3.3.1 doxygen2man-debuginfo-2.0.2+20201203.def947e-3.3.1 libqb-debugsource-2.0.2+20201203.def947e-3.3.1 libqb-devel-2.0.2+20201203.def947e-3.3.1 libqb-tests-2.0.2+20201203.def947e-3.3.1 libqb-tests-debuginfo-2.0.2+20201203.def947e-3.3.1 libqb-tools-2.0.2+20201203.def947e-3.3.1 libqb-tools-debuginfo-2.0.2+20201203.def947e-3.3.1 libqb100-2.0.2+20201203.def947e-3.3.1 libqb100-debuginfo-2.0.2+20201203.def947e-3.3.1 References: https://bugzilla.suse.com/1188212 https://bugzilla.suse.com/1193737 https://bugzilla.suse.com/1193912 From sle-updates at lists.suse.com Tue Jan 18 17:18:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 18:18:28 +0100 (CET) Subject: SUSE-SU-2022:0115-1: important: Security update for MozillaFirefox Message-ID: <20220118171828.78D47FF4B@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0115-1 Rating: important References: #1194547 Cross-References: CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-115=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-115=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-115=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-115=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-115=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-115=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-115=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-115=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-115=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-115=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-115=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-115=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-115=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.5.0-112.86.1 MozillaFirefox-debuginfo-91.5.0-112.86.1 MozillaFirefox-debugsource-91.5.0-112.86.1 MozillaFirefox-devel-91.5.0-112.86.1 MozillaFirefox-translations-common-91.5.0-112.86.1 References: https://www.suse.com/security/cve/CVE-2021-4140.html https://www.suse.com/security/cve/CVE-2022-22737.html https://www.suse.com/security/cve/CVE-2022-22738.html https://www.suse.com/security/cve/CVE-2022-22739.html https://www.suse.com/security/cve/CVE-2022-22740.html https://www.suse.com/security/cve/CVE-2022-22741.html https://www.suse.com/security/cve/CVE-2022-22742.html https://www.suse.com/security/cve/CVE-2022-22743.html https://www.suse.com/security/cve/CVE-2022-22744.html https://www.suse.com/security/cve/CVE-2022-22745.html https://www.suse.com/security/cve/CVE-2022-22746.html https://www.suse.com/security/cve/CVE-2022-22747.html https://www.suse.com/security/cve/CVE-2022-22748.html https://www.suse.com/security/cve/CVE-2022-22751.html https://bugzilla.suse.com/1194547 From sle-updates at lists.suse.com Tue Jan 18 17:19:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 18:19:52 +0100 (CET) Subject: SUSE-SU-2022:0114-1: moderate: Security update for nodejs14 Message-ID: <20220118171952.9FD73FF4B@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0114-1 Rating: moderate References: #1194511 #1194512 #1194513 #1194514 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVSS scores: CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-114=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.3-6.21.1 nodejs14-debuginfo-14.18.3-6.21.1 nodejs14-debugsource-14.18.3-6.21.1 nodejs14-devel-14.18.3-6.21.1 npm14-14.18.3-6.21.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.18.3-6.21.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 From sle-updates at lists.suse.com Tue Jan 18 17:21:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 18:21:24 +0100 (CET) Subject: SUSE-SU-2022:0111-1: important: Security update for virglrenderer Message-ID: <20220118172124.487A9FF4B@maintenance.suse.de> SUSE Security Update: Security update for virglrenderer ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0111-1 Rating: important References: #1194601 Cross-References: CVE-2022-0175 CVSS scores: CVE-2022-0175 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Affected Products: SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Server Applications 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for virglrenderer fixes the following issues: - CVE-2022-0175: Fixed missing initialization of res->ptr (bsc#1194601). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-111=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-111=1 Package List: - SUSE MicroOS 5.0 (aarch64 x86_64): libvirglrenderer0-0.6.0-4.6.1 libvirglrenderer0-debuginfo-0.6.0-4.6.1 virglrenderer-debuginfo-0.6.0-4.6.1 virglrenderer-debugsource-0.6.0-4.6.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libvirglrenderer0-0.6.0-4.6.1 libvirglrenderer0-debuginfo-0.6.0-4.6.1 virglrenderer-debuginfo-0.6.0-4.6.1 virglrenderer-debugsource-0.6.0-4.6.1 virglrenderer-devel-0.6.0-4.6.1 References: https://www.suse.com/security/cve/CVE-2022-0175.html https://bugzilla.suse.com/1194601 From sle-updates at lists.suse.com Tue Jan 18 17:22:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 18:22:43 +0100 (CET) Subject: SUSE-SU-2022:0113-1: moderate: Security update for nodejs12 Message-ID: <20220118172243.DD710FF4B@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0113-1 Rating: moderate References: #1194511 #1194512 #1194513 #1194514 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVSS scores: CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-113=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.9-4.25.1 nodejs12-debuginfo-12.22.9-4.25.1 nodejs12-debugsource-12.22.9-4.25.1 nodejs12-devel-12.22.9-4.25.1 npm12-12.22.9-4.25.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.9-4.25.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 From sle-updates at lists.suse.com Tue Jan 18 17:26:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 18:26:48 +0100 (CET) Subject: SUSE-SU-2022:14876-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20220118172648.03557FF4B@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14876-1 Rating: moderate References: #1185055 #1188564 #1188565 #1188566 #1188568 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2388 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-2388 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-2432 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-2432 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves 12 vulnerabilities and has two fixes is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) - CVE-2021-2388: Fixed a flaw inside the Hotspot component performed range check elimination. (bsc#1188566) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-java-1_7_1-ibm-14876=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): java-1_7_0-ibm-1.7.0_sr11.0-65.63.1 java-1_7_0-ibm-alsa-1.7.0_sr11.0-65.63.1 java-1_7_0-ibm-devel-1.7.0_sr11.0-65.63.1 java-1_7_0-ibm-jdbc-1.7.0_sr11.0-65.63.1 java-1_7_0-ibm-plugin-1.7.0_sr11.0-65.63.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2388.html https://www.suse.com/security/cve/CVE-2021-2432.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188566 https://bugzilla.suse.com/1188568 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 From sle-updates at lists.suse.com Tue Jan 18 17:30:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 18:30:42 +0100 (CET) Subject: SUSE-SU-2022:0112-1: moderate: Security update for nodejs14 Message-ID: <20220118173042.2536DFF4B@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0112-1 Rating: moderate References: #1194511 #1194512 #1194513 #1194514 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVSS scores: CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-112=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.3-15.24.1 nodejs14-debuginfo-14.18.3-15.24.1 nodejs14-debugsource-14.18.3-15.24.1 nodejs14-devel-14.18.3-15.24.1 npm14-14.18.3-15.24.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.18.3-15.24.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 From sle-updates at lists.suse.com Tue Jan 18 20:17:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 21:17:53 +0100 (CET) Subject: SUSE-RU-2022:0121-1: moderate: Recommended update for efivar Message-ID: <20220118201753.DDAC1FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for efivar ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0121-1 Rating: moderate References: #1192344 PM-3148 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for efivar fixes the following issues: - Fixed dbx opening failed by "Operation not permitted" (bsc#1192344). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-121=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-121=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-121=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-121=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-121=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-121=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-121=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-121=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-121=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-121=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-121=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE OpenStack Cloud 9 (x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE OpenStack Cloud 8 (x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - HPE Helion Openstack 8 (x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 References: https://bugzilla.suse.com/1192344 From sle-updates at lists.suse.com Tue Jan 18 20:19:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 21:19:08 +0100 (CET) Subject: SUSE-FU-2022:0122-1: moderate: Feature update for zxing-cpp Message-ID: <20220118201908.7054FFF4B@maintenance.suse.de> SUSE Feature Update: Feature update for zxing-cpp ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:0122-1 Rating: moderate References: #1158377 #1180479 #1181915 #1183655 #1187982 #1189813 SLE-18214 Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP2 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that has 6 feature fixes and contains one feature can now be installed. Description: This feature update for zxing-cpp fixes the following issues: Update LibreOffice from version 7.1.4.2 to 7.2.3.2 (jsc#SLE-18214): - Fix UI scaling on HIDPI Wayland/KDE screens - Fix gtk popover usage on gtk 3.20 for SUSE Linux Enterprise 12 - Fix inteaction between multi-column shape text and automatic height. (bsc#1187982) - Fix interaction of transparent cell fill and transparent shadow. (bsc#1189813) - Use external `poppler` version 21.01.0 (jsc#SLE-18214) - Use external `CMIS` version 0.5.2 - Update external `boost` to version 1.75.0 - Update external `pdfium` to version 4500 - Update external `skia` to version `m90` - Do not use `qrcodegen-devel` but move to `zxing-cpp` (jsc#SLE-18214) - Keep upstream desktop file names (bsc#1183655) - Display math icon (bsc#1180479) - Source `profile.d/alljava.sh` from either `/etc` (if found) or `/usr/etc`. Provide `zxing-cpp` 1.2.0 as new LibreOffice dependency. (jsc#SLE-18214) - Do not build examples to avoid a cycle with `QT5Multimedia` - Use `cmake3-full` package instead of `cmake` on SUSE Linux Enterprise 12 - Do not build examples on SUSE Linux Enterprise 12 - Only build blackbox tests on openSUSE Tumbleweed - New `BarcodeFormat` - New ZXingQtCamReader demo app based on `QtMultimedia` and `QtQuick` - New QRCode reader, faster and better support for rotated symbols - Add `Structured Append` support for `DataMatrix`, `Aztec` and `MaxiCode` - Add `DMRE` support for `DataMatrix` - Switch to the reimplemented 1D detectors, about 5x faster - Faster and more capable `isPure` detection for all 2D codes - 20% faster `ReedSolomon` error correction. - `ReedSolomon` error detection code 2x speedup. - PDF417 is faster and supports flipped symbols - Reduced false positive rate for `UPC/EAN` barcodes and improved Add-On symbol handling - Fix country-code metadata decoding for UPC/EAN codes. - Proper ECI handling in all 2D barcodes - Add baselibs.conf - Many performance improvements for 1D readers - More meta-data exported when reading specific format - Improve DataMatrix encoder - Add interface to simplify basic usage - WASM API to support pixels array as input - `LuminanceSource` based API is now deprecated but still compiles. - New BarcodeFormats flag type to specify the set of barcodes to look for. - New simplified and consistent Python API - Slightly improved QRCode detection for rotated symbols. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-122=1 - SUSE Linux Enterprise Workstation Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2022-122=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-122=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2022-122=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libZXing1-1.2.0-9.4.1 libZXing1-debuginfo-1.2.0-9.4.1 zxing-cpp-debugsource-1.2.0-9.4.1 zxing-cpp-devel-1.2.0-9.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64): libZXing1-1.2.0-9.4.1 libZXing1-debuginfo-1.2.0-9.4.1 libreoffice-7.2.3.2-49.11.7 libreoffice-base-7.2.3.2-49.11.7 libreoffice-base-debuginfo-7.2.3.2-49.11.7 libreoffice-base-drivers-postgresql-7.2.3.2-49.11.7 libreoffice-base-drivers-postgresql-debuginfo-7.2.3.2-49.11.7 libreoffice-calc-7.2.3.2-49.11.7 libreoffice-calc-debuginfo-7.2.3.2-49.11.7 libreoffice-calc-extensions-7.2.3.2-49.11.7 libreoffice-debuginfo-7.2.3.2-49.11.7 libreoffice-debugsource-7.2.3.2-49.11.7 libreoffice-draw-7.2.3.2-49.11.7 libreoffice-draw-debuginfo-7.2.3.2-49.11.7 libreoffice-filters-optional-7.2.3.2-49.11.7 libreoffice-gnome-7.2.3.2-49.11.7 libreoffice-gnome-debuginfo-7.2.3.2-49.11.7 libreoffice-gtk3-7.2.3.2-49.11.7 libreoffice-gtk3-debuginfo-7.2.3.2-49.11.7 libreoffice-impress-7.2.3.2-49.11.7 libreoffice-impress-debuginfo-7.2.3.2-49.11.7 libreoffice-mailmerge-7.2.3.2-49.11.7 libreoffice-math-7.2.3.2-49.11.7 libreoffice-math-debuginfo-7.2.3.2-49.11.7 libreoffice-officebean-7.2.3.2-49.11.7 libreoffice-officebean-debuginfo-7.2.3.2-49.11.7 libreoffice-pyuno-7.2.3.2-49.11.7 libreoffice-pyuno-debuginfo-7.2.3.2-49.11.7 libreoffice-writer-7.2.3.2-49.11.7 libreoffice-writer-debuginfo-7.2.3.2-49.11.7 libreoffice-writer-extensions-7.2.3.2-49.11.7 libreofficekit-7.2.3.2-49.11.7 zxing-cpp-debugsource-1.2.0-9.4.1 zxing-cpp-devel-1.2.0-9.4.1 - SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch): libreoffice-branding-upstream-7.2.3.2-49.11.7 libreoffice-icon-themes-7.2.3.2-49.11.7 libreoffice-l10n-af-7.2.3.2-49.11.7 libreoffice-l10n-ar-7.2.3.2-49.11.7 libreoffice-l10n-as-7.2.3.2-49.11.7 libreoffice-l10n-bg-7.2.3.2-49.11.7 libreoffice-l10n-bn-7.2.3.2-49.11.7 libreoffice-l10n-br-7.2.3.2-49.11.7 libreoffice-l10n-ca-7.2.3.2-49.11.7 libreoffice-l10n-cs-7.2.3.2-49.11.7 libreoffice-l10n-cy-7.2.3.2-49.11.7 libreoffice-l10n-da-7.2.3.2-49.11.7 libreoffice-l10n-de-7.2.3.2-49.11.7 libreoffice-l10n-dz-7.2.3.2-49.11.7 libreoffice-l10n-el-7.2.3.2-49.11.7 libreoffice-l10n-en-7.2.3.2-49.11.7 libreoffice-l10n-eo-7.2.3.2-49.11.7 libreoffice-l10n-es-7.2.3.2-49.11.7 libreoffice-l10n-et-7.2.3.2-49.11.7 libreoffice-l10n-eu-7.2.3.2-49.11.7 libreoffice-l10n-fa-7.2.3.2-49.11.7 libreoffice-l10n-fi-7.2.3.2-49.11.7 libreoffice-l10n-fr-7.2.3.2-49.11.7 libreoffice-l10n-ga-7.2.3.2-49.11.7 libreoffice-l10n-gl-7.2.3.2-49.11.7 libreoffice-l10n-gu-7.2.3.2-49.11.7 libreoffice-l10n-he-7.2.3.2-49.11.7 libreoffice-l10n-hi-7.2.3.2-49.11.7 libreoffice-l10n-hr-7.2.3.2-49.11.7 libreoffice-l10n-hu-7.2.3.2-49.11.7 libreoffice-l10n-it-7.2.3.2-49.11.7 libreoffice-l10n-ja-7.2.3.2-49.11.7 libreoffice-l10n-kk-7.2.3.2-49.11.7 libreoffice-l10n-kn-7.2.3.2-49.11.7 libreoffice-l10n-ko-7.2.3.2-49.11.7 libreoffice-l10n-lt-7.2.3.2-49.11.7 libreoffice-l10n-lv-7.2.3.2-49.11.7 libreoffice-l10n-mai-7.2.3.2-49.11.7 libreoffice-l10n-ml-7.2.3.2-49.11.7 libreoffice-l10n-mr-7.2.3.2-49.11.7 libreoffice-l10n-nb-7.2.3.2-49.11.7 libreoffice-l10n-nl-7.2.3.2-49.11.7 libreoffice-l10n-nn-7.2.3.2-49.11.7 libreoffice-l10n-nr-7.2.3.2-49.11.7 libreoffice-l10n-nso-7.2.3.2-49.11.7 libreoffice-l10n-or-7.2.3.2-49.11.7 libreoffice-l10n-pa-7.2.3.2-49.11.7 libreoffice-l10n-pl-7.2.3.2-49.11.7 libreoffice-l10n-pt_BR-7.2.3.2-49.11.7 libreoffice-l10n-pt_PT-7.2.3.2-49.11.7 libreoffice-l10n-ro-7.2.3.2-49.11.7 libreoffice-l10n-ru-7.2.3.2-49.11.7 libreoffice-l10n-si-7.2.3.2-49.11.7 libreoffice-l10n-sk-7.2.3.2-49.11.7 libreoffice-l10n-sl-7.2.3.2-49.11.7 libreoffice-l10n-sr-7.2.3.2-49.11.7 libreoffice-l10n-ss-7.2.3.2-49.11.7 libreoffice-l10n-st-7.2.3.2-49.11.7 libreoffice-l10n-sv-7.2.3.2-49.11.7 libreoffice-l10n-ta-7.2.3.2-49.11.7 libreoffice-l10n-te-7.2.3.2-49.11.7 libreoffice-l10n-th-7.2.3.2-49.11.7 libreoffice-l10n-tn-7.2.3.2-49.11.7 libreoffice-l10n-tr-7.2.3.2-49.11.7 libreoffice-l10n-ts-7.2.3.2-49.11.7 libreoffice-l10n-uk-7.2.3.2-49.11.7 libreoffice-l10n-ve-7.2.3.2-49.11.7 libreoffice-l10n-xh-7.2.3.2-49.11.7 libreoffice-l10n-zh_CN-7.2.3.2-49.11.7 libreoffice-l10n-zh_TW-7.2.3.2-49.11.7 libreoffice-l10n-zu-7.2.3.2-49.11.7 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): libZXing1-1.2.0-9.4.1 libZXing1-debuginfo-1.2.0-9.4.1 zxing-cpp-debugsource-1.2.0-9.4.1 zxing-cpp-devel-1.2.0-9.4.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): libZXing1-1.2.0-9.4.1 libZXing1-debuginfo-1.2.0-9.4.1 zxing-cpp-debugsource-1.2.0-9.4.1 zxing-cpp-devel-1.2.0-9.4.1 References: https://bugzilla.suse.com/1158377 https://bugzilla.suse.com/1180479 https://bugzilla.suse.com/1181915 https://bugzilla.suse.com/1183655 https://bugzilla.suse.com/1187982 https://bugzilla.suse.com/1189813 From sle-updates at lists.suse.com Tue Jan 18 20:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 21:20:43 +0100 (CET) Subject: SUSE-SU-2022:0118-1: moderate: Security update for python-numpy Message-ID: <20220118202043.D6958FF4B@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0118-1 Rating: moderate References: #1193907 #1193913 Cross-References: CVE-2021-33430 CVE-2021-41496 CVSS scores: CVE-2021-33430 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-118=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-118=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python-numpy-debuginfo-1.8.0-5.11.1 python-numpy-debugsource-1.8.0-5.11.1 python-numpy-devel-1.8.0-5.11.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): python-numpy-1.8.0-5.11.1 python-numpy-debuginfo-1.8.0-5.11.1 python-numpy-debugsource-1.8.0-5.11.1 References: https://www.suse.com/security/cve/CVE-2021-33430.html https://www.suse.com/security/cve/CVE-2021-41496.html https://bugzilla.suse.com/1193907 https://bugzilla.suse.com/1193913 From sle-updates at lists.suse.com Tue Jan 18 20:23:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 21:23:02 +0100 (CET) Subject: SUSE-RU-2022:0120-1: moderate: Recommended update for efivar Message-ID: <20220118202302.A7359FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for efivar ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0120-1 Rating: moderate References: #1192344 PM-3148 Affected Products: SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for efivar fixes the following issues: - Fixed dbx opening failed by "Operation not permitted" (bsc#1192344). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-120=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-120=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-120=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-120=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 efivar-devel-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 efivar-devel-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 efivar-devel-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): efivar-31-3.3.1 efivar-debuginfo-31-3.3.1 efivar-debugsource-31-3.3.1 efivar-devel-31-3.3.1 libefivar1-31-3.3.1 libefivar1-debuginfo-31-3.3.1 References: https://bugzilla.suse.com/1192344 From sle-updates at lists.suse.com Tue Jan 18 20:25:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 21:25:52 +0100 (CET) Subject: SUSE-SU-2022:0119-1: important: Security update for apache2 Message-ID: <20220118202552.DD8A2FF4B@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0119-1 Rating: important References: #1193942 #1193943 Cross-References: CVE-2021-44224 CVE-2021-44790 CVSS scores: CVE-2021-44224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44790 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations. (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua. (bsc#1193942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-119=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-119=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-119=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-119=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-119=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-119=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-119=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-119=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-119=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-119=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): apache2-doc-2.4.33-3.61.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 - SUSE Enterprise Storage 6 (noarch): apache2-doc-2.4.33-3.61.1 - SUSE CaaS Platform 4.0 (noarch): apache2-doc-2.4.33-3.61.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-2.4.33-3.61.1 apache2-debuginfo-2.4.33-3.61.1 apache2-debugsource-2.4.33-3.61.1 apache2-devel-2.4.33-3.61.1 apache2-prefork-2.4.33-3.61.1 apache2-prefork-debuginfo-2.4.33-3.61.1 apache2-utils-2.4.33-3.61.1 apache2-utils-debuginfo-2.4.33-3.61.1 apache2-worker-2.4.33-3.61.1 apache2-worker-debuginfo-2.4.33-3.61.1 References: https://www.suse.com/security/cve/CVE-2021-44224.html https://www.suse.com/security/cve/CVE-2021-44790.html https://bugzilla.suse.com/1193942 https://bugzilla.suse.com/1193943 From sle-updates at lists.suse.com Tue Jan 18 20:27:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 18 Jan 2022 21:27:12 +0100 (CET) Subject: SUSE-RU-2022:0117-1: moderate: Recommended update for rust Message-ID: <20220118202712.A6474FF4B@maintenance.suse.de> SUSE Recommended Update: Recommended update for rust ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0117-1 Rating: moderate References: SLE-18626 SLE-18627 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for rust fixes the following issues: Rust is shipped in version 1.57.0. Please see: https://blog.rust-lang.org/2021/12/02/Rust-1.57.0.html for more information. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-117=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo-1.57.0-21.13.1 cargo1.57-1.57.0-7.3.1 cargo1.57-debuginfo-1.57.0-7.3.1 rust-1.57.0-21.13.1 rust1.57-1.57.0-7.3.1 rust1.57-debuginfo-1.57.0-7.3.1 References: From sle-updates at lists.suse.com Wed Jan 19 07:32:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 08:32:54 +0100 (CET) Subject: SUSE-CU-2022:47-1: Recommended update of suse/sle15 Message-ID: <20220119073254.744FFFF4E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:47-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.60 Container Release : 150300.17.8.60 Severity : important Type : recommended References : 1180125 1190824 1192489 1193711 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - rpm-ndb-4.14.3-43.1 updated From sle-updates at lists.suse.com Wed Jan 19 08:19:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 09:19:58 +0100 (CET) Subject: SUSE-RU-2022:0123-1: important: Recommended update for fetchmail Message-ID: <20220119081958.9617CFF4E@maintenance.suse.de> SUSE Recommended Update: Recommended update for fetchmail ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0123-1 Rating: important References: #1194203 Affected Products: SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fetchmail fixes the following issues: - Always create fetchmail group, even if the user is already present, as a leftover from Leap 15.2 upgrade. This may happen also if user is messing with groups/users directly or upgrading from even an older fetchmail versions (bsc#1194203) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-123=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-123=1 Package List: - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-debuginfo-6.4.22-20.23.1 fetchmail-debugsource-6.4.22-20.23.1 fetchmailconf-6.4.22-20.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): fetchmail-6.4.22-20.23.1 fetchmail-debuginfo-6.4.22-20.23.1 fetchmail-debugsource-6.4.22-20.23.1 References: https://bugzilla.suse.com/1194203 From sle-updates at lists.suse.com Wed Jan 19 08:21:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 09:21:07 +0100 (CET) Subject: SUSE-RU-2022:0124-1: moderate: Recommended update for shared-mime-info Message-ID: <20220119082107.4E5E1FF4E@maintenance.suse.de> SUSE Recommended Update: Recommended update for shared-mime-info ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0124-1 Rating: moderate References: #1191630 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for shared-mime-info fixes the following issues: - Fix nautilus not launching applications because all applications are not detected as executable program but as shared library (bsc#1191630) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-124=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-124=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-124=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): shared-mime-info-1.12-3.3.1 shared-mime-info-debuginfo-1.12-3.3.1 shared-mime-info-debugsource-1.12-3.3.1 - SUSE MicroOS 5.0 (aarch64 x86_64): shared-mime-info-1.12-3.3.1 shared-mime-info-debuginfo-1.12-3.3.1 shared-mime-info-debugsource-1.12-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): shared-mime-info-1.12-3.3.1 shared-mime-info-debuginfo-1.12-3.3.1 shared-mime-info-debugsource-1.12-3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): shared-mime-info-lang-1.12-3.3.1 References: https://bugzilla.suse.com/1191630 From sle-updates at lists.suse.com Wed Jan 19 08:22:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 09:22:15 +0100 (CET) Subject: SUSE-RU-2022:0125-1: moderate: Recommended update for dracut Message-ID: <20220119082215.0EC89FF4E@maintenance.suse.de> SUSE Recommended Update: Recommended update for dracut ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0125-1 Rating: moderate References: #1175892 #1194162 Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for dracut fixes the following issues: - Update dependency and requirement of util-linux-systemd (bsc#1194162) - Improve SSL CA certificate bundle detection (bsc#1175892) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-125=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-125=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): dracut-049.1+suse.224.gd285ddd8-3.51.1 dracut-debuginfo-049.1+suse.224.gd285ddd8-3.51.1 dracut-debugsource-049.1+suse.224.gd285ddd8-3.51.1 dracut-fips-049.1+suse.224.gd285ddd8-3.51.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dracut-049.1+suse.224.gd285ddd8-3.51.1 dracut-debuginfo-049.1+suse.224.gd285ddd8-3.51.1 dracut-debugsource-049.1+suse.224.gd285ddd8-3.51.1 dracut-fips-049.1+suse.224.gd285ddd8-3.51.1 dracut-ima-049.1+suse.224.gd285ddd8-3.51.1 References: https://bugzilla.suse.com/1175892 https://bugzilla.suse.com/1194162 From sle-updates at lists.suse.com Wed Jan 19 14:18:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 15:18:09 +0100 (CET) Subject: SUSE-SU-2022:0126-1: important: Security update for openstack-monasca-agent, spark, spark-kit, zookeeper Message-ID: <20220119141809.7A5CFFF55@maintenance.suse.de> SUSE Security Update: Security update for openstack-monasca-agent, spark, spark-kit, zookeeper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0126-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-monasca-agent, spark, spark-kit, zookeeper fixes the following issues: - CVE-2021-4104: Remove JMSAppender from log4j jars (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-126=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-126=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-126=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-agent-2.2.6~dev4-3.24.1 python-monasca-agent-2.2.6~dev4-3.24.1 spark-1.6.3-8.9.2 zookeeper-server-3.4.10-3.12.1 - SUSE OpenStack Cloud 8 (noarch): openstack-monasca-agent-2.2.6~dev4-3.24.1 python-monasca-agent-2.2.6~dev4-3.24.1 spark-1.6.3-8.9.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.37.1 zookeeper-server-3.4.10-3.12.1 - HPE Helion Openstack 8 (noarch): openstack-monasca-agent-2.2.6~dev4-3.24.1 python-monasca-agent-2.2.6~dev4-3.24.1 spark-1.6.3-8.9.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.37.1 zookeeper-server-3.4.10-3.12.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Wed Jan 19 14:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 15:19:19 +0100 (CET) Subject: SUSE-RU-2022:0127-1: moderate: Recommended update for obs-service-docker_label_helper Message-ID: <20220119141919.AE08BFF55@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-docker_label_helper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0127-1 Rating: moderate References: #1193429 Affected Products: SUSE Linux Enterprise Module for Containers 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for obs-service-docker_label_helper fixes the following issues: - Support new syntax which makes Dockerfiles compatible with plain Docker/podman build. The new syntax uses entry/exit point to determine whether labels should be expanded. Doing so makes the Dockerfile compatible with standard `docker build` and `podman build` command. (bsc#1193429) - Retain compatibility with old syntax. Update documentation - Improve summary, description and README.md a bit - Improve regexp instead of having two as proposed by Fabian Vogt Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-127=1 Package List: - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): obs-service-docker_label_helper-0.0-5.6.1 References: https://bugzilla.suse.com/1193429 From sle-updates at lists.suse.com Wed Jan 19 14:21:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 15:21:38 +0100 (CET) Subject: SUSE-SU-2022:0128-1: important: Security update for libvirt Message-ID: <20220119142138.2ADE2FF55@maintenance.suse.de> SUSE Security Update: Security update for libvirt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0128-1 Rating: important References: #1191668 #1192017 #1192876 #1193981 #1194041 Cross-References: CVE-2021-3975 CVE-2021-4147 CVSS scores: CVE-2021-3975 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-4147 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for libvirt fixes the following issues: - CVE-2021-4147: libxl: Fix libvirtd deadlocks and segfaults. (bsc#1194041) - CVE-2021-3975: Add missing lock in qemuProcessHandleMonitorEOF. (bsc#1192876) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-128=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-128=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-128=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-128=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-128=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-128=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 x86_64): libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE Enterprise Storage 6 (x86_64): libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 - SUSE Enterprise Storage 6 (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 - SUSE CaaS Platform 4.0 (x86_64): libvirt-5.1.0-17.1 libvirt-admin-5.1.0-17.1 libvirt-admin-debuginfo-5.1.0-17.1 libvirt-client-5.1.0-17.1 libvirt-client-debuginfo-5.1.0-17.1 libvirt-daemon-5.1.0-17.1 libvirt-daemon-config-network-5.1.0-17.1 libvirt-daemon-config-nwfilter-5.1.0-17.1 libvirt-daemon-debuginfo-5.1.0-17.1 libvirt-daemon-driver-interface-5.1.0-17.1 libvirt-daemon-driver-interface-debuginfo-5.1.0-17.1 libvirt-daemon-driver-libxl-5.1.0-17.1 libvirt-daemon-driver-libxl-debuginfo-5.1.0-17.1 libvirt-daemon-driver-lxc-5.1.0-17.1 libvirt-daemon-driver-lxc-debuginfo-5.1.0-17.1 libvirt-daemon-driver-network-5.1.0-17.1 libvirt-daemon-driver-network-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nodedev-5.1.0-17.1 libvirt-daemon-driver-nodedev-debuginfo-5.1.0-17.1 libvirt-daemon-driver-nwfilter-5.1.0-17.1 libvirt-daemon-driver-nwfilter-debuginfo-5.1.0-17.1 libvirt-daemon-driver-qemu-5.1.0-17.1 libvirt-daemon-driver-qemu-debuginfo-5.1.0-17.1 libvirt-daemon-driver-secret-5.1.0-17.1 libvirt-daemon-driver-secret-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-5.1.0-17.1 libvirt-daemon-driver-storage-core-5.1.0-17.1 libvirt-daemon-driver-storage-core-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-disk-5.1.0-17.1 libvirt-daemon-driver-storage-disk-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-5.1.0-17.1 libvirt-daemon-driver-storage-iscsi-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-logical-5.1.0-17.1 libvirt-daemon-driver-storage-logical-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-5.1.0-17.1 libvirt-daemon-driver-storage-mpath-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-5.1.0-17.1 libvirt-daemon-driver-storage-rbd-debuginfo-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-5.1.0-17.1 libvirt-daemon-driver-storage-scsi-debuginfo-5.1.0-17.1 libvirt-daemon-hooks-5.1.0-17.1 libvirt-daemon-lxc-5.1.0-17.1 libvirt-daemon-qemu-5.1.0-17.1 libvirt-daemon-xen-5.1.0-17.1 libvirt-debugsource-5.1.0-17.1 libvirt-devel-5.1.0-17.1 libvirt-libs-5.1.0-17.1 libvirt-libs-debuginfo-5.1.0-17.1 libvirt-lock-sanlock-5.1.0-17.1 libvirt-lock-sanlock-debuginfo-5.1.0-17.1 libvirt-nss-5.1.0-17.1 libvirt-nss-debuginfo-5.1.0-17.1 - SUSE CaaS Platform 4.0 (noarch): libvirt-bash-completion-5.1.0-17.1 libvirt-doc-5.1.0-17.1 References: https://www.suse.com/security/cve/CVE-2021-3975.html https://www.suse.com/security/cve/CVE-2021-4147.html https://bugzilla.suse.com/1191668 https://bugzilla.suse.com/1192017 https://bugzilla.suse.com/1192876 https://bugzilla.suse.com/1193981 https://bugzilla.suse.com/1194041 From sle-updates at lists.suse.com Wed Jan 19 20:18:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 21:18:15 +0100 (CET) Subject: SUSE-SU-2022:14877-1: important: Security update for htmldoc Message-ID: <20220119201815.88FD8FF4E@maintenance.suse.de> SUSE Security Update: Security update for htmldoc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14877-1 Rating: important References: #1194487 Cross-References: CVE-2021-43579 CVSS scores: CVE-2021-43579 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: Subscription Management Tool for SUSE Linux Enterprise 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for htmldoc fixes the following issues: - CVE-2021-43579: Fixed stack-based buffer overflow in image_load_bmp() resulting in remote code execution if the victim converts an HTML document linking to a crafted BMP file. (bsc#1194487) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3: zypper in -t patch slesmtsp3-htmldoc-14877=1 Package List: - Subscription Management Tool for SUSE Linux Enterprise 11-SP3 (i586 s390x x86_64): htmldoc-1.8.27-170.4.6.1 References: https://www.suse.com/security/cve/CVE-2021-43579.html https://bugzilla.suse.com/1194487 From sle-updates at lists.suse.com Wed Jan 19 20:19:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 21:19:35 +0100 (CET) Subject: SUSE-SU-2022:0131-1: important: Security update for the Linux Kernel Message-ID: <20220119201935.CA2CEFF4E@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0131-1 Rating: important References: #1139944 #1151927 #1152489 #1153275 #1154353 #1154355 #1161907 #1164565 #1166780 #1169514 #1176242 #1176447 #1176536 #1176544 #1176545 #1176546 #1176548 #1176558 #1176559 #1176774 #1176940 #1176956 #1177440 #1178134 #1178270 #1179211 #1179424 #1179426 #1179427 #1179599 #1181148 #1181507 #1181710 #1182404 #1183534 #1183540 #1183897 #1184318 #1185726 #1185902 #1186332 #1187541 #1189126 #1189158 #1191793 #1191876 #1192267 #1192320 #1192507 #1192511 #1192569 #1192606 #1192691 #1192845 #1192847 #1192874 #1192946 #1192969 #1192987 #1192990 #1192998 #1193002 #1193042 #1193139 #1193169 #1193306 #1193318 #1193349 #1193440 #1193442 #1193655 #1193993 #1194087 #1194094 SLE-22574 Cross-References: CVE-2020-24504 CVE-2020-27820 CVE-2021-28711 CVE-2021-28712 CVE-2021-28713 CVE-2021-28714 CVE-2021-28715 CVE-2021-4001 CVE-2021-4002 CVE-2021-43975 CVE-2021-43976 CVE-2021-45485 CVE-2021-45486 CVSS scores: CVE-2020-24504 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-24504 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2020-27820 (SUSE): 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L CVE-2021-28711 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28711 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28712 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28712 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28713 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28713 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28714 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-28715 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-4001 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-4002 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-43975 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-43976 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-45485 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-45486 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 ______________________________________________________________________________ An update that solves 13 vulnerabilities, contains one feature and has 61 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past (jsc#SLE-22573) You can reenable via systemctl setting /proc/sys/kernel/unprivileged_bpf_disabled to 0. (kernel.unprivileged_bpf_disabled = 0) The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. (bsc#1194094) - CVE-2021-45486: Fixed an information leak because the hash table is very small in net/ipv4/route.c. (bnc#1194087). - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. (bsc#1192990) - CVE-2021-28715: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by do not queueing unlimited number of packages. (bsc#1193442) - CVE-2021-28714: Fixed an issue where a guest could force Linux netback driver to hog large amounts of kernel memory by fixing rx queue stall detection. (bsc#1193442) - CVE-2021-28713: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening hvc_xen against event channel storms. (bsc#1193440) - CVE-2021-28712: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening netfront against event channel storms. (bsc#1193440) - CVE-2021-28711: Fixed a rogue backends that could cause DoS of guests via high frequency events by hardening blkfront against event channel storms. (bsc#1193440) - CVE-2020-24504: Fixed an uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers that may have allowed an authenticated user to potentially enable denial of service via local access. (bnc#1182404) - CVE-2021-43975: Fixed a flaw in hw_atl_utils_fw_rpc_wait that could allow an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (bnc#1192845) - CVE-2021-43976: Fixed a flaw that could allow an attacker (who can connect a crafted USB device) to cause a denial of service. (bnc#1192847) - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in hugetlbfs. (bsc#1192946) - CVE-2020-27820: Fixed a vulnerability where a use-after-frees in nouveau's postclose() handler could happen if removing device. (bnc#1179599) The following non-security bugs were fixed: - ACPI: battery: Accept charges over the design capacity as full (git-fixes). - ACPI: PMIC: Fix intel_pmic_regs_handler() read accesses (git-fixes). - ACPICA: Avoid evaluating methods too early during system resume (git-fixes). - Add SMB 2 support for getting and setting SACLs (bsc#1192606). - Add to supported.conf: fs/smbfs_common/cifs_arc4 fs/smbfs_common/cifs_md4 - ALSA: ctxfi: Fix out-of-range access (git-fixes). - ALSA: gus: fix null pointer dereference on pointer block (git-fixes). - ALSA: hda: hdac_ext_stream: fix potential locking issues (git-fixes). - ALSA: hda: hdac_stream: fix potential locking issue in snd_hdac_stream_assign() (git-fixes). - ALSA: hda/realtek: Add a quirk for Acer Spin SP513-54N (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS UX550VE (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC70HS (git-fixes). - ALSA: hda/realtek: Add quirk for HP EliteBook 840 G7 mute LED (git-fixes). - ALSA: ISA: not for M68K (git-fixes). - ALSA: synth: missing check for possible NULL after the call to kstrdup (git-fixes). - ALSA: timer: Fix use-after-free problem (git-fixes). - ALSA: timer: Unconditionally unlink slave instances, too (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 400 (git-fixes). - ARM: 8970/1: decompressor: increase tag size (git-fixes). - ARM: 8974/1: use SPARSMEM_STATIC when SPARSEMEM is enabled (git-fixes) - ARM: 8986/1: hw_breakpoint: Do not invoke overflow handler on uaccess watchpoints (git-fixes) - ARM: 9007/1: l2c: fix prefetch bits init in L2X0_AUX_CTRL using DT (git-fixes) - ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe (git-fixes) - ARM: 9046/1: decompressor: Do not clear SCTLR.nTLSMD for ARMv7+ cores (git-fixes) - ARM: 9064/1: hw_breakpoint: Do not directly check the event's (git-fixes) - ARM: 9071/1: uprobes: Do not hook on thumb instructions (git-fixes) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (git-fixes) - ARM: 9091/1: Revert "mm: qsd8x50: Fix incorrect permission faults" (git-fixes) - ARM: 9133/1: mm: proc-macros: ensure *_tlb_fns are 4B aligned (git-fixes) - ARM: 9134/1: remove duplicate memcpy() definition (git-fixes) - ARM: 9139/1: kprobes: fix arch_init_kprobes() prototype (git-fixes) - ARM: 9141/1: only warn about XIP address when not compile testing (git-fixes) - ARM: 9155/1: fix early early_iounmap() (git-fixes) - ARM: at91: pm: add missing put_device() call in at91_pm_sram_init() (git-fixes) - ARM: at91: pm: of_node_put() after its usage (git-fixes) - ARM: at91: pm: use proper master clock register offset (git-fixes) - ARM: bcm: Select ARM_TIMER_SP804 for ARCH_BCM_NSP (git-fixes) - ARM: dts sunxi: Relax a bit the CMA pool allocation range (git-fixes) - ARM: dts: am335x-pocketbeagle: Fix mmc0 Write Protect (git-fixes) - ARM: dts: am335x: align ti,pindir-d0-out-d1-in property with dt-shema (git-fixes) - ARM: dts: am437x-idk-evm: Fix incorrect OPP node names (git-fixes) - ARM: dts: am437x-l4: fix typo in can at 0 node (git-fixes) - ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to each fan (git-fixes) - ARM: dts: armada388-helios4: assign pinctrl to LEDs (git-fixes) - ARM: dts: aspeed: s2600wf: Fix VGA memory region location (git-fixes) - ARM: dts: aspeed: tiogapass: Remove vuart (git-fixes) - ARM: dts: at91-sama5d27_som1: fix phy address to 7 (git-fixes) - ARM: dts: at91: add pinctrl-{names, 0} for all gpios (git-fixes) - ARM: dts: at91: at91sam9rl: fix ADC triggers (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix sdmmc0 node description (git-fixes) - ARM: dts: at91: sama5d2_ptc_ek: fix vbus pin (git-fixes) - ARM: dts: at91: sama5d2_xplained: classd: pull-down the R1 and R3 lines (git-fixes) - ARM: dts: at91: sama5d2: fix CAN message ram offset and size (git-fixes) - ARM: dts: at91: sama5d2: map securam as device (git-fixes) - ARM: dts: at91: sama5d3_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4_xplained: add pincontrol for USB Host (git-fixes) - ARM: dts: at91: sama5d4: fix pinctrl muxing (git-fixes) - ARM: dts: at91: tse850: the emaclt;->phy interface is rmii (git-fixes) - ARM: dts: bcm: HR2: Fix PPI interrupt types (git-fixes) - ARM: dts: bcm: HR2: Fixed QSPI compatible string (git-fixes) - ARM: dts: bcm2835-rpi-zero-w: Fix led polarity (git-fixes) - ARM: dts: BCM5301X: Add interrupt properties to GPIO node (git-fixes) - ARM: dts: BCM5301X: Fix I2C controller interrupt (git-fixes) - ARM: dts: BCM5301X: Fixed QSPI compatible string (git-fixes) - ARM: dts: colibri-imx6ull: limit SDIO clock to 25MHz (git-fixes) - ARM: dts: Configure missing thermal interrupt for 4430 (git-fixes) - ARM: dts: dra76x: Fix mmc3 max-frequency (git-fixes) - ARM: dts: dra76x: m_can: fix order of clocks (git-fixes) - ARM: dts: dra7xx-clocks: Fixup IPU1 mux clock parent source (git-fixes) - ARM: dts: exynos: correct fuel gauge interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct MUIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Arndale (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Artik 5 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Midas (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Monk (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid X/U3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Odroid XU3 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Rinato (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on SMDK5250 (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Snow (git-fixes) - ARM: dts: exynos: correct PMIC interrupt trigger level on Spring (git-fixes) - ARM: dts: exynos: Fix GPIO polarity for thr GalaxyS3 CM36651 sensor's bus (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid HC1 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU/XU3 (git-fixes) - ARM: dts: exynos: fix PWM LED max brightness on Odroid XU4 (git-fixes) - ARM: dts: exynos: fix roles of USB 3.0 ports on Odroid XU (git-fixes) - ARM: dts: exynos: fix USB 3.0 pins supply being turned off on Odroid (git-fixes) - ARM: dts: exynos: fix USB 3.0 VBUS control and over-current pins on (git-fixes) - ARM: dts: Fix dcan driver probe failed on am437x platform (git-fixes) - ARM: dts: Fix duovero smsc interrupt for suspend (git-fixes) - ARM: dts: gemini-rut1xx: remove duplicate ethernet node (git-fixes) - ARM: dts: gose: Fix ports node name for adv7180 (git-fixes) - ARM: dts: gose: Fix ports node name for adv7612 (git-fixes) - ARM: dts: imx: emcon-avari: Fix nxp,pca8574 #gpio-cells (git-fixes) - ARM: dts: imx: Fix USB host power regulator polarity on M53Menlo (git-fixes) - ARM: dts: imx: Swap M53Menlo pinctrl_power_button/pinctrl_power_out (git-fixes) - ARM: dts: imx27-phytec-phycard-s-rdk: Fix the I2C1 pinctrl entries (git-fixes) - ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (git-fixes) - ARM: dts: imx6: pbab01: Set vmmc supply for both SD interfaces (git-fixes) - ARM: dts: imx6: phycore-som: fix arm and soc minimum voltage (git-fixes) - ARM: dts: imx6: phycore-som: fix emmc supply (git-fixes) - ARM: dts: imx6: Use gpc for FEC interrupt controller to fix wake on LAN (git-fixes) - ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties (git-fixes). - ARM: dts: imx6dl-yapp4: Fix RGMII connection to QCA8334 switch (git-fixes) - ARM: dts: imx6dl-yapp4: Fix Ursa board Ethernet connection (git-fixes) - ARM: dts: imx6q-dhcom: Add gpios pinctrl for i2c bus recovery (git-fixes) - ARM: dts: imx6q-dhcom: Add PU,VDD1P1,VDD2P5 regulators (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet plugin detection problems (git-fixes) - ARM: dts: imx6q-dhcom: Fix ethernet reset time properties (git-fixes) - ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming (git-fixes) - ARM: dts: imx6qdl-gw551x: Do not use 'simple-audio-card,dai-link' (git-fixes) - ARM: dts: imx6qdl-gw551x: fix audio SSI (git-fixes) - ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status (git-fixes) - ARM: dts: imx6qdl-kontron-samx6i: fix I2C_PM scl pin (git-fixes) - ARM: dts: imx6qdl-sr-som: Increase the PHY reset duration to 10ms (git-fixes) - ARM: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (git-fixes) - ARM: dts: imx6sl: fix rng node (git-fixes) - ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx-sdb: Fix the phy-mode on fec2 (git-fixes) - ARM: dts: imx6sx: Add missing UART RTS/CTS pins mux (git-fixes) - ARM: dts: imx6sx: fix the pad QSPI1B_SCLK mux mode for uart3 (git-fixes) - ARM: dts: imx6sx: Improve UART pins macro defines (git-fixes) - ARM: dts: imx7-colibri: Fix frequency for sd/mmc (git-fixes) - ARM: dts: imx7-colibri: fix muxing of usbc_det pin (git-fixes) - ARM: dts: imx7-colibri: prepare module device tree for FlexCAN (git-fixes) - ARM: dts: imx7d-meerkat96: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d-pico: Fix the 'tuning-step' property (git-fixes) - ARM: dts: imx7d: Correct speed grading fuse settings (git-fixes) - ARM: dts: imx7d: fix opp-supported-hw (git-fixes) - ARM: dts: imx7ulp: Correct gpio ranges (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix broken audio (git-fixes) - ARM: dts: logicpd-som-lv-baseboard: Fix missing video (git-fixes) - ARM: dts: logicpd-torpedo-baseboard: Fix broken audio (git-fixes) - ARM: dts: lpc32xx: Revert set default clock rate of HCLK PLL (git-fixes) - ARM: dts: ls1021a: fix QuadSPI-memory reg range (git-fixes) - ARM: dts: ls1021a: Restore MDIO compatible to gianfar (git-fixes) - ARM: dts: meson: fix PHY deassert timing requirements (git-fixes) - ARM: dts: meson8: remove two invalid interrupt lines from the GPU (git-fixes) - ARM: dts: meson8: Use a higher default GPU clock frequency (git-fixes) - ARM: dts: meson8b: ec100: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: mxq: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: meson8b: odroidc1: Fix the pwm regulator supply properties (git-fixes) - ARM: dts: mt7623: add missing pause for switchport (git-fixes) - ARM: dts: N900: fix onenand timings (git-fixes). - ARM: dts: NSP: Correct FA2 mailbox node (git-fixes) - ARM: dts: NSP: Disable PL330 by default, add dma-coherent property (git-fixes) - ARM: dts: NSP: Fixed QSPI compatible string (git-fixes) - ARM: dts: omap3-gta04a4: accelerometer irq fix (git-fixes) - ARM: dts: omap3430-sdp: Fix NAND device node (git-fixes) - ARM: dts: owl-s500: Fix incorrect PPI interrupt specifiers (git-fixes) - ARM: dts: oxnas: Fix clear-mask property (git-fixes) - ARM: dts: pandaboard: fix pinmux for gpio user button of Pandaboard (git-fixes) - ARM: dts: qcom: apq8064: Use 27MHz PXO clock as DSI PLL reference (git-fixes) - ARM: dts: qcom: msm8974: Add xo_board reference clock to DSI0 PHY (git-fixes) - ARM: dts: r7s9210: Remove bogus clock-names from OSTM nodes (git-fixes) - ARM: dts: r8a73a4: Add missing CMT1 interrupts (git-fixes) - ARM: dts: r8a7740: Add missing extal2 to CPG node (git-fixes) - ARM: dts: r8a7779, marzen: Fix DU clock names (git-fixes) - ARM: dts: Remove non-existent i2c1 from 98dx3236 (git-fixes) - ARM: dts: renesas: Fix IOMMU device node names (git-fixes) - ARM: dts: s5pv210: Set keep-power-in-suspend for SDHCI1 on Aries (git-fixes) - ARM: dts: socfpga: Align L2 cache-controller nodename with dtschema (git-fixes) - ARM: dts: socfpga: fix register entry for timer3 on Arria10 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32f429 (git-fixes) - ARM: dts: stm32: fix a typo for DAC io-channel-cells on stm32h743 (git-fixes) - ARM: dts: sun6i: a31-hummingbird: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode (git-fixes) - ARM: dts: sun7i: bananapi-m1-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun7i: bananapi: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: cubietruck: Enable RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun7i: pcduino3-nano: enable RGMII RX/TX delay on PHY (git-fixes) - ARM: dts: sun8i-a83t-tbs-a711: Fix USB OTG mode detection (git-fixes) - ARM: dts: sun8i-h2-plus-bananapi-m2-zero: Fix led polarity (git-fixes) - ARM: dts: sun8i: a83t: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sun8i: h3: orangepi-plus2e: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-berry: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix dcdc1 regulator (git-fixes) - ARM: dts: sun8i: r40: bananapi-m2-ultra: Fix ethernet node (git-fixes) - ARM: dts: sun8i: r40: Move AHCI device node based on address order (git-fixes) - ARM: dts: sun8i: v3s: fix GIC node memory range (git-fixes) - ARM: dts: sun8i: v40: bananapi-m2-berry: Fix ethernet node (git-fixes) - ARM: dts: sun9i: Enable both RGMII RX/TX delay on Ethernet PHY (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus-v1.2: Fix CPU supply voltages (git-fixes) - ARM: dts: sunxi: bananapi-m2-plus: Enable RGMII RX/TX delay on (git-fixes) - ARM: dts: sunxi: Fix DE2 clocks register range (git-fixes) - ARM: dts: turris-omnia: add comphy handle to eth2 (git-fixes) - ARM: dts: turris-omnia: add SFP node (git-fixes) - ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin (git-fixes) - ARM: dts: turris-omnia: describe switch interrupt (git-fixes) - ARM: dts: turris-omnia: enable HW buffer management (git-fixes) - ARM: dts: turris-omnia: fix hardware buffer management (git-fixes) - ARM: dts: uniphier: Change phy-mode to RGMII-ID to enable delay pins (git-fixes) - ARM: dts: uniphier: Set SCSSI clock and reset IDs for each channel (git-fixes). - ARM: dts: vf610-zii-dev-rev-b: Remove #address-cells and #size-cells (git-fixes) - ARM: dts: vfxxx: Add syscon compatible with OCOTP (git-fixes) - ARM: exynos: add missing of_node_put for loop iteration (git-fixes) - ARM: exynos: MCPM: Restore big.LITTLE cpuidle support (git-fixes) - ARM: footbridge: fix PCI interrupt mapping (git-fixes) - ARM: imx: add missing clk_disable_unprepare() (git-fixes) - ARM: imx: add missing iounmap() (git-fixes) - ARM: imx: build suspend-imx6.S with arm instruction set (git-fixes) - ARM: imx: fix missing 3rd argument in macro imx_mmdc_perf_init (git-fixes) - ARM: imx5: add missing put_device() call in imx_suspend_alloc_ocram() (git-fixes) - ARM: imx6: disable the GIC CPU interface before calling stby-poweroff (git-fixes) - ARM: mvebu: drop pointless check for coherency_base (git-fixes) - ARM: OMAP2+: Fix legacy mode dss_reset (git-fixes) - ARM: OMAP2+: omap_device: fix idling of devices during probe (git-fixes) - ARM: OMAP2+: pm33xx-core: Make am43xx_get_rtc_base_addr static (git-fixes) - ARM: p2v: fix handling of LPAE translation in BE mode (git-fixes) - ARM: s3c: irq-s3c24xx: Fix return value check for s3c24xx_init_intc() (git-fixes) - ARM: s3c24xx: fix missing system reset (git-fixes) - ARM: s3c24xx: fix mmc gpio lookup tables (git-fixes) - ARM: samsung: do not build plat/pm-common for Exynos (git-fixes) - ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (git-fixes) - ARM: socfpga: PM: add missing put_device() call in socfpga_setup_ocram_self_refresh() (git-fixes) - ASoC: DAPM: Cover regression by kctl change notification fix (git-fixes). - ASoC: nau8824: Add DMI quirk mechanism for active-high jack-detect (git-fixes). - ASoC: qdsp6: q6routing: Conditionally reset FrontEnd Mixer (git-fixes). - ASoC: SOF: Intel: hda-dai: fix potential locking issue (git-fixes). - ASoC: topology: Add missing rwsem around snd_ctl_remove() calls (git-fixes). - ath: dfs_pattern_detector: Fix possible null-pointer dereference in channel_detector_create() (git-fixes). - ath10k: fix invalid dma_addr_t token assignment (git-fixes). - ath10k: high latency fixes for beacon buffer (git-fixes). - Bbluetooth: btusb: Add another Bluetooth part for Realtek 8852AE (bsc#1193655). - bfq: Limit number of requests consumed by each cgroup (bsc#1184318). - bfq: Store full bitmap depth in bfq_data (bsc#1184318). - bfq: Track number of allocated requests in bfq_entity (bsc#1184318). - block: Fix use-after-free issue accessing struct io_cq (bsc#1193042). - block: Provide blk_mq_sched_get_icq() (bsc#1184318). - Bluetooth: Add additional Bluetooth part for Realtek 8852AE (bsc#1193655). - Bluetooth: btrtl: Refine the ic_id_table for clearer and more regular (bsc#1193655). - Bluetooth: btusb: Add the more support IDs for Realtek RTL8822CE (bsc#1193655). - Bluetooth: btusb: Add the new support ID for Realtek RTL8852A (bsc#1193655). - Bluetooth: btusb: btrtl: Add support for RTL8852A (bsc#1193655). - Bluetooth: fix use-after-free error in lock_sock_nested() (git-fixes). - bnxt_en: reject indirect blk offload when hw-tc-offload is off (jsc#SLE-8372 bsc#1153275). - bonding: Fix a use-after-free problem when bond_sysfs_slave_add() failed (git-fixes). - bpf, arm: Fix register clobbering in div/mod implementation (git-fixes) - bpf, s390: Fix potential memory leak about jit_data (git-fixes). - bpf, x86: Fix "no previous prototype" warning (git-fixes). - brcmfmac: Add DMI nvram filename quirk for Cyberbook T116 tablet (git-fixes). - btrfs: do not ignore error from btrfs_next_leaf() when inserting checksums (bsc#1193002). - btrfs: fix fsync failure and transaction abort after writes to prealloc extents (bsc#1193002). - btrfs: fix lost inode on log replay after mix of fsync, rename and inode eviction (bsc#1192998). - btrfs: fix race causing unnecessary inode logging during link and rename (bsc#1192998). - btrfs: make checksum item extension more efficient (bsc#1193002). - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type (git-fixes). - cifs use true,false for bool variable (bsc#1164565). - cifs_atomic_open(): fix double-put on late allocation failure (bsc#1192606). - cifs_debug: use %pd instead of messing with ->d_name (bsc#1192606). - cifs: add a debug macro that prints \\server\share for errors (bsc#1164565). - cifs: add a function to get a cached dir based on its dentry (bsc#1192606). - cifs: add a helper to find an existing readable handle to a file (bsc#1154355). - cifs: add a timestamp to track when the lease of the cached dir was taken (bsc#1192606). - cifs: add an smb3_fs_context to cifs_sb (bsc#1192606). - cifs: add FALLOC_FL_INSERT_RANGE support (bsc#1192606). - cifs: add files to host new mount api (bsc#1192606). - cifs: add fs_context param to parsing helpers (bsc#1192606). - cifs: Add get_security_type_str function to return sec type (bsc#1192606). - cifs: add initial reconfigure support (bsc#1192606). - cifs: add missing mount option to /proc/mounts (bsc#1164565). - cifs: add missing parsing of backupuid (bsc#1192606). - cifs: Add missing sentinel to smb3_fs_parameters (bsc#1192606). - cifs: add mount parameter tcpnodelay (bsc#1192606). - cifs: add multichannel mount options and data structs (bsc#1192606). - cifs: add new debugging macro cifs_server_dbg (bsc#1164565). - cifs: Add new mount parameter "acdirmax" to allow caching directory metadata (bsc#1192606). - cifs: Add new parameter "acregmax" for distinct file and directory metadata timeout (bsc#1192606). - cifs: add NULL check for ses->tcon_ipc (bsc#1178270). - cifs: add passthrough for smb2 setinfo (bsc#1164565). - cifs: add server param (bsc#1192606). - cifs: add shutdown support (bsc#1192606). - cifs: add smb2 POSIX info level (bsc#1164565). - cifs: add SMB2_open() arg to return POSIX data (bsc#1164565). - cifs: add SMB3 change notification support (bsc#1164565). - cifs: add support for FALLOC_FL_COLLAPSE_RANGE (bsc#1192606). - cifs: add support for fallocate mode 0 for non-sparse files (bsc#1164565). - cifs: add support for flock (bsc#1164565). - cifs: Add support for setting owner info, dos attributes, and create time (bsc#1164565). - cifs: Add tracepoints for errors on flush or fsync (bsc#1164565). - cifs: Add witness information to debug data dump (bsc#1192606). - cifs: add witness mount option and data structs (bsc#1192606). - cifs: added WARN_ON for all the count decrements (bsc#1192606). - cifs: Adjust indentation in smb2_open_file (bsc#1164565). - cifs: Adjust key sizes and key generation routines for AES256 encryption (bsc#1192606). - cifs: allocate buffer in the caller of build_path_from_dentry() (bsc#1192606). - cifs: Allocate crypto structures on the fly for calculating signatures of incoming packets (bsc#1192606). - cifs: Allocate encryption header through kmalloc (bsc#1192606). - cifs: allow chmod to set mode bits using special sid (bsc#1164565). - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956). - cifs: allow unlock flock and OFD lock across fork (bsc#1192606). - cifs: Always update signing key of first channel (bsc#1192606). - cifs: ask for more credit on async read/write code paths (bsc#1192606). - cifs: Assign boolean values to a bool variable (bsc#1192606). - cifs: Avoid doing network I/O while holding cache lock (bsc#1164565). - cifs: Avoid error pointer dereference (bsc#1192606). - cifs: avoid extra calls in posix_info_parse (bsc#1192606). - cifs: Avoid field over-reading memcpy() (bsc#1192606). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: avoid using MID 0xFFFF (bnc#1151927 5.3.8). - cifs: call wake_up(server->response_q) inside of cifs_reconnect() (bsc#1164565). - cifs: change confusing field serverName (to ip_addr) (bsc#1192606). - cifs: change format of CIFS_FULL_KEY_DUMP ioctl (bsc#1192606). - cifs: change noisy error message to FYI (bsc#1181507). - cifs: Change SIDs in ACEs while transferring file ownership (bsc#1192606). - cifs: check all path components in resolved dfs target (bsc#1181710). - cifs: check new file size when extending file by fallocate (bsc#1192606). - cifs: check pointer before freeing (bsc#1183534). - cifs: check the timestamp for the cached dirent when deciding on revalidate (bsc#1192606). - cifs: cifs_md4 convert to SPDX identifier (bsc#1192606). - cifs: cifspdu.h: Replace one-element array with flexible-array member (bsc#1192606). - cifs: cifspdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: cifsssmb: remove redundant assignment to variable ret (bsc#1164565). - cifs: clarify comment about timestamp granularity for old servers (bsc#1192606). - cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (bsc#1192606). - cifs: Clarify SMB1 code for delete (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Create (bsc#1192606). - cifs: Clarify SMB1 code for POSIX delete file (bsc#1192606). - cifs: Clarify SMB1 code for POSIX Lock (bsc#1192606). - cifs: Clarify SMB1 code for rename open file (bsc#1192606). - cifs: Clarify SMB1 code for SetFileSize (bsc#1192606). - cifs: clarify SMB1 code for UnixCreateHardLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixCreateSymLink (bsc#1192606). - cifs: Clarify SMB1 code for UnixSetPathInfo (bsc#1192606). - cifs: Clean up DFS referral cache (bsc#1164565). - cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (bsc#1192606). - cifs: cleanup misc.c (bsc#1192606). - cifs: clear PF_MEMALLOC before exiting demultiplex thread (bsc#1192606). - cifs: Close cached root handle only if it had a lease (bsc#1164565). - cifs: Close open handle after interrupted close (bsc#1164565). - cifs: close the shared root handle on tree disconnect (bsc#1164565). - cifs: compute full_path already in cifs_readdir() (bsc#1192606). - cifs: connect individual channel servers to primary channel server (bsc#1192606). - cifs: connect: style: Simplify bool comparison (bsc#1192606). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: constify path argument of ->make_node() (bsc#1192606). - cifs: constify pathname arguments in a bunch of helpers (bsc#1192606). - cifs: Constify static struct genl_ops (bsc#1192606). - cifs: convert list_for_each to entry variant (bsc#1192606, jsc#SLE-20042). - cifs: convert list_for_each to entry variant in cifs_debug.c (bsc#1192606). - cifs: convert list_for_each to entry variant in smb2misc.c (bsc#1192606). - cifs: convert revalidate of directories to using directory metadata cache timeout (bsc#1192606). - cifs: convert to use be32_add_cpu() (bsc#1192606). - cifs: Convert to use the fallthrough macro (bsc#1192606). - cifs: correct comments explaining internal semaphore usage in the module (bsc#1192606). - cifs: correct four aliased mount parms to allow use of previous names (bsc#1192606). - cifs: create a helper function to parse the query-directory response buffer (bsc#1164565). - cifs: create a helper to find a writeable handle by path name (bsc#1154355). - cifs: create a MD4 module and switch cifs.ko to use it (bsc#1192606). - cifs: Create a new shared file holding smb2 pdu definitions (bsc#1192606). - cifs: create sd context must be a multiple of 8 (bsc#1192606). - cifs: Deal with some warnings from W=1 (bsc#1192606). - cifs: Delete a stray unlock in cifs_swn_reconnect() (bsc#1192606). - cifs: delete duplicated words in header files (bsc#1192606). - cifs: detect dead connections only when echoes are enabled (bsc#1192606). - cifs: Display local UID details for SMB sessions in DebugData (bsc#1192606). - cifs: do d_move in rename (bsc#1164565). - cifs: do not allow changing posix_paths during remount (bsc#1192606). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not create a temp nls in cifs_setup_ipc (bsc#1192606). - cifs: do not disable noperm if multiuser mount option is not provided (bsc#1192606). - cifs: Do not display RDMA transport on reconnect (bsc#1164565). - cifs: do not duplicate fscache cookie for secondary channels (bsc#1192606). - cifs: do not fail __smb_send_rqst if non-fatal signals are pending (git-fixes). - cifs: do not ignore the SYNC flags in getattr (bsc#1164565). - cifs: do not leak -EAGAIN for stat() during reconnect (bsc#1164565). - cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (bsc#1192606). - cifs: Do not miss cancelled OPEN responses (bsc#1164565). - cifs: do not negotiate session if session already exists (bsc#1192606). - cifs: do not send close in compound create+close requests (bsc#1181507). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcons with DFS (bsc#1178270). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: do not use 'pre:' for MODULE_SOFTDEP (bsc#1164565). - cifs: Do not use iov_iter::type directly (bsc#1192606). - cifs: Do not use the original cruid when following DFS links for multiuser mounts (bsc#1192606). - cifs: document and cleanup dfs mount (bsc#1178270). - cifs: dump channel info in DebugData (bsc#1192606). - cifs: dump Security Type info in DebugData (bsc#1192606). - cifs: dump the session id and keys also for SMB2 sessions (bsc#1192606). - cifs: enable change notification for SMB2.1 dialect (bsc#1164565). - cifs: enable extended stats by default (bsc#1192606). - cifs: Enable sticky bit with cifsacl mount option (bsc#1192606). - cifs: ensure correct super block for DFS reconnect (bsc#1178270). - cifs: escape spaces in share names (bsc#1192606). - cifs: export supported mount options via new mount_params /proc file (bsc#1192606). - cifs: fail i/o on soft mounts if sessionsetup errors out (bsc#1164565). - cifs: fiemap: do not return EINVAL if get nothing (bsc#1192606). - cifs: fix a comment for the timeouts when sending echos (bsc#1164565). - cifs: fix a memleak with modefromsid (bsc#1192606). - cifs: fix a sign extension bug (bsc#1192606). - cifs: fix a white space issue in cifs_get_inode_info() (bsc#1164565). - cifs: fix allocation size on newly created files (bsc#1192606). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1178270). - cifs: Fix atime update check vs mtime (bsc#1164565). - cifs: Fix bug which the return value by asynchronous read is error (bsc#1192606). - cifs: Fix cached_fid refcnt leak in open_shroot (bsc#1192606). - cifs: fix channel signing (bsc#1192606). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix check of tcon dfs in smb1 (bsc#1178270). - cifs: Fix chmod with modefromsid when an older ACE already exists (bsc#1192606). - cifs: fix chown and chgrp when idsfromsid mount option enabled (bsc#1192606). - cifs: Fix cifsacl ACE mask for group and others (bsc#1192606). - cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (bnc#1151927 5.3.10). - cifs: fix credit accounting for extra channel (bsc#1192606). - cifs: fix dereference on ses before it is null checked (bsc#1164565). - cifs: fix dfs domain referrals (bsc#1192606). - cifs: fix DFS failover (bsc#1192606). - cifs: fix DFS mount with cifsacl/modefromsid (bsc#1178270). - cifs: fix dfs-links (bsc#1192606). - cifs: fix doc warnings in cifs_dfs_ref.c (bsc#1192606). - cifs: Fix double add page to memcg when cifs_readpages (bsc#1192606). - cifs: fix double free error on share and prefix (bsc#1178270). - cifs: Fix fall-through warnings for Clang (bsc#1192606). - cifs: fix fallocate when trying to allocate a hole (bsc#1192606). - cifs: fix gcc warning in sid_to_id (bsc#1192606). - cifs: fix handling of escaped ',' in the password mount argument (bsc#1192606). - cifs: Fix in error types returned for out-of-credit situations (bsc#1192606). - cifs: Fix incomplete memory allocation on setxattr path (bsc#1179211). - cifs: Fix inconsistent indenting (bsc#1192606). - cifs: Fix inconsistent IS_ERR and PTR_ERR (bsc#1192606). - cifs: fix incorrect check for null pointer in header_assemble (bsc#1192606). - cifs: fix incorrect kernel doc comments (bsc#1192606). - cifs: fix interrupted close commands (git-fixes). - cifs: fix ipv6 formating in cifs_ses_add_channel (bsc#1192606). - cifs: fix leak in cifs_smb3_do_mount() ctx (bsc#1192606). - cifs: Fix leak when handling lease break for cached root fid (bsc#1176242). - cifs: fix leaked reference on requeued write (bsc#1178270). - cifs: Fix lookup of root ses in DFS referral cache (bsc#1164565). - cifs: Fix lookup of SMB connections on multichannel (bsc#1192606). - cifs: fix max ea value size (bnc#1151927 5.3.4). - cifs: Fix memory allocation in __smb2_handle_cancelled_cmd() (bsc#1164565). - cifs: fix memory leak in smb2_copychunk_range (git-fixes). - cifs: fix memory leak of smb3_fs_context_dup::server_hostname (bsc#1192606). - cifs: fix minor typos in comments and log messages (bsc#1192606). - cifs: Fix missed free operations (bnc#1151927 5.3.8). - cifs: fix missing null session check in mount (bsc#1192606). - cifs: fix missing spinlock around update to ses->status (bsc#1192606). - cifs: fix misspellings using codespell tool (bsc#1192606). - cifs: fix mode bits from dir listing when mounted with modefromsid (bsc#1164565). - cifs: Fix mode output in debugging statements (bsc#1164565). - cifs: fix mount option display for sec=krb5i (bsc#1161907). - cifs: Fix mount options set in automount (bsc#1164565). - cifs: fix mounts to subdirectories of target (bsc#1192606). - cifs: fix nodfs mount option (bsc#1181710). - cifs: fix NULL dereference in match_prepath (bsc#1164565). - cifs: fix NULL dereference in smb2_check_message() (bsc#1192606). - cifs: Fix null pointer check in cifs_read (bsc#1192606). - cifs: Fix NULL pointer dereference in mid callback (bsc#1164565). - cifs: Fix NULL-pointer dereference in smb2_push_mandatory_locks (bnc#1151927 5.3.16). - cifs: Fix oplock handling for SMB 2.1+ protocols (bnc#1151927 5.3.4). - cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (bsc#1192606). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: fix possible uninitialized access and race on iface_list (bsc#1192606). - cifs: Fix potential deadlock when updating vol in cifs_reconnect() (bsc#1164565). - cifs: fix potential mismatch of UNC paths (bsc#1164565). - cifs: Fix potential softlockups while refreshing DFS cache (bsc#1164565). - cifs: fix potential use-after-free bugs (bsc#1192606, jsc#SLE-20042). - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944). - cifs: Fix preauth hash corruption (git-fixes). - cifs: fix print of hdr_flags in dfscache_proc_show() (bsc#1192606, jsc#SLE-20042). - cifs: fix reference leak for tlink (bsc#1192606). - cifs: fix regression when mounting shares with prefix paths (bsc#1192606). - cifs: fix rename() by ensuring source handle opened with DELETE bit (bsc#1164565). - cifs: Fix resource leak (bsc#1192606). - cifs: Fix retrieval of DFS referrals in cifs_mount() (bsc#1164565). - cifs: Fix retry mid list corruption on reconnects (bnc#1151927 5.3.10). - cifs: Fix return value in __update_cache_entry (bsc#1164565). - cifs: fix rsize/wsize to be negotiated values (bsc#1192606). - cifs: fix SMB1 error path in cifs_get_file_info_unix (bsc#1192606). - cifs: Fix SMB2 oplock break processing (bsc#1154355 bnc#1151927 5.3.16). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: fix soft mounts hanging in the reconnect code (bsc#1164565). - cifs: Fix some error pointers handling detected by static checker (bsc#1192606). - cifs: Fix spelling of 'security' (bsc#1192606). - cifs: fix string declarations and assignments in tracepoints (bsc#1192606). - cifs: Fix support for remount when not changing rsize/wsize (bsc#1192606). - cifs: Fix task struct use-after-free on reconnect (bsc#1164565). - cifs: fix the out of range assignment to bit fields in parse_server_interfaces (bsc#1192606). - cifs: Fix the target file was deleted when rename failed (bsc#1192606). - cifs: fix trivial typo (bsc#1192606). - cifs: fix uninitialised lease_key in open_shroot() (bsc#1178270). - cifs: fix uninitialized variable in smb3_fs_context_parse_param (bsc#1192606). - cifs: fix unitialized variable poential problem with network I/O cache lock patch (bsc#1164565). - cifs: Fix unix perm bits to cifsacl conversion for "other" bits (bsc#1192606). - cifs: fix unneeded null check (bsc#1192606). - cifs: fix use after free in cifs_smb3_do_mount() (bsc#1192606). - cifs: Fix use after free of file info structures (bnc#1151927 5.3.8). - cifs: Fix use-after-free bug in cifs_reconnect() (bsc#1164565). - cifs: fix wrong release in sess_alloc_buffer() failed path (bsc#1192606). - cifs: for compound requests, use open handle if possible (bsc#1192606). - cifs: Force reval dentry if LOOKUP_REVAL flag is set (bnc#1151927 5.3.7). - cifs: Force revalidate inode when dentry is stale (bnc#1151927 5.3.7). - cifs: fork arc4 and create a separate module for it for cifs and other users (bsc#1192606). - cifs: get mode bits from special sid on stat (bsc#1164565). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: get rid of cifs_sb->mountdata (bsc#1192606). - cifs: Get rid of kstrdup_const()'d paths (bsc#1164565). - cifs: get rid of unused parameter in reconn_setup_dfs_targets() (bsc#1178270). - cifs: Grab a reference for the dentry of the cached directory during the lifetime of the cache (bsc#1192606). - cifs: Gracefully handle QueryInfo errors during open (bnc#1151927 5.3.7). - cifs: handle -EINTR in cifs_setattr (bsc#1192606). - cifs: handle "guest" mount parameter (bsc#1192606). - cifs: handle "nolease" option for vers=1.0 (bsc#1192606). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1178270). - cifs: handle hostnames that resolve to same ip in failover (bsc#1178270). - cifs: handle prefix paths in reconnect (bsc#1164565). - cifs: handle reconnect of tcon when there is no cached dfs referral (bsc#1192606). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1178270). - cifs: Handle witness client move notification (bsc#1192606). - cifs: have ->mkdir() handle race with another client sanely (bsc#1192606). - cifs: have cifs_fattr_to_inode() refuse to change type on live inode (bsc#1192606). - cifs: Identify a connection by a conn_id (bsc#1192606). - cifs: If a corrupted DACL is returned by the server, bail out (bsc#1192606). - cifs: ignore auto and noauto options if given (bsc#1192606). - cifs: ignore cached share root handle closing errors (bsc#1166780). - cifs: improve fallocate emulation (bsc#1192606). - cifs: improve read performance for page size 64KB cache=strict vers=2.1+ (bsc#1192606). - cifs: In the new mount api we get the full devname as source= (bsc#1192606). - cifs: Increment num_remote_opens stats counter even in case of smb2_query_dir_first (bsc#1192606). - cifs: Initialize filesystem timestamp ranges (bsc#1164565). - cifs: introduce cifs_ses_mark_for_reconnect() helper (bsc#1192606). - cifs: introduce helper for finding referral server (bsc#1181710). - cifs: Introduce helpers for finding TCP connection (bsc#1164565). - cifs: introduce new helper for cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: log mount errors using cifs_errorf() (bsc#1192606). - cifs: log warning message (once) if out of disk space (bsc#1164565). - cifs: make build_path_from_dentry() return const char * (bsc#1192606). - cifs: make const array static, makes object smaller (bsc#1192606). - cifs: Make extract_hostname function public (bsc#1192606). - cifs: Make extract_sharename function public (bsc#1192606). - cifs: make fs_context error logging wrapper (bsc#1192606). - cifs: make locking consistent around the server session status (bsc#1192606). - cifs: make multichannel warning more visible (bsc#1192606). - cifs: Make SMB2_notify_init static (bsc#1164565). - cifs: make sure we do not overflow the max EA buffer size (bsc#1164565). - cifs: make use of cap_unix(ses) in cifs_reconnect_tcon() (bsc#1164565). - cifs: map STATUS_ACCOUNT_LOCKED_OUT to -EACCES (bsc#1192606). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1178270). - cifs: Merge is_path_valid() into get_normalized_path() (bsc#1164565). - cifs: minor fix to two debug messages (bsc#1192606). - cifs: minor kernel style fixes for comments (bsc#1192606). - cifs: minor simplification to smb2_is_network_name_deleted (bsc#1192606). - cifs: minor update to comments around the cifs_tcp_ses_lock mutex (bsc#1192606). - cifs: minor updates to Kconfig (bsc#1192606). - cifs: misc: Use array_size() in if-statement controlling expression (bsc#1192606). - cifs: missed ref-counting smb session in find (bsc#1192606). - cifs: missing null check for newinode pointer (bsc#1192606). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: modefromsid: make room for 4 ACE (bsc#1164565). - cifs: modefromsid: write mode ACE first (bsc#1164565). - cifs: move [brw]size from cifs_sb to cifs_sb->ctx (bsc#1192606). - cifs: move cache mount options to fs_context.ch (bsc#1192606). - cifs: move cifs_cleanup_volume_info[_content] to fs_context.c (bsc#1192606). - cifs: move cifs_parse_devname to fs_context.c (bsc#1192606). - cifs: move cifsFileInfo_put logic into a work-queue (bsc#1154355). - cifs: move debug print out of spinlock (bsc#1192606). - cifs: Move more definitions into the shared area (bsc#1192606). - cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (bsc#1192606). - cifs: move security mount options into fs_context.ch (bsc#1192606). - cifs: move SMB FSCTL definitions to common code (bsc#1192606). - cifs: move smb version mount options into fs_context.c (bsc#1192606). - cifs: Move SMB2_Create definitions to the shared area (bsc#1192606). - cifs: move some variables off the stack in smb2_ioctl_query_info (bsc#1192606). - cifs: move the check for nohandlecache into open_shroot (bsc#1192606). - cifs: move the enum for cifs parameters into fs_context.h (bsc#1192606). - cifs: move update of flags into a separate function (bsc#1192606). - cifs: multichannel: always zero struct cifs_io_parms (bsc#1192606). - cifs: multichannel: move channel selection above transport layer (bsc#1192606). - cifs: multichannel: move channel selection in function (bsc#1192606). - cifs: multichannel: try to rebind when reconnecting a channel (bsc#1192606). - cifs: multichannel: use pointer for binding channel (bsc#1192606). - cifs: mute -Wunused-const-variable message (bnc#1151927 5.3.9). - cifs: New optype for session operations (bsc#1181507). - cifs: nosharesock should be set on new server (bsc#1192606). - cifs: nosharesock should not share socket with future sessions (bsc#1192606). - cifs: On cifs_reconnect, resolve the hostname again (bsc#1192606). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1178270). - cifs: only write 64kb at a time when fallocating a small region of a file (bsc#1192606). - cifs: Optimize readdir on reparse points (bsc#1164565). - cifs: pass a path to open_shroot and check if it is the root or not (bsc#1192606). - cifs: pass the dentry instead of the inode down to the revalidation check functions (bsc#1192606). - cifs: plumb smb2 POSIX dir enumeration (bsc#1164565). - cifs: populate server_hostname for extra channels (bsc#1192606). - cifs: potential unintitliazed error code in cifs_getattr() (bsc#1164565). - cifs: prepare SMB2_Flush to be usable in compounds (bsc#1154355). - cifs: prepare SMB2_query_directory to be used with compounding (bsc#1164565). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: prevent truncation from long to int in wait_for_free_credits (bsc#1192606). - cifs: print MIDs in decimal notation (bsc#1181507). - cifs: Print the address and port we are connecting to in generic_ip_connect() (bsc#1192606). - cifs: print warning mounting with vers=1.0 (bsc#1164565). - cifs: properly invalidate cached root handle when closing it (bsc#1192606). - cifs: Properly process SMB3 lease breaks (bsc#1164565). - cifs: protect session channel fields with chan_lock (bsc#1192606). - cifs: protect srv_count with cifs_tcp_ses_lock (bsc#1192606). - cifs: protect updating server->dstaddr with a spinlock (bsc#1192606). - cifs: Re-indent cifs_swn_reconnect() (bsc#1192606). - cifs: reduce number of referral requests in DFS link lookups (bsc#1178270). - cifs: reduce stack use in smb2_compound_op (bsc#1192606). - cifs: refactor cifs_get_inode_info() (bsc#1164565). - cifs: refactor create_sd_buf() and and avoid corrupting the buffer (bsc#1192606). - cifs: Reformat DebugData and index connections by conn_id (bsc#1192606). - cifs: Register generic netlink family (bsc#1192606). Update configs with CONFIG_SWN_UPCALL unset. - cifs: release lock earlier in dequeue_mid error case (bsc#1192606). - cifs: remove [gu]id/backup[gu]id/file_mode/dir_mode from cifs_sb (bsc#1192606). - cifs: remove actimeo from cifs_sb (bsc#1192606). - cifs: remove bogus debug code (bsc#1179427). - cifs: remove ctx argument from cifs_setup_cifs_sb (bsc#1192606). - cifs: remove duplicated prototype (bsc#1192606). - cifs: remove old dead code (bsc#1192606). - cifs: remove pathname for file from SPDX header (bsc#1192606). - cifs: remove redundant assignment to pointer pneg_ctxt (bsc#1164565). - cifs: remove redundant assignment to variable rc (bsc#1164565). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: remove redundant initialization of variable rc (bsc#1192606). - cifs: Remove repeated struct declaration (bsc#1192606). - cifs: Remove set but not used variable 'capabilities' (bsc#1164565). - cifs: remove set but not used variable 'server' (bsc#1164565). - cifs: remove set but not used variables 'cinode' and 'netfid' (bsc#1164565). - cifs: remove set but not used variables (bsc#1164565). - cifs: remove some minor warnings pointed out by kernel test robot (bsc#1192606). - cifs: remove the devname argument to cifs_compose_mount_options (bsc#1192606). - cifs: remove the retry in cifs_poxis_lock_set (bsc#1192606). - cifs: Remove the superfluous break (bsc#1192606). - cifs: remove two cases where rc is set unnecessarily in sid_to_id (bsc#1192606). - cifs: remove unnecessary copies of tcon->crfid.fid (bsc#1192606). - cifs: Remove unnecessary struct declaration (bsc#1192606). - cifs: remove unneeded variable in smb3_fs_context_dup (bsc#1192606). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: remove unused variable 'server' (bsc#1192606). - cifs: remove unused variable 'sid_user' (bsc#1164565). - cifs: remove unused variable (bsc#1164565). - cifs: Remove useless variable (bsc#1192606). - cifs: remove various function description warnings (bsc#1192606). - cifs: rename a variable in SendReceive() (bsc#1164565). - cifs: rename cifs_common to smbfs_common (bsc#1192606). - cifs: rename dup_vol to smb3_fs_context_dup and move it into fs_context.c (bsc#1192606). - cifs: rename posix create rsp (bsc#1164565). - cifs: rename reconn_inval_dfs_target() (bsc#1178270). - cifs: rename smb_vol as smb3_fs_context and move it to fs_context.h (bsc#1192606). - cifs: rename the *_shroot* functions to *_cached_dir* (bsc#1192606). - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440). - cifs: Respect O_SYNC and O_DIRECT flags during reconnect (bsc#1164565). - cifs: Retain old ACEs when converting between mode bits and ACL (bsc#1192606). - cifs: retry lookup and readdir when EAGAIN is returned (bsc#1192606). - cifs: return cached_fid from open_shroot (bsc#1192606). - cifs: Return correct error code from smb2_get_enc_key (git-fixes). - cifs: Return directly after a failed build_path_from_dentry() in cifs_do_create() (bsc#1164565). - cifs: return proper error code in statfs(2) (bsc#1181507). - cifs: Return the error from crypt_message when enc/dec key not found (bsc#1179426). - cifs: returning mount parm processing errors correctly (bsc#1192606). - cifs: revalidate mapping when we open files for SMB1 POSIX (bsc#1192606). - cifs: Send witness register and unregister commands to userspace daemon (bsc#1192606). - cifs: Send witness register messages to userspace daemon in echo task (bsc#1192606). - cifs: send workstation name during ntlmssp session setup (bsc#1192606). - cifs: set a minimum of 120s for next dns resolution (bsc#1192606). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - cifs: Set CIFS_MOUNT_USE_PREFIX_PATH flag on setting cifs_sb->prepath (bsc#1192606). - cifs: set correct max-buffer-size for smb2_ioctl_init() (bsc#1164565). - cifs: set server->cipher_type to AES-128-CCM for SMB3.0 (bsc#1192606). - cifs: set up next DFS target before generic_ip_connect() (bsc#1178270). - cifs: Set witness notification handler for messages from userspace daemon (bsc#1192606). - cifs: Silently ignore unknown oplock break handle (bsc#1192606). - cifs: Simplify bool comparison (bsc#1192606). - cifs: simplify handling of cifs_sb/ctx->local_nls (bsc#1192606). - cifs: Simplify reconnect code when dfs upcall is enabled (bsc#1192606). - cifs: simplify SWN code with dummy funcs instead of ifdefs (bsc#1192606). - cifs: smb1: Try failing back to SetFileInfo if SetPathInfo fails (bsc#1192606). - cifs: smb2pdu.h: Replace zero-length array with flexible-array member (bsc#1192606). - cifs: smbd: Add messages on RDMA session destroy and reconnection (bsc#1164565). - cifs: smbd: Calculate the correct maximum packet size for segmented SMBDirect send/receive (bsc#1192606). - cifs: smbd: Check and extend sender credits in interrupt context (bsc#1192606). - cifs: smbd: Check send queue size before posting a send (bsc#1192606). - cifs: smbd: Do not schedule work to send immediate packet on every receive (bsc#1192606). - cifs: smbd: Invalidate and deregister memory registration on re-send for direct I/O (bsc#1164565). - cifs: smbd: Merge code to track pending packets (bsc#1192606). - cifs: smbd: Only queue work for error recovery on memory registration (bsc#1164565). - cifs: smbd: Properly process errors on ib_post_send (bsc#1192606). - cifs: smbd: Return -EAGAIN when transport is reconnecting (bsc#1164565). - cifs: smbd: Return -ECONNABORTED when trasnport is not in connected state (bsc#1164565). - cifs: smbd: Return -EINVAL when the number of iovs exceeds SMBDIRECT_MAX_SGE (bsc#1164565). - cifs: smbd: Update receive credits before sending and deal with credits roll back on failure before sending (bsc#1192606). - cifs: sort interface list by speed (bsc#1192606). - cifs: Spelling s/EACCESS/EACCES/ (bsc#1192606). - cifs: split out dfs code from cifs_reconnect() (bsc#1192606, jsc#SLE-20042). - cifs: Standardize logging output (bsc#1192606). - cifs: store a pointer to the root dentry in cifs_sb_info once we have completed mounting the share (bsc#1192606). - cifs: style: replace one-element array with flexible-array (bsc#1192606). - cifs: support nested dfs links over reconnect (bsc#1192606, jsc#SLE-20042). - cifs: support share failover when remounting (bsc#1192606, jsc#SLE-20042). - cifs: switch build_path_from_dentry() to using dentry_path_raw() (bsc#1192606). - cifs: switch servers depending on binding state (bsc#1192606). - cifs: switch to new mount api (bsc#1192606). - cifs: To match file servers, make sure the server hostname matches (bsc#1192606). - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507). - cifs: try harder to open new channels (bsc#1192606). - cifs: try opening channels after mounting (bsc#1192606). - cifs: uncomplicate printing the iocharset parameter (bsc#1192606). - cifs: Unlock on errors in cifs_swn_reconnect() (bsc#1192606). - cifs: update ctime and mtime during truncate (bsc#1192606). - cifs: update FSCTL definitions (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal module version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update internal version number (bsc#1192606). - cifs: update mnt_cifs_flags during reconfigure (bsc#1192606). - cifs: update new ACE pointer after populate_new_aces (bsc#1192606). - cifs: update super_operations to show_devname (bsc#1192606). - cifs: Use #define in cifs_dbg (bsc#1164565). - cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (bnc#1151927 5.3.7). - cifs: Use common error handling code in smb2_ioctl_query_info() (bsc#1164565). - cifs: use compounding for open and first query-dir for readdir() (bsc#1164565). - cifs: use discard iterator to discard unneeded network data more efficiently (bsc#1192606). - cifs: use echo_interval even when connection not ready (bsc#1192606). - cifs: use existing handle for compound_op(OP_SET_INFO) when possible (bsc#1154355). - cifs: use helpers when parsing uid/gid mount options and validate them (bsc#1192606). - cifs: Use memdup_user() rather than duplicating its implementation (bsc#1164565). - cifs: use mod_delayed_work() for server->reconnect if already queued (bsc#1164565). - cifs: use PTR_ERR_OR_ZERO() to simplify code (bsc#1164565). - cifs: use SPDX-Licence-Identifier (bsc#1192606). - cifs: use the expiry output of dns_query to schedule next resolution (bsc#1192606). - cifs: use true,false for bool variable (bsc#1164565). - cifs: warn and fail if trying to use rootfs without the config option (bsc#1192606). - cifs: Warn less noisily on default mount (bsc#1192606). - cifs: we do not allow changing username/password/unc/... during remount (bsc#1192606). - cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544). - cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536). - cifs`: handle ERRBaduid for SMB1 (bsc#1192606). - clk: imx: imx6ul: Move csi_sel mux to correct base register (git-fixes). - clk: ingenic: Fix bugs with divided dividers (git-fixes). - config: refresh BPF configs (jsc#SLE-22574) The SUSE-commit 9a413cc7eb56 ("config: disable unprivileged BPF by default (jsc#SLE-22573)") inherited from SLE15-SP2 puts the BPF config into the wrong place due to SLE15-SP3 additionally backported b24abcff918a ("bpf, kconfig: Add consolidated menu entry for bpf with core options"), and leads to duplicate CONFIG_BPF_UNPRIV_DEFAULT_OFF entires; this commit remove those BPF config. Also, disable unprivileged BPF for armv7hl, which did not inherit the config change from SLE15-SP2. - constraints: Build aarch64 on recent ARMv8.1 builders. Request asimdrdm feature which is available only on recent ARMv8.1 CPUs. This should prevent scheduling the kernel on an older slower builder. - Convert trailing spaces and periods in path components (bsc#1179424). - crypto: ecc - fix CRYPTO_DEFAULT_RNG dependency (git-fixes). - crypto: pcrypt - Delay write to padata->info (git-fixes). - crypto: s5p-sss - Add error handling in s5p_aes_probe() (git-fixes). - cxgb4: fix eeprom len when diagnostics not implemented (git-fixes). - dm raid: remove unnecessary discard limits for raid0 and raid10 (bsc#1192320). - dm: fix deadlock when swapping to encrypted device (bsc#1186332). - dmaengine: at_xdmac: fix AT_XDMAC_CC_PERID() macro (git-fixes). - dmaengine: dmaengine_desc_callback_valid(): Check for `callback_result` (git-fixes). - do_cifs_create(): do not set ->i_mode of something we had not created (bsc#1192606). - drm: panel-orientation-quirks: Add quirk for Aya Neo 2021 (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win3 (git-fixes). - drm: panel-orientation-quirks: Add quirk for KD Kurio Smart C15200 2-in-1 (git-fixes). - drm: panel-orientation-quirks: Add quirk for the Samsung Galaxy Book 10.6 (git-fixes). - drm: panel-orientation-quirks: Update the Lenovo Ideapad D330 quirk (v2) (git-fixes). - drm/amd/display: Set plane update flags for all planes in reset (git-fixes). - drm/amdgpu: fix set scaling mode Full/Full aspect/Center not works on vga and dvi connectors (git-fixes). - drm/msm: Do hw_init() before capturing GPU state (git-fixes). - drm/msm/a6xx: Allocate enough space for GMU registers (git-fixes). - drm/nouveau: hdmigv100.c: fix corrupted HDMI Vendor InfoFrame (git-fixes). - drm/nouveau/acr: fix a couple NULL vs IS_ERR() checks (git-fixes). - drm/nouveau/svm: Fix refcount leak bug and missing check against null bug (git-fixes). - drm/panel-orientation-quirks: add Valve Steam Deck (git-fixes). - drm/pl111: Actually fix CONFIG_VEXPRESS_CONFIG depends (git-fixes). - drm/plane-helper: fix uninitialized variable reference (git-fixes). - drm/vc4: fix error code in vc4_create_object() (git-fixes). - drop superfluous empty lines - e1000e: Separate TGP board type from SPT (bsc#1192874). - EDAC/amd64: Handle three rank interleaving mode (bsc#1152489). - elfcore: correct reference to CONFIG_UML (git-fixes). - elfcore: fix building with clang (bsc#1169514). - ethtool: fix ethtool msg len calculation for pause stats (jsc#SLE-15075). - firmware: qcom_scm: Mark string array const (git-fixes). - fuse: release pipe buf after last use (bsc#1193318). - gve: Add netif_set_xps_queue call (bsc#1176940). - gve: Add rx buffer pagecnt bias (bsc#1176940). - gve: Allow pageflips on larger pages (bsc#1176940). - gve: Do lazy cleanup in TX path (git-fixes). - gve: DQO: avoid unused variable warnings (bsc#1176940). - gve: Switch to use napi_complete_done (git-fixes). - gve: Track RX buffer allocation failures (bsc#1176940). - hwmon: (k10temp) Add additional missing Zen2 and Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for yellow carp (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Add support for Zen3 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Create common functions and macros for Zen CPU families (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Define SVI telemetry and current factors for Zen2 CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Do not show Tdie for all Zen/Zen2/Zen3 CPU/APU (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) make some symbols static (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove residues of current and voltage (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Remove support for displaying voltage and current on Zen CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Reorganize and simplify temperature support detection (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Rework the temperature offset calculation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) support Zen3 APUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Swap Tdie and Tctl on Family 17h CPUs (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update documentation and add temp2_input info (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Update driver documentation (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - hwmon: (k10temp) Zen3 Ryzen Desktop CPUs support (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - i2c: cbus-gpio: set atomic transfer callback (git-fixes). - i2c: stm32f7: flush TX FIFO upon transfer errors (git-fixes). - i2c: stm32f7: recover the bus on access timeout (git-fixes). - i2c: stm32f7: stop dma transfer in case of NACK (git-fixes). - i2c: xlr: Fix a resource leak in the error handling path of 'xlr_i2c_probe()' (git-fixes). - i40e: Fix changing previously set num_queue_pairs for PFs (git-fixes). - i40e: Fix correct max_pkt_size on VF RX queue (git-fixes). - i40e: Fix creation of first queue by omitting it if is not power of two (git-fixes). - i40e: Fix display error code in dmesg (git-fixes). - i40e: Fix failed opcode appearing if handling messages from VF (git-fixes). - i40e: Fix NULL ptr dereference on VSI filter sync (git-fixes). - i40e: Fix ping is lost after configuring ADq on VF (git-fixes). - i40e: Fix pre-set max number of queues for VF (git-fixes). - i40e: Fix warning message and call stack during rmmod i40e driver (git-fixes). - iavf: check for null in iavf_fix_features (git-fixes). - iavf: do not clear a lock we do not hold (git-fixes). - iavf: Fix failure to exit out from last all-multicast mode (git-fixes). - iavf: Fix for setting queues to 0 (jsc#SLE-12877). - iavf: Fix for the false positive ASQ/ARQ errors while issuing VF reset (git-fixes). - iavf: Fix reporting when setting descriptor count (git-fixes). - iavf: Fix return of set the new channel count (jsc#SLE-12877). - iavf: free q_vectors before queues in iavf_disable_vf (git-fixes). - iavf: prevent accidental free of filter structure (git-fixes). - iavf: Prevent changing static ITR values if adaptive moderation is on (git-fixes). - iavf: Restore VLAN filters after link down (git-fixes). - iavf: validate pointers (git-fixes). - ibmvnic: drop bad optimization in reuse_rx_pools() (bsc#1193349 ltc#195568). - ibmvnic: drop bad optimization in reuse_tx_pools() (bsc#1193349 ltc#195568). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: avoid bpf_prog refcount underflow (jsc#SLE-7926). - ice: Delete always true check of PF pointer (git-fixes). - ice: Fix not stopping Tx queues for VFs (jsc#SLE-7926). - ice: Fix VF true promiscuous mode (jsc#SLE-12878). - ice: fix vsi->txq_map sizing (jsc#SLE-7926). - ice: ignore dropped packets during init (git-fixes). - ice: Remove toggling of antispoof for VF trusted promiscuous mode (jsc#SLE-12878). - igb: fix netpoll exit with traffic (git-fixes). - igc: Remove _I_PHY_ID checking (bsc#1193169). - igc: Remove phy->type checking (bsc#1193169). - iio: imu: st_lsm6dsx: Avoid potential array overflow in st_lsm6dsx_set_odr() (git-fixes). - Input: iforce - fix control-message timeout (git-fixes). - iommu: Check if group is NULL before remove device (git-fixes). - iommu/amd: Relocate GAMSup check to early_enable_iommus (git-fixes). - iommu/amd: Remove iommu_init_ga() (git-fixes). - iommu/mediatek: Fix out-of-range warning with clang (git-fixes). - iommu/vt-d: Consolidate duplicate cache invaliation code (git-fixes). - iommu/vt-d: Fix incomplete cache flush in intel_pasid_tear_down_entry() (git-fixes). - iommu/vt-d: Update the virtual command related registers (git-fixes). - ipmi: Disable some operations during a panic (git-fixes). - kABI: dm: fix deadlock when swapping to encrypted device (bsc#1186332). - kabi: hide changes to struct uv_info (git-fixes). - kernel-obs-build: include the preferred kernel parameters Currently the Open Build Service hardcodes the kernel boot parameters globally. Recently functionality was added to control the parameters by the kernel-obs-build package, so make use of that. parameters here will overwrite what is used by OBS otherwise. - kernel-obs-build: inform build service about virtio-serial Inform the build worker code that this kernel supports virtio-serial, which improves performance and relability of logging. - kernel-obs-build: remove duplicated/unused parameters lbs=0 - this parameters is just giving "unused parameter" and it looks like I can not find any version that implemented this. rd.driver.pre=binfmt_misc is not needed when setup_obs is used, it alread loads the kernel module. quiet and panic=1 will now be also always added by OBS, so we do not have to set it here anymore. - kernel-source.spec: install-kernel-tools also required on 15.4 - lib/xz: Avoid overlapping memcpy() with invalid input with in-place decompression (git-fixes). - lib/xz: Validate the value before assigning it to an enum variable (git-fixes). - libata: fix checking of DMA state (git-fixes). - linux/parser.h: add include guards (bsc#1192606). - lpfc: Reintroduce old IRQ probe logic (bsc#1183897). - md: add md_submit_discard_bio() for submitting discard bio (bsc#1192320). - md: fix a lock order reversal in md_alloc (git-fixes). - md/raid10: extend r10bio devs to raid disks (bsc#1192320). - md/raid10: improve discard request for far layout (bsc#1192320). - md/raid10: improve raid10 discard request (bsc#1192320). - md/raid10: initialize r10_bio->read_slot before use (bsc#1192320). - md/raid10: pull the code that wait for blocked dev into one function (bsc#1192320). - md/raid10: Remove unnecessary rcu_dereference in raid10_handle_discard (bsc#1192320). - mdio: aspeed: Fix "Link is Down" issue (bsc#1176447). - media: imx: set a media_device bus_info string (git-fixes). - media: ipu3-imgu: imgu_fmt: Handle properly try (git-fixes). - media: ipu3-imgu: VIDIOC_QUERYCAP: Fix bus_info (git-fixes). - media: ir-kbd-i2c: improve responsiveness of hauppauge zilog receivers (git-fixes). - media: mceusb: return without resubmitting URB in case of -EPROTO error (git-fixes). - media: mt9p031: Fix corrupted frame after restarting stream (git-fixes). - media: netup_unidvb: handle interrupt properly according to the firmware (git-fixes). - media: rcar-csi2: Add checking to rcsi2_start_receiver() (git-fixes). - media: s5p-mfc: fix possible null-pointer dereference in s5p_mfc_probe() (git-fixes). - media: stm32: Potential NULL pointer dereference in dcmi_irq_thread() (git-fixes). - media: usb: dvd-usb: fix uninit-value bug in dibusb_read_eeprom_byte() (git-fixes). - media: uvcvideo: Return -EIO for control errors (git-fixes). - media: uvcvideo: Set capability in s_param (git-fixes). - media: uvcvideo: Set unique vdev name based in type (git-fixes). - memstick: r592: Fix a UAF bug when removing the driver (git-fixes). - MM: reclaim mustn't enter FS for swap-over-NFS (bsc#1191876). - mmc: dw_mmc: Dont wait for DRTO on Write RSP error (git-fixes). - mmc: winbond: do not build on M68K (git-fixes). - mtd: core: do not remove debugfs directory if device is in use (git-fixes). - mwifiex: Properly initialize private structure on interface type changes (git-fixes). - mwifiex: Read a PCI register after writing the TX ring write pointer (git-fixes). - mwifiex: Run SET_BSS_MODE when changing from P2P to STATION vif-type (git-fixes). - mwl8k: Fix use-after-free in mwl8k_fw_state_machine() (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bnx2x: fix variable dereferenced before check (git-fixes). - net: bridge: fix under estimation in br_get_linkxstats_size() (bsc#1176447). - net: cdc_ncm: Allow for dwNtbOutMaxSize to be unset or zero (git-fixes). - net: delete redundant function declaration (git-fixes). - net: hns3: change affinity_mask to numa node range (bsc#1154353). - net: hns3: fix misuse vf id and vport id in some logs (bsc#1154353). - net: hns3: remove check VF uc mac exist when set by PF (bsc#1154353). - net: hso: fix control-request directions (git-fixes). - net: hso: fix muxed tty registration (git-fixes). - net: linkwatch: fix failure to restore device state across suspend/resume (bsc#1192511). - net: mana: Allow setting the number of queues while the NIC is down (jsc#SLE-18779, bsc#1185726). - net: mana: Fix memory leak in mana_hwc_create_wq (jsc#SLE-18779, bsc#1185726). - net: mana: Fix spelling mistake "calledd" -> "called" (jsc#SLE-18779, bsc#1185726). - net: mana: Fix the netdev_err()'s vPort argument in mana_init_port() (jsc#SLE-18779, bsc#1185726). - net: mana: Improve the HWC error handling (jsc#SLE-18779, bsc#1185726). - net: mana: Support hibernation and kexec (jsc#SLE-18779, bsc#1185726). - net: mana: Use kcalloc() instead of kzalloc() (jsc#SLE-18779, bsc#1185726). - net: pegasus: fix uninit-value in get_interrupt_interval (git-fixes). - net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() (git-fixes). - net: stmmac: add EHL 2.5Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL PSE0 PSE1 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL RGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add EHL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: add TGL SGMII 1Gbps PCI info and PCI ID (bsc#1192691). - net: stmmac: create dwmac-intel.c to contain all Intel platform (bsc#1192691). - net: stmmac: pci: Add HAPS support using GMAC5 (bsc#1192691). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: lan78xx: lan78xx_phy_init(): use PHY_POLL instead of "0" if no IRQ is available (git-fixes). - net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 (git-fixes). - net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() (git-fixes). - net/mlx5: E-Switch, return error if encap isn't supported (jsc#SLE-15172). - net/mlx5e: reset XPS on error flow if netdev isn't registered yet (git-fixes). - net/sched: sch_ets: do not peek at classes beyond 'nbands' (bsc#1176774). - netfilter: ctnetlink: do not erase error code with EINVAL (bsc#1176447). - netfilter: ctnetlink: fix filtering with CTA_TUPLE_REPLY (bsc#1176447). - netfilter: flowtable: fix IPv6 tunnel addr match (bsc#1176447). - NFC: add NCI_UNREG flag to eliminate the race (git-fixes). - NFC: pn533: Fix double free when pn533_fill_fragment_skbs() fails (git-fixes). - NFC: reorder the logic in nfc_{un,}register_device (git-fixes). - NFC: reorganize the functions in nci_request (git-fixes). - nfp: checking parameter process for rx-usecs/tx-usecs is invalid (git-fixes). - nfp: Fix memory leak in nfp_cpp_area_cache_add() (git-fixes). - NFS: Do not set NFS_INO_DATA_INVAL_DEFER and NFS_INO_INVALID_DATA (git-fixes). - NFS: do not take i_rwsem for swap IO (bsc#1191876). - NFS: Fix deadlocks in nfs_scan_commit_list() (git-fixes). - NFS: Fix up commit deadlocks (git-fixes). - NFS: move generic_write_checks() call from nfs_file_direct_write() to nfs_file_write() (bsc#1191876). - nfsd: do not alloc under spinlock in rpc_parse_scope_id (git-fixes). - nfsd: fix error handling of register_pernet_subsys() in init_nfsd() (git-fixes). - nfsd4: Handle the NFSv4 READDIR 'dircount' hint being zero (git-fixes). - NFSv4: Fix a regression in nfs_set_open_stateid_locked() (git-fixes). - nvme-multipath: Skip not ready namespaces when revalidating paths (bsc#1191793 bsc#1192507 bsc#1192969). - nvme-pci: add NO APST quirk for Kioxia device (git-fixes). - objtool: Support Clang non-section symbols in ORC generation (bsc#1169514). - PCI: Add PCI_EXP_DEVCTL_PAYLOAD_* macros (git-fixes). - PCI: Mark Atheros QCA6174 to avoid bus reset (git-fixes). - PCI/MSI: Deal with devices lying about their MSI mask capability (git-fixes). - perf: Correctly handle failed perf_get_aux_event() (git-fixes). - perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT (git-fixes). - perf/x86/intel/uncore: Fix Intel ICX IIO event constraints (git-fixes). - perf/x86/intel/uncore: Fix M2M event umask for Ice Lake server (git-fixes). - perf/x86/intel/uncore: Fix the scale of the IMC free-running events (git-fixes). - perf/x86/intel/uncore: Support extra IMC channel on Ice Lake server (git-fixes). - perf/x86/vlbr: Add c->flags to vlbr event constraints (git-fixes). - platform/x86: hp_accel: Fix an error handling path in 'lis3lv02d_probe()' (git-fixes). - platform/x86: wmi: do not fail if disabling fails (git-fixes). - PM: hibernate: Get block device exclusively in swsusp_check() (git-fixes). - PM: hibernate: use correct mode for swsusp_close() (git-fixes). - pnfs/flexfiles: Fix misplaced barrier in nfs4_ff_layout_prepare_ds (git-fixes). - powerpc: fix unbalanced node refcount in check_kvm_guest() (jsc#SLE-15869 jsc#SLE-16321 git-fixes). - powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (git-fixes). - powerpc/paravirt: correct preempt debug splat in vcpu_is_preempted() (bsc#1181148 ltc#190702 git-fixes). - powerpc/paravirt: vcpu_is_preempted() commentary (bsc#1181148 ltc#190702 git-fixes). - powerpc/perf: Fix cycles/instructions as PM_CYC/PM_INST_CMPL in power10 (jsc#SLE-13513 git-fixes). - powerpc/pseries: Move some PAPR paravirt functions to their own file (bsc#1181148 ltc#190702 git-fixes). - powerpc/watchdog: Avoid holding wd_smp_lock over printk and smp_send_nmi_ipi (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix missed watchdog reset due to memory ordering race (bsc#1187541 ltc#192129). - powerpc/watchdog: Fix wd_smp_last_reset_tb reporting (bsc#1187541 ltc#192129). - powerpc/watchdog: read TB close to where it is used (bsc#1187541 ltc#192129). - powerpc/watchdog: tighten non-atomic read-modify-write access (bsc#1187541 ltc#192129). - printk: Remove printk.h inclusion in percpu.h (bsc#1192987). - qede: validate non LSO skb length (git-fixes). - r8152: limit the RX buffer size of RTL8153A for USB 2.0 (git-fixes). - r8169: Add device 10ec:8162 to driver r8169 (git-fixes). - RDMA/bnxt_re: Update statistics counter name (jsc#SLE-16649). - recordmcount.pl: fix typo in s390 mcount regex (bsc#1192267). - recordmcount.pl: look for jgnop instruction as well as bcrl on s390 (bsc#1192267). - reset: socfpga: add empty driver allowing consumers to probe (git-fixes). - ring-buffer: Protect ring_buffer_reset() from reentrancy (bsc#1179960). - rpm/*.spec.in: use buildroot macro instead of env variable The RPM_BUILD_ROOT variable is considered deprecated over a buildroot macro. future proof the spec files. - rpm/kernel-binary.spec.in: do not strip vmlinux again (bsc#1193306) After usrmerge, vmlinux file is not named vmlinux-lt;version>, but simply vmlinux. And this is not reflected in STRIP_KEEP_SYMTAB we set. So fix this by removing the dash... - rpm/kernel-obs-build.spec.in: move to zstd for the initrd Newer distros have capability to decompress zstd, which provides a 2-5% better compression ratio at very similar cpu overhead. Plus this tests the zstd codepaths now as well. - rt2x00: do not mark device gone on EPROTO errors during start (git-fixes). - rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1154353 bnc#1151927 5.3.9). - s390: mm: Fix secure storage access exception handling (git-fixes). - s390/bpf: Fix branch shortening during codegen pass (bsc#1193993). - s390/uv: fully validate the VMA before calling follow_page() (git-fixes). - scsi: iscsi: Adjust iface sysfs attr detection (git-fixes). - scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (bsc#1189126). - scsi: mpi3mr: Fix duplicate device entries when scanning through sysfs (git-fixes). - scsi: mpt3sas: Fix kernel panic during drive powercycle test (git-fixes). - scsi: mpt3sas: Fix system going into read-only mode (git-fixes). - scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() (git-fixes). - scsi: qla2xxx: Fix gnl list corruption (git-fixes). - scsi: qla2xxx: Relogin during fabric disturbance (git-fixes). - scsi: qla2xxx: Turn off target reset during issue_lip (git-fixes). - serial: 8250_pci: Fix ACCES entries in pci_serial_quirks array (git-fixes). - serial: 8250_pci: rewrite pericom_do_set_divisor() (git-fixes). - serial: 8250: Fix RTS modem control while in rs485 mode (git-fixes). - serial: core: fix transmit-buffer reset and memleak (git-fixes). - smb2: clarify rc initialization in smb2_reconnect (bsc#1192606). - smb2: fix use-after-free in smb2_ioctl_query_info() (bsc#1192606). - smb3: add additional null check in SMB2_ioctl (bsc#1192606). - smb3: add additional null check in SMB2_open (bsc#1192606). - smb3: add additional null check in SMB2_tcon (bsc#1192606). - smb3: add additional null check in SMB311_posix_mkdir (bsc#1192606). - smb3: Add debug message for new file creation with idsfromsid mount option (bsc#1192606). - smb3: add debug messages for closing unmatched open (bsc#1164565). - smb3: add defines for new crypto algorithms (bsc#1192606). - smb3: Add defines for new information level, FileIdInformation (bsc#1164565). - smb3: add defines for new signing negotiate context (bsc#1192606). - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507). - smb3: add dynamic trace points for socket connection (bsc#1192606). - smb3: add dynamic tracepoints for flush and close (bsc#1164565). - smb3: add indatalen that can be a non-zero value to calculation of credit charge in smb2 ioctl (bsc#1192606). - smb3: add missing flag definitions (bsc#1164565). - smb3: Add missing reparse tags (bsc#1164565). - smb3: add missing worker function for SMB3 change notify (bsc#1164565). - smb3: add mount option to allow forced caching of read only share (bsc#1164565). - smb3: add mount option to allow RW caching of share accessed by only 1 client (bsc#1164565). - smb3: Add new compression flags (bsc#1192606). - smb3: Add new info level for query directory (bsc#1192606). - smb3: add new module load parm enable_gcm_256 (bsc#1192606). - smb3: add new module load parm require_gcm_256 (bsc#1192606). - smb3: Add new parm "nodelete" (bsc#1192606). - smb3: add one more dynamic tracepoint missing from strict fsync path (bsc#1164565). - smb3: add rasize mount parameter to improve readahead performance (bsc#1192606). - smb3: add some missing definitions from MS-FSCC (bsc#1192606). - smb3: add some more descriptive messages about share when mounting cache=ro (bsc#1164565). - smb3: Add support for getting and setting SACLs (bsc#1192606). - smb3: Add support for lookup with posix extensions query info (bsc#1192606). - smb3: Add support for negotiating signing algorithm (bsc#1192606). - smb3: Add support for query info using posix extensions (level 100) (bsc#1192606). - smb3: add support for recognizing WSL reparse tags (bsc#1192606). - smb3: Add support for SMB311 query info (non-compounded) (bsc#1192606). - smb3: add support for stat of WSL reparse points for special file types (bsc#1192606). - smb3: add support for using info level for posix extensions query (bsc#1192606). - smb3: Add tracepoints for new compound posix query info (bsc#1192606). - smb3: Additional compression structures (bsc#1192606). - smb3: allow decryption keys to be dumped by admin for debugging (bsc#1164565). - smb3: allow disabling requesting leases (bnc#1151927 5.3.4). - smb3: allow dumping GCM256 keys to improve debugging of encrypted shares (bsc#1192606). - smb3: allow dumping keys for multiuser mounts (bsc#1192606). - smb3: allow parallelizing decryption of reads (bsc#1164565). - smb3: allow skipping signature verification for perf sensitive configurations (bsc#1164565). - smb3: allow uid and gid owners to be set on create with idsfromsid mount option (bsc#1192606). - smb3: avoid confusing warning message on mount to Azure (bsc#1192606). - smb3: Avoid Mid pending list corruption (bsc#1192606). - smb3: Backup intent flag missing from some more ops (bsc#1164565). - smb3: Call cifs reconnect from demultiplex thread (bsc#1192606). - smb3: change noisy error message to FYI (bsc#1192606). - smb3: cleanup some recent endian errors spotted by updated sparse (bsc#1164565). - smb3: correct server pointer dereferencing check to be more consistent (bsc#1192606). - smb3: correct smb3 ACL security descriptor (bsc#1192606). - smb3: default to minimum of two channels when multichannel specified (bsc#1192606). - smb3: display max smb3 requests in flight at any one time (bsc#1164565). - smb3: do not attempt multichannel to server which does not support it (bsc#1192606). - smb3: do not error on fsync when readonly (bsc#1192606). - smb3: do not fail if no encryption required but server does not support it (bsc#1192606). - smb3: do not log warning message if server does not populate salt (bsc#1192606). - smb3: do not setup the fscache_super_cookie until fsinfo initialized (bsc#1192606). - smb3: do not try to cache root directory if dir leases not supported (bsc#1192606). - smb3: dump in_send and num_waiters stats counters by default (bsc#1164565). - smb3: enable negotiating stronger encryption by default (bsc#1192606). - smb3: enable offload of decryption of large reads via mount option (bsc#1164565). - smb3: enable swap on SMB3 mounts (bsc#1192606). - smb3: extend fscache mount volume coherency check (bsc#1192606). - smb3: fix access denied on change notify request to some servers (bsc#1192606). - smb3: fix cached file size problems in duplicate extents (reflink) (bsc#1192606). - smb3: Fix crash in SMB2_open_init due to uninitialized field in compounding path (bsc#1164565). - smb3: fix crediting for compounding when only one request in flight (bsc#1181507). - smb3: fix default permissions on new files when mounting with modefromsid (bsc#1164565). - smb3: Fix ids returned in POSIX query dir (bsc#1192606). - smb3: fix incorrect number of credits when ioctl MaxOutputResponse > 64K (bsc#1192606). - smb3: fix leak in "open on server" perf counter (bnc#1151927 5.3.4). - smb3: Fix mkdir when idsfromsid configured on mount (bsc#1192606). - smb3: fix mode passed in on create for modetosid mount option (bsc#1164565). - smb3: fix mount failure to some servers when compression enabled (bsc#1192606). - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540). - smb3: fix performance regression with setting mtime (bsc#1164565). - smb3: Fix persistent handles reconnect (bnc#1151927 5.3.11). - smb3: fix posix extensions mount option (bsc#1192606). - smb3: fix possible access to uninitialized pointer to DACL (bsc#1192606). - smb3: fix potential null dereference in decrypt offload (bsc#1164565). - smb3: fix problem with null cifs super block with previous patch (bsc#1164565). - smb3: fix readpage for large swap cache (bsc#1192606). - smb3: fix refcount underflow warning on unmount when no directory leases (bsc#1164565). - smb3: Fix regression in time handling (bsc#1164565). - smb3: fix signing verification of large reads (bsc#1154355). - smb3: fix stat when special device file and mounted with modefromsid (bsc#1192606). - smb3: fix typo in compression flag (bsc#1192606). - smb3: fix typo in header file (bsc#1192606). - smb3: fix typo in mount options displayed in /proc/mounts (bsc#1192606). - smb3: fix uninitialized value for port in witness protocol move (bsc#1192606). - smb3: fix unmount hang in open_shroot (bnc#1151927 5.3.4). - smb3: fix unneeded error message on change notify (bsc#1192606). - smb3: Handle error case during offload read path (bsc#1192606). - smb3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558). - smb3: Honor 'posix' flag for multiuser mounts (bsc#1176559). - smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545). - smb3: Honor lease disabling for multiuser mounts (git-fixes). - smb3: Honor persistent/resilient handle flags for multiuser mounts (bsc#1176546). - smb3: if max_channels set to more than one channel request multichannel (bsc#1192606). - smb3: improve check for when we send the security descriptor context on create (bsc#1164565). - smb3: improve handling of share deleted (and share recreated) (bsc#1154355). - smb3: incorrect file id in requests compounded with open (bsc#1192606). - smb3: Incorrect size for netname negotiate context (bsc#1154355). - smb3: limit noisy error (bsc#1192606). - smb3: log warning if CSC policy conflicts with cache mount option (bsc#1164565). - smb3: Minor cleanup of protocol definitions (bsc#1192606). - smb3: minor update to compression header definitions (bsc#1192606). - smb3: missing ACL related flags (bsc#1164565). - smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (bsc#1192606). - smb3: only offload decryption of read responses if multiple requests (bsc#1164565). - smb3: pass mode bits into create calls (bsc#1164565). - smb3: prevent races updating CurrentMid (bsc#1192606). - smb3: print warning if server does not support requested encryption type (bsc#1192606). - smb3: print warning once if posix context returned on open (bsc#1164565). - smb3: query attributes on file close (bsc#1164565). - smb3: rc uninitialized in one fallocate path (bsc#1192606). - smb3: remind users that witness protocol is experimental (bsc#1192606). - smb3: remove confusing dmesg when mounting with encryption ("seal") (bsc#1164565). - smb3: remove confusing mount warning when no SPNEGO info on negprot rsp (bsc#1192606). - smb3: remove dead code for non compounded posix query info (bsc#1192606). - smb3: remove noisy debug message and minor cleanup (bsc#1164565). - smb3: remove overly noisy debug line in signing errors (bsc#1192606). - smb3: remove static checker warning (bsc#1192606). - smb3: remove trivial dfs compile warning (bsc#1192606, jsc#SLE-20042). - smb3: remove two unused variables (bsc#1192606). - smb3: remove unused flag passed into close functions (bsc#1164565). - smb3: rename nonces used for GCM and CCM encryption (bsc#1192606). - smb3: Resolve data corruption of TCP server info fields (bsc#1192606). - smb3: set COMPOUND_FID to FileID field of subsequent compound request (bsc#1192606). - smb3: set gcm256 when requested (bsc#1192606). - smb3: smbdirect support can be configured by default (bsc#1192606). - smb3: update comments clarifying SPNEGO info in negprot response (bsc#1192606). - smb3: update protocol header definitions based to include new flags (bsc#1192606). - smb3: update structures for new compression protocol definitions (bsc#1192606). - smb3: use SMB2_SIGNATURE_SIZE define (bsc#1192606). - smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548). - smb3: when mounting with multichannel include it in requested capabilities (bsc#1192606). - smbdirect: missing rc checks while waiting for rdma events (bsc#1192606). - soc/tegra: Fix an error handling path in tegra_powergate_power_up() (git-fixes). - soc/tegra: pmc: Fix imbalanced clock disabling in error code path (git-fixes). - spi: bcm-qspi: Fix missing clk_disable_unprepare() on error in bcm_qspi_probe() (git-fixes). - spi: spl022: fix Microwire full duplex mode (git-fixes). - SUNRPC: improve 'swap' handling: scheduling and PF_MEMALLOC (bsc#1191876). - SUNRPC: remove scheduling boost for "SWAPPER" tasks (bsc#1191876). - SUNRPC/auth: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/call_alloc: async tasks mustn't block waiting for memory (bsc#1191876). - SUNRPC/xprt: async tasks mustn't block waiting for memory (bsc#1191876). - supported.conf: add pwm-rockchip References: jsc#SLE-22615 - swiotlb: avoid double free (git-fixes). - swiotlb: Fix the type of index (git-fixes). - TCON Reconnect during STATUS_NETWORK_NAME_DELETED (bsc#1192606). - tlb: mmu_gather: add tlb_flush_*_range APIs - tracing: Add length protection to histogram string copies (git-fixes). - tracing: Change STR_VAR_MAX_LEN (git-fixes). - tracing: Check pid filtering when creating events (git-fixes). - tracing: Fix pid filtering when triggers are attached (git-fixes). - tracing: use %ps format string to print symbols (git-fixes). - tracing/histogram: Do not copy the fixed-size char array field over the field size (git-fixes). - tty: hvc: replace BUG_ON() with negative return value (git-fixes). - tty: serial: msm_serial: Deactivate RX DMA for polling support (git-fixes). - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc (git-fixes). - usb-storage: Add compatibility quirk flags for iODD 2531/2541 (git-fixes). - usb: chipidea: ci_hdrc_imx: fix potential error pointer dereference in probe (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for elapsed frames (git-fixes). - usb: dwc2: hcd_queue: Fix use of floating point literal (git-fixes). - usb: host: ohci-tmio: check return value after calling platform_get_resource() (git-fixes). - usb: musb: tusb6010: check return value after calling platform_get_resource() (git-fixes). - usb: serial: option: add Fibocom FM101-GL variants (git-fixes). - usb: serial: option: add Telit LE910S1 0x9200 composition (git-fixes). - usb: typec: fusb302: Fix masking of comparator and bc_lvl interrupts (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: typec: tcpm: Wait in SNK_DEBOUNCED until disconnect (git-fixes). - usb: xhci: Enable runtime-pm by default on AMD Yellow Carp platform (git-fixes). - vfs: do not parse forbidden flags (bsc#1192606). - x86/amd_nb: Add AMD family 19h model 50h PCI ids (jsc#SLE-17823 jsc#SLE-23139 jsc#ECO-3666). - x86/cpu: Fix migration safety with X86_BUG_NULL_SEL (bsc#1152489). - x86/efi: Restore Firmware IDT before calling ExitBootServices() (git-fixes). - x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (bsc#1178134). - x86/mpx: Disable MPX for 32-bit userland (bsc#1193139). - x86/pkey: Fix undefined behaviour with PKRU_WD_BIT (bsc#1152489). - x86/pvh: add prototype for xen_pvh_init() (git-fixes). - x86/sev: Allow #VC exceptions on the VC2 stack (git-fixes). - x86/sev: Fix SEV-ES INS/OUTS instructions for word, dword, and qword (bsc#1178134). - x86/sev: Fix stack type check in vc_switch_off_ist() (git-fixes). - x86/xen: Add xenpv_restore_regs_and_return_to_usermode() (bsc#1152489). - x86/Xen: swap NX determination and GDT setup on BSP (git-fixes). - xen: sync include/xen/interface/io/ring.h with Xen's newest version (git-fixes). - xen/blkfront: do not take local copy of a request from the ring page (git-fixes). - xen/blkfront: do not trust the backend response data blindly (git-fixes). - xen/blkfront: read response from backend only once (git-fixes). - xen/netfront: disentangle tx_skb_freelist (git-fixes). - xen/netfront: do not read data from request on the ring page (git-fixes). - xen/netfront: do not trust the backend response data blindly (git-fixes). - xen/netfront: read response from backend only once (git-fixes). - xen/privcmd: fix error handling in mmap-resource processing (git-fixes). - xen/pvh: add missing prototype to header (git-fixes). - xen/x86: fix PV trap handling on secondary processors (git-fixes). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (bsc#1192569). - xhci: Fix commad ring abort, write all 64 bits to CRCR register (git-fixes). - xhci: Fix USB 3.1 enumeration issues by increasing roothub power-on-good delay (git-fixes). - zram: fix return value on writeback_store (git-fixes). - zram: off by one in read_block_state() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-131=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-131=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-131=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-131=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-131=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-131=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-131=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-59.40.1 kernel-default-base-5.3.18-59.40.1.18.25.1 kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 kernel-default-extra-5.3.18-59.40.1 kernel-default-extra-debuginfo-5.3.18-59.40.1 kernel-preempt-debuginfo-5.3.18-59.40.1 kernel-preempt-debugsource-5.3.18-59.40.1 kernel-preempt-extra-5.3.18-59.40.1 kernel-preempt-extra-debuginfo-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 kernel-default-livepatch-5.3.18-59.40.1 kernel-default-livepatch-devel-5.3.18-59.40.1 kernel-livepatch-5_3_18-59_40-default-1-7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 reiserfs-kmp-default-5.3.18-59.40.1 reiserfs-kmp-default-debuginfo-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-59.40.1 kernel-obs-build-debugsource-5.3.18-59.40.1 kernel-syms-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-59.40.1 kernel-preempt-debugsource-5.3.18-59.40.1 kernel-preempt-devel-5.3.18-59.40.1 kernel-preempt-devel-debuginfo-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-59.40.1 kernel-source-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-59.40.1 kernel-default-base-5.3.18-59.40.1.18.25.1 kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 kernel-default-devel-5.3.18-59.40.1 kernel-default-devel-debuginfo-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-59.40.1 kernel-preempt-debuginfo-5.3.18-59.40.1 kernel-preempt-debugsource-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-59.40.1 kernel-64kb-debuginfo-5.3.18-59.40.1 kernel-64kb-debugsource-5.3.18-59.40.1 kernel-64kb-devel-5.3.18-59.40.1 kernel-64kb-devel-debuginfo-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-59.40.1 kernel-macros-5.3.18-59.40.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-59.40.1 kernel-zfcpdump-debuginfo-5.3.18-59.40.1 kernel-zfcpdump-debugsource-5.3.18-59.40.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-59.40.1 cluster-md-kmp-default-debuginfo-5.3.18-59.40.1 dlm-kmp-default-5.3.18-59.40.1 dlm-kmp-default-debuginfo-5.3.18-59.40.1 gfs2-kmp-default-5.3.18-59.40.1 gfs2-kmp-default-debuginfo-5.3.18-59.40.1 kernel-default-debuginfo-5.3.18-59.40.1 kernel-default-debugsource-5.3.18-59.40.1 ocfs2-kmp-default-5.3.18-59.40.1 ocfs2-kmp-default-debuginfo-5.3.18-59.40.1 References: https://www.suse.com/security/cve/CVE-2020-24504.html https://www.suse.com/security/cve/CVE-2020-27820.html https://www.suse.com/security/cve/CVE-2021-28711.html https://www.suse.com/security/cve/CVE-2021-28712.html https://www.suse.com/security/cve/CVE-2021-28713.html https://www.suse.com/security/cve/CVE-2021-28714.html https://www.suse.com/security/cve/CVE-2021-28715.html https://www.suse.com/security/cve/CVE-2021-4001.html https://www.suse.com/security/cve/CVE-2021-4002.html https://www.suse.com/security/cve/CVE-2021-43975.html https://www.suse.com/security/cve/CVE-2021-43976.html https://www.suse.com/security/cve/CVE-2021-45485.html https://www.suse.com/security/cve/CVE-2021-45486.html https://bugzilla.suse.com/1139944 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1153275 https://bugzilla.suse.com/1154353 https://bugzilla.suse.com/1154355 https://bugzilla.suse.com/1161907 https://bugzilla.suse.com/1164565 https://bugzilla.suse.com/1166780 https://bugzilla.suse.com/1169514 https://bugzilla.suse.com/1176242 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176536 https://bugzilla.suse.com/1176544 https://bugzilla.suse.com/1176545 https://bugzilla.suse.com/1176546 https://bugzilla.suse.com/1176548 https://bugzilla.suse.com/1176558 https://bugzilla.suse.com/1176559 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1176940 https://bugzilla.suse.com/1176956 https://bugzilla.suse.com/1177440 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1178270 https://bugzilla.suse.com/1179211 https://bugzilla.suse.com/1179424 https://bugzilla.suse.com/1179426 https://bugzilla.suse.com/1179427 https://bugzilla.suse.com/1179599 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181507 https://bugzilla.suse.com/1181710 https://bugzilla.suse.com/1182404 https://bugzilla.suse.com/1183534 https://bugzilla.suse.com/1183540 https://bugzilla.suse.com/1183897 https://bugzilla.suse.com/1184318 https://bugzilla.suse.com/1185726 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186332 https://bugzilla.suse.com/1187541 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189158 https://bugzilla.suse.com/1191793 https://bugzilla.suse.com/1191876 https://bugzilla.suse.com/1192267 https://bugzilla.suse.com/1192320 https://bugzilla.suse.com/1192507 https://bugzilla.suse.com/1192511 https://bugzilla.suse.com/1192569 https://bugzilla.suse.com/1192606 https://bugzilla.suse.com/1192691 https://bugzilla.suse.com/1192845 https://bugzilla.suse.com/1192847 https://bugzilla.suse.com/1192874 https://bugzilla.suse.com/1192946 https://bugzilla.suse.com/1192969 https://bugzilla.suse.com/1192987 https://bugzilla.suse.com/1192990 https://bugzilla.suse.com/1192998 https://bugzilla.suse.com/1193002 https://bugzilla.suse.com/1193042 https://bugzilla.suse.com/1193139 https://bugzilla.suse.com/1193169 https://bugzilla.suse.com/1193306 https://bugzilla.suse.com/1193318 https://bugzilla.suse.com/1193349 https://bugzilla.suse.com/1193440 https://bugzilla.suse.com/1193442 https://bugzilla.suse.com/1193655 https://bugzilla.suse.com/1193993 https://bugzilla.suse.com/1194087 https://bugzilla.suse.com/1194094 From sle-updates at lists.suse.com Wed Jan 19 20:27:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 19 Jan 2022 21:27:05 +0100 (CET) Subject: SUSE-SU-2022:0130-1: important: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container Message-ID: <20220119202705.848F3FF4E@maintenance.suse.de> SUSE Security Update: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0130-1 Rating: important References: #1193930 Cross-References: CVE-2021-43565 CVSS scores: CVE-2021-43565 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 SUSE CaaS Platform 4.5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-operator-container fixes the following issues: - CVE-2021-43565: Fixes a vulnerability in the golang.org/x/crypto/ssh package which allowed unauthenticated clients to cause a panic in SSH servers. (bsc#1193930) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-130=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-130=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-130=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-130=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-130=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-130=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-130=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-130=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-130=1 - SUSE CaaS Platform 4.5: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Manager Proxy 4.1 (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE Enterprise Storage 7 (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 - SUSE CaaS Platform 4.5 (x86_64): kubevirt-manifests-0.40.0-5.17.2 kubevirt-virtctl-0.40.0-5.17.2 kubevirt-virtctl-debuginfo-0.40.0-5.17.2 References: https://www.suse.com/security/cve/CVE-2021-43565.html https://bugzilla.suse.com/1193930 From sle-updates at lists.suse.com Thu Jan 20 14:23:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 15:23:26 +0100 (CET) Subject: SUSE-SU-2022:0135-1: important: Security update for busybox Message-ID: <20220120142326.0D81EFF4E@maintenance.suse.de> SUSE Security Update: Security update for busybox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0135-1 Rating: important References: #1064976 #1064978 #1069412 #1099260 #1099263 #1102912 #1121426 #1121428 #1184522 #1192869 #951562 #970662 #970663 #991940 Cross-References: CVE-2011-5325 CVE-2015-9261 CVE-2016-2147 CVE-2016-2148 CVE-2016-6301 CVE-2017-15873 CVE-2017-15874 CVE-2017-16544 CVE-2018-1000500 CVE-2018-1000517 CVE-2018-20679 CVE-2019-5747 CVE-2021-28831 CVE-2021-42373 CVE-2021-42374 CVE-2021-42375 CVE-2021-42376 CVE-2021-42377 CVE-2021-42378 CVE-2021-42379 CVE-2021-42380 CVE-2021-42381 CVE-2021-42382 CVE-2021-42383 CVE-2021-42384 CVE-2021-42385 CVE-2021-42386 CVSS scores: CVE-2011-5325 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2015-9261 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2015-9261 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-2147 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2016-2148 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2016-6301 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15873 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2017-15874 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-15874 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2017-16544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16544 (SUSE): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-1000500 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000500 (SUSE): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2018-1000517 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1000517 (SUSE): 5.6 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2018-20679 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-20679 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-5747 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-28831 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28831 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-42378 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42379 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42380 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42381 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42382 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42383 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42384 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42385 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-42386 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 7 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 27 vulnerabilities is now available. Description: This update for busybox fixes the following issues: - CVE-2011-5325: Fixed tar directory traversal (bsc#951562). - CVE-2015-9261: Fixed segfalts and application crashes in huft_build (bsc#1102912). - CVE-2016-2147: Fixed out of bounds write (heap) due to integer underflow in udhcpc (bsc#970663). - CVE-2016-2148: Fixed heap-based buffer overflow in OPTION_6RD parsing (bsc#970662). - CVE-2016-6301: Fixed NTP server denial of service flaw (bsc#991940). - CVE-2017-15873: Fixed integer overflow in get_next_block function in archival/libarchive/decompress_bunzip2.c (bsc#1064976). - CVE-2017-15874: Fixed integer underflow in archival/libarchive/decompress_unlzma.c (bsc#1064978). - CVE-2017-16544: Fixed Insufficient sanitization of filenames when autocompleting (bsc#1069412). - CVE-2018-1000500 : Fixed missing SSL certificate validation in wget (bsc#1099263). - CVE-2018-1000517: Fixed heap-based buffer overflow in the retrieve_file_data() (bsc#1099260). - CVE-2018-20679: Fixed out of bounds read in udhcp (bsc#1121426). - CVE-2019-5747: Fixed out of bounds read in udhcp components (bsc#1121428). - CVE-2021-28831: Fixed invalid free or segmentation fault via malformed gzip data (bsc#1184522). - CVE-2021-42373: Fixed NULL pointer dereference in man leading to DoS when a section name is supplied but no page argument is given (bsc#1192869). - CVE-2021-42374: Fixed out-of-bounds heap read in unlzma leading to information leak and DoS when crafted LZMA-compressed input is decompressed (bsc#1192869). - CVE-2021-42375: Fixed incorrect handling of a special element in ash leading to DoS when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters (bsc#1192869). - CVE-2021-42376: Fixed NULL pointer dereference in hush leading to DoS when processing a crafted shell command (bsc#1192869). - CVE-2021-42377: Fixed attacker-controlled pointer free in hush leading to DoS and possible code execution when processing a crafted shell command (bsc#1192869). - CVE-2021-42378: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_i function (bsc#1192869). - CVE-2021-42379: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the next_input_file function (bsc#1192869). - CVE-2021-42380: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the clrvar function (bsc#1192869). - CVE-2021-42381: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the hash_init function (bsc#1192869). - CVE-2021-42382: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the getvar_s function (bsc#1192869). - CVE-2021-42383: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42384: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the handle_special function (bsc#1192869). - CVE-2021-42385: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the evaluate function (bsc#1192869). - CVE-2021-42386: Fixed use-after-free in awk leading to DoS and possibly code execution when processing a crafted awk pattern in the nvalloc function (bsc#1192869). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-135=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-135=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-135=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-135=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-135=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-135=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-135=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-135=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-135=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-135=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-135=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-135=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-135=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-135=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-135=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-135=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-135=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-135=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-135=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-135=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Manager Proxy 4.1 (x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): busybox-1.34.1-4.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): busybox-1.34.1-4.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): busybox-1.34.1-4.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): busybox-1.34.1-4.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 - SUSE CaaS Platform 4.0 (x86_64): busybox-1.34.1-4.9.1 busybox-static-1.34.1-4.9.1 References: https://www.suse.com/security/cve/CVE-2011-5325.html https://www.suse.com/security/cve/CVE-2015-9261.html https://www.suse.com/security/cve/CVE-2016-2147.html https://www.suse.com/security/cve/CVE-2016-2148.html https://www.suse.com/security/cve/CVE-2016-6301.html https://www.suse.com/security/cve/CVE-2017-15873.html https://www.suse.com/security/cve/CVE-2017-15874.html https://www.suse.com/security/cve/CVE-2017-16544.html https://www.suse.com/security/cve/CVE-2018-1000500.html https://www.suse.com/security/cve/CVE-2018-1000517.html https://www.suse.com/security/cve/CVE-2018-20679.html https://www.suse.com/security/cve/CVE-2019-5747.html https://www.suse.com/security/cve/CVE-2021-28831.html https://www.suse.com/security/cve/CVE-2021-42373.html https://www.suse.com/security/cve/CVE-2021-42374.html https://www.suse.com/security/cve/CVE-2021-42375.html https://www.suse.com/security/cve/CVE-2021-42376.html https://www.suse.com/security/cve/CVE-2021-42377.html https://www.suse.com/security/cve/CVE-2021-42378.html https://www.suse.com/security/cve/CVE-2021-42379.html https://www.suse.com/security/cve/CVE-2021-42380.html https://www.suse.com/security/cve/CVE-2021-42381.html https://www.suse.com/security/cve/CVE-2021-42382.html https://www.suse.com/security/cve/CVE-2021-42383.html https://www.suse.com/security/cve/CVE-2021-42384.html https://www.suse.com/security/cve/CVE-2021-42385.html https://www.suse.com/security/cve/CVE-2021-42386.html https://bugzilla.suse.com/1064976 https://bugzilla.suse.com/1064978 https://bugzilla.suse.com/1069412 https://bugzilla.suse.com/1099260 https://bugzilla.suse.com/1099263 https://bugzilla.suse.com/1102912 https://bugzilla.suse.com/1121426 https://bugzilla.suse.com/1121428 https://bugzilla.suse.com/1184522 https://bugzilla.suse.com/1192869 https://bugzilla.suse.com/951562 https://bugzilla.suse.com/970662 https://bugzilla.suse.com/970663 https://bugzilla.suse.com/991940 From sle-updates at lists.suse.com Thu Jan 20 14:26:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 15:26:26 +0100 (CET) Subject: SUSE-SU-2022:0133-1: important: Security update for openstack-monasca-agent, spark, spark-kit, zookeeper Message-ID: <20220120142626.D9090FF4E@maintenance.suse.de> SUSE Security Update: Security update for openstack-monasca-agent, spark, spark-kit, zookeeper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0133-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-monasca-agent, spark, spark-kit, zookeeper fixes the following issues: - CVE-2021-4104: Remove JMSAppender from log4j jars (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-133=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-133=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openstack-monasca-agent-2.8.2~dev5-3.15.1 python-monasca-agent-2.8.2~dev5-3.15.1 spark-2.2.3-5.6.1 zookeeper-server-3.4.13-3.9.1 - SUSE OpenStack Cloud 9 (noarch): openstack-monasca-agent-2.8.2~dev5-3.15.1 python-monasca-agent-2.8.2~dev5-3.15.1 spark-2.2.3-5.6.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.29.1 zookeeper-server-3.4.13-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 From sle-updates at lists.suse.com Thu Jan 20 14:29:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 15:29:04 +0100 (CET) Subject: SUSE-SU-2022:0134-1: moderate: Security update for python-numpy Message-ID: <20220120142904.CF4AFFF4E@maintenance.suse.de> SUSE Security Update: Security update for python-numpy ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0134-1 Rating: moderate References: #1193907 #1193913 Cross-References: CVE-2021-33430 CVE-2021-41496 CVSS scores: CVE-2021-33430 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for python-numpy fixes the following issues: - CVE-2021-33430: Fixed buffer overflow that could lead to DoS in PyArray_NewFromDescr_int function of ctors.c (bsc#1193913). - CVE-2021-41496: Fixed buffer overflow that could lead to DoS in array_from_pyobj function of fortranobject.c (bsc#1193907). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-134=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-134=1 Package List: - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): python-numpy_1_17_3-gnu-hpc-debugsource-1.17.3-10.1 python3-numpy-gnu-hpc-1.17.3-10.1 python3-numpy-gnu-hpc-devel-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-debuginfo-1.17.3-10.1 python3-numpy_1_17_3-gnu-hpc-devel-1.17.3-10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python-numpy-debugsource-1.17.3-10.1 python3-numpy-1.17.3-10.1 python3-numpy-debuginfo-1.17.3-10.1 python3-numpy-devel-1.17.3-10.1 References: https://www.suse.com/security/cve/CVE-2021-33430.html https://www.suse.com/security/cve/CVE-2021-41496.html https://bugzilla.suse.com/1193907 https://bugzilla.suse.com/1193913 From sle-updates at lists.suse.com Thu Jan 20 14:30:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 15:30:35 +0100 (CET) Subject: SUSE-SU-2022:0136-1: important: Security update for MozillaFirefox Message-ID: <20220120143035.ADF62FF4E@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0136-1 Rating: important References: #1194547 Cross-References: CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 Affected Products: SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-136=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-136=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-136=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-136=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-136=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-136=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-136=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-136=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-136=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-136=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.5.0-152.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.5.0-152.12.1 MozillaFirefox-debuginfo-91.5.0-152.12.1 MozillaFirefox-debugsource-91.5.0-152.12.1 MozillaFirefox-devel-91.5.0-152.12.1 MozillaFirefox-translations-common-91.5.0-152.12.1 MozillaFirefox-translations-other-91.5.0-152.12.1 References: https://www.suse.com/security/cve/CVE-2021-4140.html https://www.suse.com/security/cve/CVE-2022-22737.html https://www.suse.com/security/cve/CVE-2022-22738.html https://www.suse.com/security/cve/CVE-2022-22739.html https://www.suse.com/security/cve/CVE-2022-22740.html https://www.suse.com/security/cve/CVE-2022-22741.html https://www.suse.com/security/cve/CVE-2022-22742.html https://www.suse.com/security/cve/CVE-2022-22743.html https://www.suse.com/security/cve/CVE-2022-22744.html https://www.suse.com/security/cve/CVE-2022-22745.html https://www.suse.com/security/cve/CVE-2022-22746.html https://www.suse.com/security/cve/CVE-2022-22747.html https://www.suse.com/security/cve/CVE-2022-22748.html https://www.suse.com/security/cve/CVE-2022-22751.html https://bugzilla.suse.com/1194547 From sle-updates at lists.suse.com Thu Jan 20 14:32:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 15:32:21 +0100 (CET) Subject: SUSE-SU-2022:0137-1: important: Security update for MozillaFirefox Message-ID: <20220120143221.50AE1FF4E@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0137-1 Rating: important References: #1194547 Cross-References: CVE-2021-4140 CVE-2022-22737 CVE-2022-22738 CVE-2022-22739 CVE-2022-22740 CVE-2022-22741 CVE-2022-22742 CVE-2022-22743 CVE-2022-22744 CVE-2022-22745 CVE-2022-22746 CVE-2022-22747 CVE-2022-22748 CVE-2022-22751 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - CVE-2021-4140: Fixed iframe sandbox bypass with XSLT (bsc#1194547). - CVE-2022-22737: Fixed race condition when playing audio files (bsc#1194547). - CVE-2022-22738: Fixed heap-buffer-overflow in blendGaussianBlur (bsc#1194547). - CVE-2022-22739: Fixed missing throttling on external protocol launch dialog (bsc#1194547). - CVE-2022-22740: Fixed use-after-free of ChannelEventQueue::mOwner (bsc#1194547). - CVE-2022-22741: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22742: Fixed out-of-bounds memory access when inserting text in edit mode (bsc#1194547). - CVE-2022-22743: Fixed browser window spoof using fullscreen mode (bsc#1194547). - CVE-2022-22744: Fixed possible command injection via the 'Copy as curl' feature in DevTools (bsc#1194547). - CVE-2022-22745: Fixed leaking cross-origin URLs through securitypolicyviolation event (bsc#1194547). - CVE-2022-22746: Fixed calling into reportValidity could have lead to fullscreen window spoof (bsc#1194547). - CVE-2022-22747: Fixed crash when handling empty pkcs7 sequence(bsc#1194547). - CVE-2022-22748: Fixed spoofed origin on external protocol launch dialog (bsc#1194547). - CVE-2022-22751: Fixed memory safety bugs (bsc#1194547). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-137=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-137=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-137=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-137=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-137=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-137=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-137=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-137=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-137=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-137=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.5.0-150.15.1 MozillaFirefox-debuginfo-91.5.0-150.15.1 MozillaFirefox-debugsource-91.5.0-150.15.1 MozillaFirefox-devel-91.5.0-150.15.1 MozillaFirefox-translations-common-91.5.0-150.15.1 MozillaFirefox-translations-other-91.5.0-150.15.1 References: https://www.suse.com/security/cve/CVE-2021-4140.html https://www.suse.com/security/cve/CVE-2022-22737.html https://www.suse.com/security/cve/CVE-2022-22738.html https://www.suse.com/security/cve/CVE-2022-22739.html https://www.suse.com/security/cve/CVE-2022-22740.html https://www.suse.com/security/cve/CVE-2022-22741.html https://www.suse.com/security/cve/CVE-2022-22742.html https://www.suse.com/security/cve/CVE-2022-22743.html https://www.suse.com/security/cve/CVE-2022-22744.html https://www.suse.com/security/cve/CVE-2022-22745.html https://www.suse.com/security/cve/CVE-2022-22746.html https://www.suse.com/security/cve/CVE-2022-22747.html https://www.suse.com/security/cve/CVE-2022-22748.html https://www.suse.com/security/cve/CVE-2022-22751.html https://bugzilla.suse.com/1194547 From sle-updates at lists.suse.com Thu Jan 20 15:53:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 16:53:21 +0100 (CET) Subject: SUSE-CU-2022:48-1: Security update of suse/sle15 Message-ID: <20220120155321.B6002FF4E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:48-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.77 Container Release : 9.5.77 Severity : moderate Type : security References : 1169614 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). The following package changes have been done: - permissions-20181225-23.12.1 updated From sle-updates at lists.suse.com Thu Jan 20 17:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 18:21:26 +0100 (CET) Subject: SUSE-SU-2022:0138-1: important: Security update for grafana Message-ID: <20220120172126.7DA09FF55@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0138-1 Rating: important References: #1191454 #1193688 Cross-References: CVE-2021-39226 CVE-2021-43813 CVSS scores: CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grafana fixes the following issues: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454) - CVE-2021-43813: Fixed markdown path traversal (bsc#1193688) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-138=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): grafana-7.5.12-1.27.1 References: https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-43813.html https://bugzilla.suse.com/1191454 https://bugzilla.suse.com/1193688 From sle-updates at lists.suse.com Thu Jan 20 17:25:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 18:25:24 +0100 (CET) Subject: SUSE-SU-2022:0141-1: moderate: Security update for permissions Message-ID: <20220120172524.C9CC3FF55@maintenance.suse.de> SUSE Security Update: Security update for permissions ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0141-1 Rating: moderate References: #1169614 Affected Products: SUSE MicroOS 5.1 SUSE MicroOS 5.0 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-141=1 - SUSE MicroOS 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-141=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-141=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): permissions-20181225-23.12.1 permissions-debuginfo-20181225-23.12.1 permissions-debugsource-20181225-23.12.1 - SUSE MicroOS 5.0 (aarch64 x86_64): permissions-20181225-23.12.1 permissions-debuginfo-20181225-23.12.1 permissions-debugsource-20181225-23.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): permissions-20181225-23.12.1 permissions-debuginfo-20181225-23.12.1 permissions-debugsource-20181225-23.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): permissions-zypp-plugin-20181225-23.12.1 References: https://bugzilla.suse.com/1169614 From sle-updates at lists.suse.com Thu Jan 20 17:26:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 18:26:51 +0100 (CET) Subject: SUSE-RU-2022:0143-1: moderate: Recommended update for java-11-openjdk Message-ID: <20220120172651.CECCBFF55@maintenance.suse.de> SUSE Recommended Update: Recommended update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0143-1 Rating: moderate References: #1193314 Affected Products: SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for java-11-openjdk fixes the following issues: - Java Cryptography was always operating in FIPS mode if crypto-policies was not used. - Allow plain key import in fips mode unless "com.suse.fips.plainKeySupport" is set to false Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-143=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-143=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-143=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-143=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-143=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-143=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2022-143=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-143=1 - SUSE Linux Enterprise Module for Basesystem 15-SP2: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2022-143=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-143=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-143=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-143=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-143=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-143=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.13.0-3.68.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): java-11-openjdk-javadoc-11.0.13.0-3.68.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-jmods-11.0.13.0-3.68.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (noarch): java-11-openjdk-javadoc-11.0.13.0-3.68.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 - SUSE CaaS Platform 4.0 (x86_64): java-11-openjdk-11.0.13.0-3.68.1 java-11-openjdk-debugsource-11.0.13.0-3.68.1 java-11-openjdk-demo-11.0.13.0-3.68.1 java-11-openjdk-devel-11.0.13.0-3.68.1 java-11-openjdk-headless-11.0.13.0-3.68.1 References: https://bugzilla.suse.com/1193314 From sle-updates at lists.suse.com Thu Jan 20 17:28:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 18:28:15 +0100 (CET) Subject: SUSE-SU-2022:0139-1: important: Security update for grafana Message-ID: <20220120172815.0975DFF55@maintenance.suse.de> SUSE Security Update: Security update for grafana ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0139-1 Rating: important References: #1191454 #1193688 Cross-References: CVE-2021-39226 CVE-2021-43813 CVSS scores: CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for grafana fixes the following issues: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454) - CVE-2021-43813: Fixed markdown path traversal (bsc#1193688) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-139=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-7.5.12-1.27.1 References: https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-43813.html https://bugzilla.suse.com/1191454 https://bugzilla.suse.com/1193688 From sle-updates at lists.suse.com Thu Jan 20 17:30:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 18:30:05 +0100 (CET) Subject: SUSE-SU-2022:0142-1: important: Security update for webkit2gtk3 Message-ID: <20220120173005.384ABFF55@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0142-1 Rating: important References: #1194019 Cross-References: CVE-2018-8518 CVE-2018-8523 CVE-2019-8551 CVE-2019-8558 CVE-2019-8559 CVE-2019-8563 CVE-2019-8674 CVE-2019-8681 CVE-2019-8684 CVE-2019-8687 CVE-2019-8688 CVE-2019-8689 CVE-2019-8690 CVE-2019-8707 CVE-2019-8719 CVE-2019-8726 CVE-2019-8733 CVE-2019-8763 CVE-2019-8765 CVE-2019-8766 CVE-2019-8768 CVE-2019-8782 CVE-2019-8808 CVE-2019-8815 CVE-2019-8821 CVE-2019-8822 CVE-2020-10018 CVE-2020-13753 CVE-2020-27918 CVE-2020-29623 CVE-2020-3885 CVE-2020-3894 CVE-2020-3895 CVE-2020-3897 CVE-2020-3900 CVE-2020-3901 CVE-2020-3902 CVE-2020-9802 CVE-2020-9803 CVE-2020-9805 CVE-2020-9947 CVE-2020-9948 CVE-2020-9951 CVE-2020-9952 CVE-2021-1765 CVE-2021-1788 CVE-2021-1817 CVE-2021-1820 CVE-2021-1825 CVE-2021-1826 CVE-2021-1844 CVE-2021-1871 CVE-2021-30661 CVE-2021-30666 CVE-2021-30682 CVE-2021-30761 CVE-2021-30762 CVE-2021-30809 CVE-2021-30818 CVE-2021-30823 CVE-2021-30836 CVE-2021-30846 CVE-2021-30848 CVE-2021-30849 CVE-2021-30851 CVE-2021-30858 CVE-2021-30884 CVE-2021-30887 CVE-2021-30888 CVE-2021-30889 CVE-2021-30890 CVE-2021-30897 CVSS scores: CVE-2018-8518 (NVD) : 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2019-8551 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-8551 (SUSE): 7.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L CVE-2019-8558 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8559 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8559 (SUSE): 7.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L CVE-2019-8563 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8563 (SUSE): 8.2 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L CVE-2019-8674 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-8681 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8681 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2019-8684 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8684 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2019-8687 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8688 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8688 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2019-8689 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8690 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-8690 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2019-8707 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8707 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8719 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-8719 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2019-8726 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8733 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8733 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8763 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8765 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8765 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8766 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8766 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8768 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-8768 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2019-8782 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8782 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8808 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8808 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8815 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8815 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8821 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8821 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8822 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-8822 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-10018 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-10018 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-13753 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2020-13753 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-27918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2020-29623 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2020-3885 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2020-3894 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-3894 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2020-3895 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-3897 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-3897 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-3900 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-3901 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-3902 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-3902 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2020-9802 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9802 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-9803 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9803 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-9805 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2020-9805 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2020-9947 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9947 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9948 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9951 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9951 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-9952 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2020-9952 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-1765 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1765 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1788 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1788 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1844 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1871 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-1871 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30809 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30809 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30818 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30818 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30823 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-30823 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-30836 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-30836 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-30846 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30846 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30848 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30848 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30849 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30858 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30858 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30884 (NVD) : 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2021-30884 (SUSE): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N CVE-2021-30887 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-30887 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-30888 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-30888 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2021-30889 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30889 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30890 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-30890 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-30897 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes 72 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: - Update to version 2.34.3 (bsc#1194019). - CVE-2021-30887: Fixed logic issue allowing unexpectedly unenforced Content Security Policy when processing maliciously crafted web content. - CVE-2021-30890: Fixed logic issue allowing universal cross site scripting when processing maliciously crafted web content. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-142=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-142=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-142=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-142=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-142=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-142=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-142=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-142=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-142=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-142=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-142=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-142=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-142=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE OpenStack Cloud 8 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE OpenStack Cloud 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 webkit2gtk3-devel-2.34.3-2.82.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 webkit2gtk3-devel-2.34.3-2.82.1 - HPE Helion Openstack 8 (x86_64): libjavascriptcoregtk-4_0-18-2.34.3-2.82.1 libjavascriptcoregtk-4_0-18-debuginfo-2.34.3-2.82.1 libwebkit2gtk-4_0-37-2.34.3-2.82.1 libwebkit2gtk-4_0-37-debuginfo-2.34.3-2.82.1 typelib-1_0-JavaScriptCore-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2-4_0-2.34.3-2.82.1 typelib-1_0-WebKit2WebExtension-4_0-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-2.34.3-2.82.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.34.3-2.82.1 webkit2gtk3-debugsource-2.34.3-2.82.1 - HPE Helion Openstack 8 (noarch): libwebkit2gtk3-lang-2.34.3-2.82.1 References: https://www.suse.com/security/cve/CVE-2018-8518.html https://www.suse.com/security/cve/CVE-2018-8523.html https://www.suse.com/security/cve/CVE-2019-8551.html https://www.suse.com/security/cve/CVE-2019-8558.html https://www.suse.com/security/cve/CVE-2019-8559.html https://www.suse.com/security/cve/CVE-2019-8563.html https://www.suse.com/security/cve/CVE-2019-8674.html https://www.suse.com/security/cve/CVE-2019-8681.html https://www.suse.com/security/cve/CVE-2019-8684.html https://www.suse.com/security/cve/CVE-2019-8687.html https://www.suse.com/security/cve/CVE-2019-8688.html https://www.suse.com/security/cve/CVE-2019-8689.html https://www.suse.com/security/cve/CVE-2019-8690.html https://www.suse.com/security/cve/CVE-2019-8707.html https://www.suse.com/security/cve/CVE-2019-8719.html https://www.suse.com/security/cve/CVE-2019-8726.html https://www.suse.com/security/cve/CVE-2019-8733.html https://www.suse.com/security/cve/CVE-2019-8763.html https://www.suse.com/security/cve/CVE-2019-8765.html https://www.suse.com/security/cve/CVE-2019-8766.html https://www.suse.com/security/cve/CVE-2019-8768.html https://www.suse.com/security/cve/CVE-2019-8782.html https://www.suse.com/security/cve/CVE-2019-8808.html https://www.suse.com/security/cve/CVE-2019-8815.html https://www.suse.com/security/cve/CVE-2019-8821.html https://www.suse.com/security/cve/CVE-2019-8822.html https://www.suse.com/security/cve/CVE-2020-10018.html https://www.suse.com/security/cve/CVE-2020-13753.html https://www.suse.com/security/cve/CVE-2020-27918.html https://www.suse.com/security/cve/CVE-2020-29623.html https://www.suse.com/security/cve/CVE-2020-3885.html https://www.suse.com/security/cve/CVE-2020-3894.html https://www.suse.com/security/cve/CVE-2020-3895.html https://www.suse.com/security/cve/CVE-2020-3897.html https://www.suse.com/security/cve/CVE-2020-3900.html https://www.suse.com/security/cve/CVE-2020-3901.html https://www.suse.com/security/cve/CVE-2020-3902.html https://www.suse.com/security/cve/CVE-2020-9802.html https://www.suse.com/security/cve/CVE-2020-9803.html https://www.suse.com/security/cve/CVE-2020-9805.html https://www.suse.com/security/cve/CVE-2020-9947.html https://www.suse.com/security/cve/CVE-2020-9948.html https://www.suse.com/security/cve/CVE-2020-9951.html https://www.suse.com/security/cve/CVE-2020-9952.html https://www.suse.com/security/cve/CVE-2021-1765.html https://www.suse.com/security/cve/CVE-2021-1788.html https://www.suse.com/security/cve/CVE-2021-1817.html https://www.suse.com/security/cve/CVE-2021-1820.html https://www.suse.com/security/cve/CVE-2021-1825.html https://www.suse.com/security/cve/CVE-2021-1826.html https://www.suse.com/security/cve/CVE-2021-1844.html https://www.suse.com/security/cve/CVE-2021-1871.html https://www.suse.com/security/cve/CVE-2021-30661.html https://www.suse.com/security/cve/CVE-2021-30666.html https://www.suse.com/security/cve/CVE-2021-30682.html https://www.suse.com/security/cve/CVE-2021-30761.html https://www.suse.com/security/cve/CVE-2021-30762.html https://www.suse.com/security/cve/CVE-2021-30809.html https://www.suse.com/security/cve/CVE-2021-30818.html https://www.suse.com/security/cve/CVE-2021-30823.html https://www.suse.com/security/cve/CVE-2021-30836.html https://www.suse.com/security/cve/CVE-2021-30846.html https://www.suse.com/security/cve/CVE-2021-30848.html https://www.suse.com/security/cve/CVE-2021-30849.html https://www.suse.com/security/cve/CVE-2021-30851.html https://www.suse.com/security/cve/CVE-2021-30858.html https://www.suse.com/security/cve/CVE-2021-30884.html https://www.suse.com/security/cve/CVE-2021-30887.html https://www.suse.com/security/cve/CVE-2021-30888.html https://www.suse.com/security/cve/CVE-2021-30889.html https://www.suse.com/security/cve/CVE-2021-30890.html https://www.suse.com/security/cve/CVE-2021-30897.html https://bugzilla.suse.com/1194019 From sle-updates at lists.suse.com Thu Jan 20 19:41:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 20:41:05 +0100 (CET) Subject: SUSE-CU-2022:50-1: Security update of suse/sle15 Message-ID: <20220120194105.6508CFF4E@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:50-1 Container Tags : suse/sle15:15.3 , suse/sle15:15.3.150300.17.8.62 Container Release : 150300.17.8.62 Severity : moderate Type : security References : 1169614 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). The following package changes have been done: - permissions-20181225-23.12.1 updated From sle-updates at lists.suse.com Thu Jan 20 20:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 21:17:13 +0100 (CET) Subject: SUSE-RU-2022:0146-1: moderate: Recommended update for nodejs16 Message-ID: <20220120201713.14780FF55@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0146-1 Rating: moderate References: SLE-21235 Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for nodejs16 fixes the following issues: NodeJS 16 is shipped in version 16.13.2. For complete list of changes since 15.x, please see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md# 16.0.0 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-146=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs16-16.13.2-150300.7.3.1 nodejs16-debuginfo-16.13.2-150300.7.3.1 nodejs16-debugsource-16.13.2-150300.7.3.1 nodejs16-devel-16.13.2-150300.7.3.1 npm16-16.13.2-150300.7.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs16-docs-16.13.2-150300.7.3.1 References: From sle-updates at lists.suse.com Thu Jan 20 20:18:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 21:18:20 +0100 (CET) Subject: SUSE-SU-2022:0091-2: important: Security update for apache2 Message-ID: <20220120201820.BFB87FF55@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0091-2 Rating: important References: #1193942 #1193943 SLE-22733 SLE-22849 Cross-References: CVE-2021-44224 CVE-2021-44790 CVSS scores: CVE-2021-44224 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44790 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities, contains two features is now available. Description: This update for apache2 fixes the following issues: Apache2 was updated to the current stable version 2.4.51 (jsc#SLE-22733 jsc#SLE-22849) It fixes all CVEs and selected bugs represented by patches found between 2.4.23 and 2.4.51. See https://downloads.apache.org/httpd/CHANGES_2.4 for a complete change log. Also fixed: - CVE-2021-44224: Fixed NULL dereference or SSRF in forward proxy configurations (bsc#1193943) - CVE-2021-44790: Fixed buffer overflow when parsing multipart content in mod_lua (bsc#1193942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2022-91=1 Package List: - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (aarch64 ppc64le s390x x86_64): apache2-event-2.4.51-3.37.1 apache2-event-debuginfo-2.4.51-3.37.1 References: https://www.suse.com/security/cve/CVE-2021-44224.html https://www.suse.com/security/cve/CVE-2021-44790.html https://bugzilla.suse.com/1193942 https://bugzilla.suse.com/1193943 From sle-updates at lists.suse.com Thu Jan 20 20:20:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 21:20:50 +0100 (CET) Subject: SUSE-RU-2022:0147-1: moderate: Recommended update for obs-service-format_spec_file Message-ID: <20220120202050.D4361FF55@maintenance.suse.de> SUSE Recommended Update: Recommended update for obs-service-format_spec_file ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0147-1 Rating: moderate References: SLE-18915 Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for obs-service-format_spec_file fixes the following issues: obs-service-format_spec_file: Update obs-service-format_spec_file from version 20191114 to version 20211115: - Sync license identifiers from SPDX (spdx.org). (jsc#SLE-18915) - Be more wary on usage of macros in Tags - Do not Cache Source.* but only Source[0-9]* - Stop pretending we can guess what the spec file is for - Avoid deep recursion in merge_comments - Allow to override date - Split out final comments in description - Make a special exception for short %p* snippets - Also split Conflict headers - Keep the old require sorting - Improve the performance of reorder_tags - Fix merge_comments - Do not split %if and section start - Support multiline copyrights (for Firefox) - Simplify how to calculate the `base_package` - Split tag values of certain tags - Be careful with macros that appear between tags - Replace SPDX mapper with an advanced version - Fix merging empty sections - Allow before lines to commented tags - Keep comments close to the original line - Review some deltas in the test suites that are acceptable for now - Parse more into the description - basically everything for now - Fix Release tag - Add an empty line before each section - Reorder tags that are below each other - Fix whitespace - Add test cases for spec-file cleaner (with current output) - Use perltidy like Cavil - Remove patch_license - old helper script for mass migration - Only parse Provides in Header section - Trim all trailing whitespace - including \r - Fix copyright year to 2012 in the test cases - Fetch licenses from JSON and remove + variants - Fetch exceptions from JSON - prepare_spec handle the case where License/Group are in a if/else/endif rpmlint: - Rebuild rpmlint with the new obs-service-format_spec_file. rpmlint-mini: - BuildRequires `python-rpm-macros` since the `py3_ver` macro is now considered obsolete in `python3-base`. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-147=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150300.18.6.8 rpmlint-mini-debuginfo-1.10-150300.18.6.8 rpmlint-mini-debugsource-1.10-150300.18.6.8 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): rpmlint-1.10-7.32.3 References: From sle-updates at lists.suse.com Thu Jan 20 20:21:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 21:21:59 +0100 (CET) Subject: SUSE-SU-2022:0144-1: moderate: Security update for cryptsetup Message-ID: <20220120202159.39BFCFF55@maintenance.suse.de> SUSE Security Update: Security update for cryptsetup ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0144-1 Rating: moderate References: #1194469 Cross-References: CVE-2021-4122 CVSS scores: CVE-2021-4122 (SUSE): 5.9 CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE MicroOS 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery (bsc#1194469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-144=1 Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): cryptsetup-2.3.7-150300.3.5.1 cryptsetup-debuginfo-2.3.7-150300.3.5.1 cryptsetup-debugsource-2.3.7-150300.3.5.1 libcryptsetup12-2.3.7-150300.3.5.1 libcryptsetup12-debuginfo-2.3.7-150300.3.5.1 libcryptsetup12-hmac-2.3.7-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cryptsetup-2.3.7-150300.3.5.1 cryptsetup-debuginfo-2.3.7-150300.3.5.1 cryptsetup-debugsource-2.3.7-150300.3.5.1 libcryptsetup-devel-2.3.7-150300.3.5.1 libcryptsetup12-2.3.7-150300.3.5.1 libcryptsetup12-debuginfo-2.3.7-150300.3.5.1 libcryptsetup12-hmac-2.3.7-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): cryptsetup-lang-2.3.7-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libcryptsetup12-32bit-2.3.7-150300.3.5.1 libcryptsetup12-32bit-debuginfo-2.3.7-150300.3.5.1 libcryptsetup12-hmac-32bit-2.3.7-150300.3.5.1 References: https://www.suse.com/security/cve/CVE-2021-4122.html https://bugzilla.suse.com/1194469 From sle-updates at lists.suse.com Thu Jan 20 20:23:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 20 Jan 2022 21:23:19 +0100 (CET) Subject: SUSE-SU-2022:0145-1: important: Security update for aide Message-ID: <20220120202319.ABFCEFF55@maintenance.suse.de> SUSE Security Update: Security update for aide ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0145-1 Rating: important References: #1194735 Cross-References: CVE-2021-45417 CVSS scores: CVE-2021-45417 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-145=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-145=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-145=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-145=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-145=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-145=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-145=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-145=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-145=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-145=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-145=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-145=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE OpenStack Cloud 9 (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE OpenStack Cloud 8 (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 - HPE Helion Openstack 8 (x86_64): aide-0.16-20.15.1 aide-debuginfo-0.16-20.15.1 aide-debugsource-0.16-20.15.1 References: https://www.suse.com/security/cve/CVE-2021-45417.html https://bugzilla.suse.com/1194735 From sle-updates at lists.suse.com Fri Jan 21 11:18:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jan 2022 12:18:31 +0100 (CET) Subject: SUSE-SU-2022:0149-1: moderate: Security update for rust1.56 Message-ID: <20220121111831.EFFC8FF55@maintenance.suse.de> SUSE Security Update: Security update for rust1.56 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0149-1 Rating: moderate References: #1194767 Cross-References: CVE-2022-21658 CVSS scores: CVE-2022-21658 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Development Tools 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust1.56 fixes the following issues: - CVE-2022-21658: Fixed race condition in std::fs::remove_dir_all (bsc#1194767). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-149=1 Package List: - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cargo1.56-1.56.1-150300.7.6.1 cargo1.56-debuginfo-1.56.1-150300.7.6.1 rust1.56-1.56.1-150300.7.6.1 rust1.56-debuginfo-1.56.1-150300.7.6.1 References: https://www.suse.com/security/cve/CVE-2022-21658.html https://bugzilla.suse.com/1194767 From sle-updates at lists.suse.com Fri Jan 21 11:19:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jan 2022 12:19:48 +0100 (CET) Subject: SUSE-RU-2022:0148-1: moderate: Recommended update for crmsh Message-ID: <20220121111948.74F84FF55@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0148-1 Rating: moderate References: #1191508 #1192618 Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix: ui_resource: Parse node and lifetime correctly (bsc#1192618) - Fix: ui_resource: Parse lifetime option correctly (bsc#1191508) - Fix: utils: Improve 'detect_cloud' function and support non-Hyper-V in Azure Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-148=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-148=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.1+git.1642405877.e4f905fc-2.68.1 crmsh-scripts-4.1.1+git.1642405877.e4f905fc-2.68.1 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.1+git.1642405877.e4f905fc-2.68.1 crmsh-scripts-4.1.1+git.1642405877.e4f905fc-2.68.1 References: https://bugzilla.suse.com/1191508 https://bugzilla.suse.com/1192618 From sle-updates at lists.suse.com Fri Jan 21 14:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jan 2022 15:19:19 +0100 (CET) Subject: SUSE-SU-2022:0150-1: important: Security update for aide Message-ID: <20220121141919.F17C2FF4E@maintenance.suse.de> SUSE Security Update: Security update for aide ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0150-1 Rating: important References: #1194735 Cross-References: CVE-2021-45417 CVSS scores: CVE-2021-45417 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE MicroOS 5.1 SUSE Manager Server 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Proxy 4.1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Enterprise Storage 7 SUSE Enterprise Storage 6 SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for aide fixes the following issues: - CVE-2021-45417: Fix a bufferoverflow in base64 functions (bsc#1194735) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE MicroOS 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-150=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-150=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-150=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-150=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-150=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-150=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-150=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-150=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-150=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-150=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-150=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-150=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-150=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-150=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-150=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-150=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-150=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-150=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-150=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-150=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-150=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-150=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE MicroOS 5.1 (aarch64 s390x x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Manager Proxy 4.1 (x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 - SUSE CaaS Platform 4.0 (x86_64): aide-0.16-24.1 aide-debuginfo-0.16-24.1 aide-debugsource-0.16-24.1 References: https://www.suse.com/security/cve/CVE-2021-45417.html https://bugzilla.suse.com/1194735 From sle-updates at lists.suse.com Fri Jan 21 17:19:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jan 2022 18:19:48 +0100 (CET) Subject: SUSE-RU-2022:0153-1: moderate: Recommended update for enchant Message-ID: <20220121171948.B5F74FF4E@maintenance.suse.de> SUSE Recommended Update: Recommended update for enchant ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0153-1 Rating: moderate References: #1089434 Affected Products: SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for enchant fixes the following issues: - Add missing closing parentheses for packageand Supplements. (bsc#1089434) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-153=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): enchant-2-backend-hunspell-2.2.5-4.6.1 enchant-2-backend-hunspell-debuginfo-2.2.5-4.6.1 enchant-data-2.2.5-4.6.1 enchant-debugsource-2.2.5-4.6.1 enchant-devel-2.2.5-4.6.1 libenchant-2-2-2.2.5-4.6.1 libenchant-2-2-debuginfo-2.2.5-4.6.1 References: https://bugzilla.suse.com/1089434 From sle-updates at lists.suse.com Fri Jan 21 17:21:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jan 2022 18:21:11 +0100 (CET) Subject: SUSE-SU-2022:0151-1: moderate: Security update for bind Message-ID: <20220121172111.0FE74FF4E@maintenance.suse.de> SUSE Security Update: Security update for bind ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0151-1 Rating: moderate References: #1192146 Cross-References: CVE-2021-25219 CVSS scores: CVE-2021-25219 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-25219 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bind fixes the following issues: - CVE-2021-25219: Fixed flaw that allowed abusing lame cache to severely degrade resolver performance (bsc#1192146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-151=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-151=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): bind-9.16.6-150300.22.13.1 bind-chrootenv-9.16.6-150300.22.13.1 bind-debuginfo-9.16.6-150300.22.13.1 bind-debugsource-9.16.6-150300.22.13.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): bind-doc-9.16.6-150300.22.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): bind-debuginfo-9.16.6-150300.22.13.1 bind-debugsource-9.16.6-150300.22.13.1 bind-devel-9.16.6-150300.22.13.1 bind-utils-9.16.6-150300.22.13.1 bind-utils-debuginfo-9.16.6-150300.22.13.1 libbind9-1600-9.16.6-150300.22.13.1 libbind9-1600-debuginfo-9.16.6-150300.22.13.1 libdns1605-9.16.6-150300.22.13.1 libdns1605-debuginfo-9.16.6-150300.22.13.1 libirs-devel-9.16.6-150300.22.13.1 libirs1601-9.16.6-150300.22.13.1 libirs1601-debuginfo-9.16.6-150300.22.13.1 libisc1606-9.16.6-150300.22.13.1 libisc1606-debuginfo-9.16.6-150300.22.13.1 libisccc1600-9.16.6-150300.22.13.1 libisccc1600-debuginfo-9.16.6-150300.22.13.1 libisccfg1600-9.16.6-150300.22.13.1 libisccfg1600-debuginfo-9.16.6-150300.22.13.1 libns1604-9.16.6-150300.22.13.1 libns1604-debuginfo-9.16.6-150300.22.13.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-bind-9.16.6-150300.22.13.1 References: https://www.suse.com/security/cve/CVE-2021-25219.html https://bugzilla.suse.com/1192146 From sle-updates at lists.suse.com Fri Jan 21 17:22:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 21 Jan 2022 18:22:26 +0100 (CET) Subject: SUSE-RU-2022:0152-1: moderate: Recommended update for nodejs16 Message-ID: <20220121172226.8E672FF4E@maintenance.suse.de> SUSE Recommended Update: Recommended update for nodejs16 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0152-1 Rating: moderate References: SLE-21234 Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for nodejs16 fixes the following issues: NodeJS 16 is shipped in version 16.13.2. For complete list of changes since 15.x, please see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V16.md# 16.0.0 Note that this packages is available in the Web and Scripting module only for: - SUSE Linux Enterprise Server 12 SP4 LTSS - SUSE Linux Enterprise Server 12 SP5 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-152=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs16-16.13.2-8.3.1 nodejs16-debuginfo-16.13.2-8.3.1 nodejs16-debugsource-16.13.2-8.3.1 nodejs16-devel-16.13.2-8.3.1 npm16-16.13.2-8.3.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs16-docs-16.13.2-8.3.1 References: From sle-updates at lists.suse.com Mon Jan 24 11:18:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 12:18:51 +0100 (CET) Subject: SUSE-RU-2022:0154-1: moderate: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Message-ID: <20220124111851.D54E1FD9B@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0154-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have "provisioned-by" annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced "SnapshotCreated" and "SnapshotReady" events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-154=1 Package List: - SUSE Enterprise Storage 7 (noarch): rook-ceph-helm-charts-1.7.7+git0.4ec49a23b-3.24.3 rook-k8s-yaml-1.7.7+git0.4ec49a23b-3.24.3 References: From sle-updates at lists.suse.com Mon Jan 24 14:18:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 15:18:13 +0100 (CET) Subject: SUSE-SU-2022:0161-1: important: Security update for zsh Message-ID: <20220124141813.24889FD9B@maintenance.suse.de> SUSE Security Update: Security update for zsh ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0161-1 Rating: important References: #1107294 #1107296 Cross-References: CVE-2018-0502 CVE-2018-13259 CVSS scores: CVE-2018-0502 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-0502 (SUSE): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2018-13259 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-13259 (SUSE): 7.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for zsh fixes the following issues: - CVE-2018-0502: Fixed execve call vulnerability to program named on the second line when the beginning of a #! script file was mishandled. (bsc#1107296, bsc#1107294) - CVE-2018-13259: Fixed execve call vulnerability to program name that is a substring of the intended one. (bsc#1107296, bsc#1107294) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-161=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-161=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-161=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-161=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-161=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-161=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-161=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-161=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-161=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-161=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-161=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-161=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE OpenStack Cloud 9 (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE OpenStack Cloud 8 (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 - HPE Helion Openstack 8 (x86_64): zsh-5.0.5-6.12.2 zsh-debuginfo-5.0.5-6.12.2 zsh-debugsource-5.0.5-6.12.2 References: https://www.suse.com/security/cve/CVE-2018-0502.html https://www.suse.com/security/cve/CVE-2018-13259.html https://bugzilla.suse.com/1107294 https://bugzilla.suse.com/1107296 From sle-updates at lists.suse.com Mon Jan 24 14:19:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 15:19:41 +0100 (CET) Subject: SUSE-RU-2022:0158-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20220124141941.D6348FD9B@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0158-1 Rating: important References: #1182026 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Follow up changes to (jsc#PCT-130, bsc#1182026) + Fix executable name for AHB service/timer + Update manpage for BYOS instance registration Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-158=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-158=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-158=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-158=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-9.3.1-6.57.1 cloud-regionsrv-client-addon-azure-1.0.0-6.57.1 cloud-regionsrv-client-generic-config-1.0.0-6.57.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.57.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.57.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.57.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-9.3.1-6.57.1 cloud-regionsrv-client-addon-azure-1.0.0-6.57.1 cloud-regionsrv-client-generic-config-1.0.0-6.57.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.57.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.57.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.57.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-9.3.1-6.57.1 cloud-regionsrv-client-addon-azure-1.0.0-6.57.1 cloud-regionsrv-client-generic-config-1.0.0-6.57.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.57.1 cloud-regionsrv-client-plugin-ec2-1.0.2-6.57.1 cloud-regionsrv-client-plugin-gce-1.0.0-6.57.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-9.3.1-6.57.1 cloud-regionsrv-client-plugin-azure-1.0.1-6.57.1 References: https://bugzilla.suse.com/1182026 From sle-updates at lists.suse.com Mon Jan 24 14:22:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 15:22:24 +0100 (CET) Subject: SUSE-SU-2022:0157-1: important: Security update for zxing-cpp Message-ID: <20220124142224.0B7A7FD9B@maintenance.suse.de> SUSE Security Update: Security update for zxing-cpp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0157-1 Rating: important References: #1191743 #1191942 #1191944 Cross-References: CVE-2021-28021 CVE-2021-42715 CVE-2021-42716 CVSS scores: CVE-2021-28021 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-42715 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-42716 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for zxing-cpp fixes the following issues: - CVE-2021-28021: Fixed buffer overflow vulnerability in function stbi__extend_receive in stb_image.h via a crafted JPEG file. (bsc#1191743). - CVE-2021-42715: Fixed buffer overflow in stb_image PNM loader (bsc#1191942). - CVE-2021-42716: Fixed denial of service in stb_image HDR loader when reading crafted HDR files (bsc#1191944). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-157=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-157=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libZXing1-1.2.0-9.7.1 libZXing1-debuginfo-1.2.0-9.7.1 zxing-cpp-debugsource-1.2.0-9.7.1 zxing-cpp-devel-1.2.0-9.7.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): libZXing1-1.2.0-9.7.1 libZXing1-debuginfo-1.2.0-9.7.1 zxing-cpp-debugsource-1.2.0-9.7.1 zxing-cpp-devel-1.2.0-9.7.1 References: https://www.suse.com/security/cve/CVE-2021-28021.html https://www.suse.com/security/cve/CVE-2021-42715.html https://www.suse.com/security/cve/CVE-2021-42716.html https://bugzilla.suse.com/1191743 https://bugzilla.suse.com/1191942 https://bugzilla.suse.com/1191944 From sle-updates at lists.suse.com Mon Jan 24 14:26:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 15:26:16 +0100 (CET) Subject: SUSE-SU-2022:0160-1: important: Security update for clamav Message-ID: <20220124142616.A10FEFD9B@maintenance.suse.de> SUSE Security Update: Security update for clamav ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0160-1 Rating: important References: #1194731 Cross-References: CVE-2022-20698 CVSS scores: CVE-2022-20698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for clamav fixes the following issues: - CVE-2022-20698: Fixed invalid pointer read allowing denial of service crash. (bsc#1194731) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-160=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): clamav-0.103.5-3.15.1 clamav-debuginfo-0.103.5-3.15.1 clamav-debugsource-0.103.5-3.15.1 References: https://www.suse.com/security/cve/CVE-2022-20698.html https://bugzilla.suse.com/1194731 From sle-updates at lists.suse.com Mon Jan 24 17:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 18:18:57 +0100 (CET) Subject: SUSE-SU-2022:0163-1: important: Security update for zxing-cpp Message-ID: <20220124171857.26E7EFD9B@maintenance.suse.de> SUSE Security Update: Security update for zxing-cpp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0163-1 Rating: important References: #1191743 #1191942 #1191944 Cross-References: CVE-2021-28021 CVE-2021-42715 CVE-2021-42716 CVSS scores: CVE-2021-28021 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-42715 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-42716 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for zxing-cpp fixes the following issues: - CVE-2021-28021: Fixed buffer overflow vulnerability in function stbi__extend_receive in stb_image.h via a crafted JPEG file. (bsc#1191743). - CVE-2021-42715: Fixed buffer overflow in stb_image PNM loader (bsc#1191942). - CVE-2021-42716: Fixed denial of service in stb_image HDR loader when reading crafted HDR files (bsc#1191944). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-163=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-163=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libZXing1-1.2.0-8.6.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libZXing1-1.2.0-8.6.1 libZXing1-debuginfo-1.2.0-8.6.1 zxing-cpp-debugsource-1.2.0-8.6.1 zxing-cpp-devel-1.2.0-8.6.1 References: https://www.suse.com/security/cve/CVE-2021-28021.html https://www.suse.com/security/cve/CVE-2021-42715.html https://www.suse.com/security/cve/CVE-2021-42716.html https://bugzilla.suse.com/1191743 https://bugzilla.suse.com/1191942 https://bugzilla.suse.com/1191944 From sle-updates at lists.suse.com Mon Jan 24 20:17:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 21:17:29 +0100 (CET) Subject: SUSE-RU-2022:0167-1: moderate: Recommended update for cloud-netconfig Message-ID: <20220124201729.4C8E3FD9B@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-netconfig ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0167-1 Rating: moderate References: #1187939 MSC-271 Affected Products: SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for cloud-netconfig fixes the following issues: - Update to version 1.6: + Ignore proxy when accessing metadata (bsc#1187939) + Print warning in case metadata is not accessible + Documentation update Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-167=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-167=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-167=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-167=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-netconfig-azure-1.6-25.5.1 cloud-netconfig-ec2-1.6-25.5.1 cloud-netconfig-gce-1.6-25.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-netconfig-azure-1.6-25.5.1 cloud-netconfig-ec2-1.6-25.5.1 cloud-netconfig-gce-1.6-25.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-netconfig-azure-1.6-25.5.1 cloud-netconfig-ec2-1.6-25.5.1 cloud-netconfig-gce-1.6-25.5.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-netconfig-azure-1.6-25.5.1 cloud-netconfig-ec2-1.6-25.5.1 cloud-netconfig-gce-1.6-25.5.1 References: https://bugzilla.suse.com/1187939 From sle-updates at lists.suse.com Mon Jan 24 20:20:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 24 Jan 2022 21:20:06 +0100 (CET) Subject: SUSE-SU-2022:0166-1: moderate: Security update for java-1_7_1-ibm Message-ID: <20220124202006.9B63EFD9B@maintenance.suse.de> SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0166-1 Rating: moderate References: #1185055 #1188564 #1188565 #1188568 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2432 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-2432 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556: Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-166=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-166=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-166=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-166=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-166=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-166=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-166=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-166=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-166=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-166=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-166=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-166=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-166=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2432.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188568 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 From sle-updates at lists.suse.com Tue Jan 25 07:49:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 08:49:20 +0100 (CET) Subject: SUSE-CU-2022:51-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20220125074920.79AA0FBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:51-1 Container Tags : ses/7/cephcsi/cephcsi:3.4.0 , ses/7/cephcsi/cephcsi:3.4.0.0.3.699 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.4.0 , ses/7/cephcsi/cephcsi:v3.4.0.0 Container Release : 3.699 Severity : important Type : security References : 1169614 1174504 1180125 1183905 1191630 1192489 1193181 1193480 1193711 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:70-1 Released: Thu Jan 13 15:25:27 2022 Summary: Recommended update for python-configshell-fb Type: recommended Severity: moderate References: This update for python-configshell-fb fixes the following issues: - Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360): * setup.py: specify a version range for pyparsing * setup.py: lets stick to pyparsing v2.4.7 * Don't warn if prefs file doesn't exist - Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360): * version 1.1.28 * Ensure that all output reaches the client when daemonized * Remove Epydoc markup from command messages * Remove epydoc imports and epydoc calls ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:124-1 Released: Wed Jan 19 05:03:04 2022 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1191630 This update for shared-mime-info fixes the following issues: - Fix nautilus not launching applications because all applications are not detected as executable program but as shared library (bsc#1191630) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - ceph-csi-3.4.0+git0.94ef181bc-5.24.3 updated - device-mapper-1.02.163-8.39.1 updated - libdevmapper-event1_03-1.02.163-8.39.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - liblvm2cmd2_03-2.03.05-8.39.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 updated - libopenssl1_1-1.1.1d-11.38.1 updated - lvm2-2.03.05-8.39.1 updated - openssl-1_1-1.1.1d-11.38.1 updated - permissions-20181225-23.12.1 updated - python3-configshell-fb-1.1.29-3.3.1 updated - rpm-4.14.1-22.7.1 updated - shared-mime-info-1.12-3.3.1 updated - container:ceph-image-1.0.0-6.93 updated From sle-updates at lists.suse.com Tue Jan 25 07:50:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 08:50:56 +0100 (CET) Subject: SUSE-CU-2022:52-1: Security update of ses/7/cephcsi/csi-attacher Message-ID: <20220125075056.58314FBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:52-1 Container Tags : ses/7/cephcsi/csi-attacher:v3.3.0 , ses/7/cephcsi/csi-attacher:v3.3.0-rev1 , ses/7/cephcsi/csi-attacher:v3.3.0-rev1-build3.443 Container Release : 3.443 Severity : critical Type : security References : 1027496 1029961 1113013 1122417 1125886 1134353 1161276 1162581 1169614 1171962 1172973 1172974 1174504 1174504 1177127 1178236 1179416 1180064 1180125 1183085 1183543 1183545 1183632 1183659 1184614 1184994 1184994 1185016 1185299 1185524 1186489 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344 1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717 1193480 1193481 1193521 1193711 CVE-2016-10228 CVE-2019-20838 CVE-2020-14155 CVE-2020-29361 CVE-2021-20266 CVE-2021-20271 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3421 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cpio-2.12-3.9.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - csi-external-attacher-3.3.0-3.11.2 updated - file-magic-5.32-7.14.1 updated - glibc-2.26-13.62.1 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.33.2-4.16.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 added - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-hmac-3.6.7-14.13.5 added - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 added - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libuuid1-2.33.2-4.16.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - pam-1.3.0-6.50.1 updated - patterns-base-fips-20200124-4.12.1 added - permissions-20181225-23.12.1 updated - rpm-4.14.1-22.7.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-9.5.77 updated From sle-updates at lists.suse.com Tue Jan 25 07:52:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 08:52:19 +0100 (CET) Subject: SUSE-CU-2022:53-1: Security update of ses/7/cephcsi/csi-node-driver-registrar Message-ID: <20220125075219.E2E1AFBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:53-1 Container Tags : ses/7/cephcsi/csi-node-driver-registrar:v2.3.0 , ses/7/cephcsi/csi-node-driver-registrar:v2.3.0-rev1 , ses/7/cephcsi/csi-node-driver-registrar:v2.3.0-rev1-build3.426 Container Release : 3.426 Severity : critical Type : security References : 1027496 1029961 1113013 1122417 1125886 1134353 1161276 1162581 1169614 1171962 1172973 1172974 1174504 1174504 1177127 1178236 1179416 1180064 1180125 1183085 1183543 1183545 1183632 1183659 1184614 1184994 1184994 1185016 1185299 1185524 1186489 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344 1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717 1193480 1193481 1193521 1193711 CVE-2016-10228 CVE-2019-20838 CVE-2020-14155 CVE-2020-29361 CVE-2021-20266 CVE-2021-20271 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3421 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cpio-2.12-3.9.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - csi-node-driver-registrar-2.3.0-3.9.2 updated - file-magic-5.32-7.14.1 updated - glibc-2.26-13.62.1 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.33.2-4.16.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 added - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-hmac-3.6.7-14.13.5 added - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 added - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libuuid1-2.33.2-4.16.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - pam-1.3.0-6.50.1 updated - patterns-base-fips-20200124-4.12.1 added - permissions-20181225-23.12.1 updated - rpm-4.14.1-22.7.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-9.5.77 updated From sle-updates at lists.suse.com Tue Jan 25 07:53:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 08:53:50 +0100 (CET) Subject: SUSE-CU-2022:54-1: Security update of ses/7/cephcsi/csi-provisioner Message-ID: <20220125075350.31D55FBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:54-1 Container Tags : ses/7/cephcsi/csi-provisioner:v3.0.0 , ses/7/cephcsi/csi-provisioner:v3.0.0-rev1 , ses/7/cephcsi/csi-provisioner:v3.0.0-rev1-build3.415 Container Release : 3.415 Severity : critical Type : security References : 1027496 1029961 1113013 1122417 1125886 1134353 1161276 1162581 1169614 1171962 1172973 1172974 1174504 1174504 1177127 1178236 1179416 1180064 1180125 1183085 1183543 1183545 1183632 1183659 1184614 1184994 1184994 1185016 1185299 1185524 1186489 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344 1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717 1193480 1193481 1193521 1193711 CVE-2016-10228 CVE-2019-20838 CVE-2020-14155 CVE-2020-29361 CVE-2021-20266 CVE-2021-20271 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3421 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cpio-2.12-3.9.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - csi-external-provisioner-3.0.0-3.11.2 updated - file-magic-5.32-7.14.1 updated - glibc-2.26-13.62.1 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.33.2-4.16.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 added - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-hmac-3.6.7-14.13.5 added - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 added - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libuuid1-2.33.2-4.16.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - pam-1.3.0-6.50.1 updated - patterns-base-fips-20200124-4.12.1 added - permissions-20181225-23.12.1 updated - rpm-4.14.1-22.7.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-9.5.77 updated From sle-updates at lists.suse.com Tue Jan 25 07:55:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 08:55:19 +0100 (CET) Subject: SUSE-CU-2022:55-1: Security update of ses/7/cephcsi/csi-resizer Message-ID: <20220125075519.D0110FBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:55-1 Container Tags : ses/7/cephcsi/csi-resizer:v1.3.0 , ses/7/cephcsi/csi-resizer:v1.3.0-rev1 , ses/7/cephcsi/csi-resizer:v1.3.0-rev1-build3.412 Container Release : 3.412 Severity : critical Type : security References : 1027496 1029961 1113013 1122417 1125886 1134353 1161276 1162581 1169614 1171962 1172973 1172974 1174504 1174504 1177127 1178236 1179416 1180064 1180125 1183085 1183543 1183545 1183632 1183659 1184614 1184994 1184994 1185016 1185299 1185524 1186489 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344 1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717 1193480 1193481 1193521 1193711 CVE-2016-10228 CVE-2019-20838 CVE-2020-14155 CVE-2020-29361 CVE-2021-20266 CVE-2021-20271 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3421 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cpio-2.12-3.9.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - csi-external-resizer-1.3.0-3.14.2 updated - file-magic-5.32-7.14.1 updated - glibc-2.26-13.62.1 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.33.2-4.16.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 added - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-hmac-3.6.7-14.13.5 added - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 added - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libuuid1-2.33.2-4.16.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - pam-1.3.0-6.50.1 updated - patterns-base-fips-20200124-4.12.1 added - permissions-20181225-23.12.1 updated - rpm-4.14.1-22.7.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-9.5.77 updated From sle-updates at lists.suse.com Tue Jan 25 07:56:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 08:56:52 +0100 (CET) Subject: SUSE-CU-2022:56-1: Security update of ses/7/cephcsi/csi-snapshotter Message-ID: <20220125075652.6E5F5FBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:56-1 Container Tags : ses/7/cephcsi/csi-snapshotter:v4.2.0 , ses/7/cephcsi/csi-snapshotter:v4.2.0-rev1 , ses/7/cephcsi/csi-snapshotter:v4.2.0-rev1-build3.409 Container Release : 3.409 Severity : critical Type : security References : 1027496 1029961 1113013 1122417 1125886 1134353 1161276 1162581 1169614 1171962 1172973 1172974 1174504 1174504 1177127 1178236 1179416 1180064 1180125 1183085 1183543 1183545 1183632 1183659 1184614 1184994 1184994 1185016 1185299 1185524 1186489 1186503 1186602 1186910 1187153 1187224 1187270 1187273 1187425 1187466 1187512 1187654 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344 1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717 1193480 1193481 1193521 1193711 CVE-2016-10228 CVE-2019-20838 CVE-2020-14155 CVE-2020-29361 CVE-2021-20266 CVE-2021-20271 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3421 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:154-1 Released: Mon Jan 24 07:02:02 2022 Summary: Recommended update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook Type: recommended Severity: moderate References: This update for ceph-csi, csi-external-attacher, csi-external-provisioner, csi-external-resizer, csi-external-snapshotter, csi-node-driver-registrar, rook fixes the following issues: - Update to 3.4.0 Features: Beta: Below features have been lifted from its Alpha support to Beta * Snapshot creation and deletion * Volume restore from snapshot * Volume clone support * Volume/PV Metrics of File Mode Volume * Volume/PV Metrics of Block Mode Volume Alpha: * rbd-nbd volume mounter Enhancement: * Restore RBD snapshot to a different Pool * Snapshot schedule support for RBD mirrored PVC * Mirroring support for thick PVC * Multi-Tenant support for vault encryption * AmazonMetadata KMS provider support * rbd-nbd volume healer support * Locking enhancement for improving POD deletion performance * Improvements in lock handling for snap and clone operations * Better thick provisioning support * Create CephFS subvolume with VolumeNamePrefix * CephFS Subvolume path addition in PV object * Consumption of go-ceph APIs for various CephFS controller and node operations. * Resize of the RBD encrypted volume * Better error handling for GRPC * Golang profiling support for debugging * Updated Kubernetes sidecar versions to the latest release * Kubernetes dependency update to v1.21.2 * Create storageclass and secrets using helm charts CI/E2E * Expansion of RBD encrypted volumes * Update and addition of new static golang tools * Kubernetes v1.21 support * Unit tests for SecretsKMS * Test for Vault with ServiceAccount per Tenant * E2E for user secret based metadata encryption * Update rook.sh and Ceph cluster version in E2E * Added RBD test for testing sc, secret via helm * Update feature gates setting from minikube.sh * Add CephFS test for sc, secret via helm * Add e2e for static PVC without imageFeature parameter * Make use of snapshot v1 API and client sets in e2e tests * Validate thick-provisioned PVC-PVC cloning * Adding retry support for various e2e failure scenarios * Refactor KMS configuration and usage - Removed patch ceph-csi-locking.patch (got merged upstream) - Update to v3.3.0 * Feature * Add command line arguments to configure leader election options (#313, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#308, @chrishenzie) * Updates Kubernetes dependencies to v1.22.0 (#321, @chrishenzie) [SIG Storage] * Bug or Regression * Fix a bug that the controller can panic crash when it receives DeletedFinalStateUnknown deletion event. (#304, @Jiawei0227) * Other (Cleanup or Flake) * Updates container-storage-interface dependency to v1.5.0 (#312, @chrishenzie) * Reuse the same gRPC CSI client for all CSI driver calls (#318, @yeya24) - Update to v3.2.1 - Get rid of vendoring - Update version of go to 1.16 - Update to v3.0.2 - Update version to 3.0.0 * Feature * Add command line arguments to configure leader election options (#643, @RaunakShah) * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#630, @chrishenzie) * The provisioner sidecar now has an argument called controller-publish-readonly which sets the value of CSI PV spec readonly field value based on the PVC access mode. If this flag is set to true and the PVC access mode only contains the ROX access mode, the controller automatically sets PersistentVolume.spec.CSIPersistentVolumeSource.readOnly field to true. (#469, @humblec) * Updates Kubernetes dependencies to v1.22.0 (#660, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#644, @chrishenzie) * Bug or Regression * Fix a bug that not being able to use block device mode when enable a storage capacity tracking mode. (#635, @bells17) * Fix a data race in cloning protection controller (#651, @tksm) * Fix capacity information updates when topology changes. Only affected central deployment and network attached storage, not deployment on each node. This broke in v2.2.0 as part of a bug fix for capacity informer handling. (#617, @bai3shuo4) * Fix env name from POD_NAMESPACE to NAMESPACE for capacity-ownerref-level option. (#636, @bells17) * Fixed reporting of metrics when a migratable CSI driver is used. (#620, @jsafrane) * Newly provisioned CSI Migration enabled PV will have 'provisioned-by' annotation set to in-tree provisioner name instead of the CSI provisioner (#646, @wongma7) - Update version to 2.2.2 - Get rid of vendoring - Use go 1.16 for building - Update version to 2.0.4 - Update to version 1.3.0 * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#165, @chrishenzie) [SIG Storage] * Updates container-storage-interface dependency to v1.5.0 (#156, @chrishenzie) * Feature * Adds mappings for PV access modes to new CSI access modes: SINGLE_NODE_SINGLE_WRITER and SINGLE_NODE_MULTI_WRITER. (#151, @chrishenzie) * leader-election-lease-duration, leader-election-renew-deadline and leader-election-retry-period were added to command line arguments to configure leader election options (#158, @RaunakShah) - Update to version 1.2.0 - Get rid of vendoring - Push go version to 1.16 - Update to version 1.0.1 - Update to version 4.2.0 * Feature * Snapshot APIs * The namespace of the referenced VolumeSnapshot is printed when printing a VolumeSnapshotContent. (#535, @tsmetana) * Snapshot Controller * retry-interval-start and retry-interval-max arguments are added to common-controller which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for snapshot and content queues. (#530, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for the snapshot controller. (#575, @bertinatto) * Adds an operations_in_flight metric for determining the number of snapshot operations in progress. (#519, @ggriffiths) * Introduced 'SnapshotCreated' and 'SnapshotReady' events. (#540, @rexagod) * CSI Snapshotter Sidecar * retry-interval-start and retry-interval-max arguments are added to csi-snapshotter sidecar which controls retry interval of failed volume snapshot creation and deletion. These values set the ratelimiter for volumesnapshotcontent queue. (#308, @humblec) * Add command line arguments leader-election-lease-duration, leader-election-renew-deadline, and leader-election-retry-period to configure leader election options for CSI snapshotter sidecar. (#538, @RaunakShah) * Bug or Regression * Snapshot Controller * Add process_start_time_seconds metric (#569, @saikat-royc) * Adds the leader election health check for the snapshot controller at /healthz/leader-election (#573, @ggriffiths) * Remove kube-system namespace verification during startup and instead list volumes across all namespaces (#515, @mauriciopoppe) * Other (Cleanup or Flake) * Updates Kubernetes dependencies to v1.22.0 (#570, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#574, @chrishenzie) * Updates container-storage-interface dependency to v1.5.0 (#532, @chrishenzie) * Snapshot Validation Webhook * Changed the webhook image from distroless/base to distroless/static. (#550, @WanzenBug) - Update to version 4.1.1 - Get rid of vendoring - Update go-version to 1.16 - Update to version 3.0.2 - Update to version 2.3.0 * Dockerfile.Windows args changed to ADDON_IMAGE and BASE_IMAGE (#146, @mauriciopoppe) * Updates Kubernetes dependencies to v1.22.0 (#159, @chrishenzie) [SIG Storage] * Updates csi-lib-utils dependency to v0.10.0 (#160, @chrishenzie) * New running modes, the kubelet-registration-probe mode checks if node-driver-registrar kubelet plugin registration succeeded. (#152, @mauriciopoppe) * Updates container-storage-interface dependency to v1.5.0 (#151, @chrishenzie) - Update to version 2.2.0 * Updated runtime (Go 1.16) and dependencies (#136, @pohly) * Update image and tag names for Windows to have separate parameters for nanoserver and servercore (#111, @jingxu97) - Update to v1.7.7 Rook v1.7.7 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * docs: Support ephemeral volumes with Ceph CSI RBD and CephFS driver (#9055, @humblec) * core: Allow downgrade of all daemons consistently (#9098, @travisn) * core: Reconcile once instead of multiple times after the cluster CR is edited (#9091, @leseb) * nfs: Add pool setting CR option (#9040, @leseb) * ceph: Trigger 'CephMonQuorumLost' alert when mon quorum is down (#9068, @aruniiird) * rgw: Updated livenessProbe and readinessProbe (#9080, @satoru-takeuchi) * mgr: Do not set the balancer mode on pacific (#9063, @leseb) * helm: Add appVersion property to the charts (#9051, @travisn) * rgw: Read tls secret hint for insecure tls (#9020, @leseb) * ceph: Ability to set labels on the crash collector (#9044, @leseb) * core: Treat cluster as not existing if the cleanup policy is set (#9041, @travisn) * docs: Document failover and failback scenarios for applications (#8411, @Yuggupta27) * ceph: Update endpoint with IP for external RGW server (#9010, @thotz) - Combined gomod.patch and gosum.patch to vendor.patch * Patching module-files to match the SUSE build env - Update to v1.7.6 Rook v1.7.6 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * core: only merge stderr on error (#8995, @leseb)core: only merge stderr on error (#8995, @leseb) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * csi: fix comment for the provisioner and clusterID (#8990, @Madhu-1) * mon: Enable mon failover for the arbiter in stretch mode (#8984, @travisn) * monitoring: fixing the queries for alerts 'CephMgrIsAbsent' and 'CephMgrIsMissingReplicas' (#8985, @aruniiird) * osd: fix kms auto-detection when full TLS (#8867, @leseb) * csi: add affinity to csi version check job (#8965, @Rakshith-R) * pool: remove default value for pool compression (#8966, @leseb) * monitoring: handle empty ceph_version in ceph_mon_metadata to avoid raising misleading alert (#8947, @GowthamShanmugam) * nfs: remove RADOS options from CephNFS and use .nfs pool (#8501, @josephsawaya) * osd: print the c-v output when inventory command fails (#8971, @leseb) * helm: remove chart content not in common.yaml (#8884, @BlaineEXE) * rgw: replace period update --commit with function (#8911, @BlaineEXE) * rgw: fixing ClientID of log-collector for RGW instance (#8889, @parth-gr) * mon: run ceph commands to mon with timeout (#8939, @leseb) * osd: do not hide errors (#8933, @leseb) * rgw: use trace logs for RGW admin HTTP info (#8937, @BlaineEXE) - Update to v1.7.5 Rook v1.7.5 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Update csi sidecar references to the latest versions (#8820, @humblec) * No longer install the VolumeReplication CRDs from Rook (#8845, @travisn) * Initialize rbd block pool after creation (#8923, @Rakshith-R) * Close stdoutPipe for the discovery daemon (#8917, @subhamkrai) * Add documentation to recover a pod from a lost node (#8742, @subhamkrai) * Increasing the auto-resolvable alerts delay to 15m (#8896, @aruniiird) * Change CephAbsentMgr to use 'up' query (#8882, @aruniiird) * Adding 'namespace' field to the needed ceph queries (#8901, @aruniiird) * Update period if period does not exist (#8828, @BlaineEXE) * Do not fail on KMS keys deletion (#8868, @leseb) * Do not build all the multus args to remote exec cmd (#8860, @leseb) * Fix external script when passing monitoring list (#8807, @leseb) * Use insecure TLS for bucket health check (#8712, @leseb) * Add PVC privileges to the rook-ceph-purge-osd service account (#8833, @ashangit) * Fix the example of local PVC-based cluster (#8846, @satoru-takeuchi) * Add signal handling for log collector (#8806, @leseb) * Prometheus rules format changes (#8774, @aruniiird) * Add namespace to ceph node down query (#8793, @aruniiird) - Added gomod.patch and gosum.patch * Patching module-files to match the SUSE build env - Update to v1.7.4 Rook v1.7.4 is a patch release limited in scope and focusing on small feature additions and bug fixes to the Ceph operator. * Add missing error type check to exec (#8751, @BlaineEXE) * Raise minimum supported version of Ceph-CSI to v3.3.0 (#8803, @humblec) * Set the Ceph v16.2.6 release as the default version (#8743, @leseb) * Pass region to newS3agent() (#8766, @thotz) * Remove unnecessary CephFS provisioner permission (#8739, @Madhu-1) * Configurable csi provisioner replica count (#8801, @Madhu-1) * Allow setting the default storageclass for a filesystem in the helm chart (#8771, @kubealex) * Retry object health check if creation fails (#8708, @BlaineEXE) * Use the admin socket for the mgr liveness probe (#8721, @jmolmo) * Correct the CephFS mirroring documentation (#8732, @leseb) * Reconcile OSD PDBs if allowed disruption is 0 (#8698, @sp98) * Add peer spec migration to upgrade doc (#8435, @BlaineEXE) * Fix lvm osd db device check (#8267, @lyind) * Refactor documentation to simplify for the Ceph provider (#8693, @travisn) * Emphasize unit tests in the development guide (#8685, @BlaineEXE) - Update to v1.7.3 Rook Ceph v1.7.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Cassandra and NFS have moved to their own repos. All improvements in this repo starting from this release will only be for the Ceph storage provider. (#8619, @BlaineEXE) * Image list for offline installation can be found in images.txt (#8596, @subhamkrai) * Add networking.k8s.io/v1 Ingress chart compatibility (#8666, @hall) * Modify the log info when ok to continue fails (#8675, @subhamkrai) * Print the output on errors from ceph-volume (#8670, @leseb) * Add quota and capabilities configuration for CephObjectStore users (#8211, @thotz) * Fix pool deletion when uninstalling a multus cluster configuration (#8659, @leseb) * Use node externalIP if no internalIP defined (#8653, @JrCs) * Fix CephOSDCriticallyFull and CephOSDNearFull monitoring alert queries (#8668, @Muyan0828) * Fix CephMonQuorumAtRisk monitoring alert query (#8652, @anmolsachan) * Allow an even number of mons (#8636, @travisn) * Create a pod disruption budget for the Ceph mgr deployment when two mgrs are requested (#8593, @parth-gr) * Fix error message in UpdateNodeStatus (#8629, @hiroyaonoe) * Avoid multiple reconciles of ceph cluster due to the ipv4 default setting (#8638, @leseb) * Avoid duplicate ownerReferences (#8615, @YZ775) * Auto grow OSDs size on PVCs based on prometheus metrics (#8078, @parth-gr) * External cluster configuration script fixed for backward compatibility with python2 (#8623, @aruniiird) * Fix vault kv secret engine auto-detection (#8618, @leseb) * Add ClusterID and PoolID mappings between local and peer cluster (#8626, @sp98) * Set the filesystem status when mirroring is not enabled (#8609, @travisn) - Update to v1.7.2 Rook v1.7.2 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Merge toleration for osd/prepareOSD pod if specified both places (#8566, @subhamkrai) * Fix panic when recreating the csidriver object (#8582, @Madhu-1) * Build with latest golang v1.16.7 (#8540, @BlaineEXE) * Do not check ok-to-stop when OSDs are in CLBO (#8583, @leseb) * Convert util.NewSet() to sets.NewString() (#8584, @parth-gr) * Add support for update() from lib-bucket-provisioner (#8514, @thotz) * Signal handling with context (#8441, @leseb) * Make storage device config nullable (#8552, @BlaineEXE) * Allow K8s version check on prerelease versions (#8561, @subhamkrai) * Add permissions to rook-ceph-mgr role for osd removal in rook orchestator (#8568, @josephsawaya) * Use serviceAccountName as the key in ceph csi templates (#8546, @humblec) * Consolidate the calls to set mon config (#8590, @travisn) * NFS * Upgrade nfs-ganesha to 3.5 version (#8534, @kam1kaze) - Update to v1.7.1 Rook v1.7.1 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update Ceph CSI version to v3.4.0 (#8425, @Madhu-1) * Add ability to specify the CA bundle for RGW (#8492, @degorenko) * Remove unused mon timeout cli flags (#8489, @leseb) * Add an option to enable/disable merge all placement (#8381, @subhamkrai) * Refuse to failover the arbiter mon on stretch clusters (#8520, @travisn) * Improve topology example of cluster on local pvc (#8491, @satoru-takeuchi) - Update to v1.7.0 v1.7.0 is a minor release with features primarily for the Ceph operator. K8s Version Support Kubernetes supported versions: 1.11 and newer. Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph Breaking Changes Ceph Clusters with multiple filesystems will need to update their Ceph version to Pacific. The Operator configuration option ROOK_ALLOW_MULTIPLE_FILESYSTEMS has been removed in favor of simply verifying the Ceph version is at least Pacific where multiple filesystems are fully supported. Features Ceph * Official Ceph images are now being published to quay.io. To pick up the latest version of Ceph, update your CephCLuster spec field image must be updated to point to quay. See the example cluster. * Add support for creating Hybrid Storage Pools. * A hybrid storage pool creates a CRUSH rule for choosing the primary OSD for high performance devices (ssd, nvme, etc) and the remaining OSD for low performance devices (hdd). * See the design and Ceph docs for more details. * Add support CephFS mirroring peer configuration. See the configuration for more details. * Add support for Kubernetes TLS secrets for referring TLS certs needed for the Ceph RGW server. * Stretch clusters are considered stable * Ceph v16.2.5 or greater is required for stretch clusters * The use of peer secret names in CephRBDMirror is deprecated. Please use CephBlockPool CR to configure peer secret names and import peers. See the mirroring section in the CephBlockPool spec for more details. * Add user data protection when deleting Rook-Ceph Custom Resources. See the design for detailed information. * A CephCluster will not be deleted if there are any other Rook-Ceph Custom resources referencing it with the assumption that they are using the underlying Ceph cluster. * A CephObjectStore will not be deleted if there is a bucket present. In addition to protection from deletion when users have data in the store, this implicitly protects these resources from being deleted when there is a referencing ObjectBucketClaim present. Cassandra * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 NFS * CRDs converted from v1beta1 to v1 * Schema is generated from the internal types for more complete validation * Minimum K8s version for the v1 CRDs is K8s 1.16 - Update to v1.6.10 Rook v1.6.10 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Reconcile OSD PDB if allowed disruptions are 0 (#8698) * Merge tolerations for the OSDs if specified in both all and osd placement (#8630) * External cluster script compatibility with python2 (#8623) * Do not check ok-to-stop when OSDs are in CLBO (#8583) * Fix panic when recreating the csidriver object (#8582) - Update to v1.6.9 Rook v1.6.9 s a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Make storage device config nullable (#8552) * Build with latest golang v1.16.7 (#8540) * Refuse to failover the arbiter mon on stretch clusters (#8520) * Add an option to enable/disable merge all placement (#8381) * Update ancillary monitoring resources (#8406) * Updated mon health check goroutine for reconfiguring patch values (#8370) * Releases for v1.6 are now based on Github actions instead of Jenkins (#8525 #8564) - Update to v1.6.8 Rook v1.6.8 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Re-enable lvm mode for OSDs on disks. See details to know if your OSDs are affected by unexpected partitions (#8319) * Update test to watch for v1 cronjob instead of v1beta1 (#8356) * Update PodDisruptionBudget from v1beta1 to v1 (#7977) * Add support for tls certs via k8s tls secrets for rgw (#8243) * Create correct ClusterRoleBinding for helm chart in namespace other than rook-ceph (#8344) * If two mgrs, ensure services are reconciled with the cluster (#8330) * Proxy rbd commands when multus is enabled (#8339) * Proxy ceph command when multus is configured (#8272) * Ensure OSD keyring exists at OSD pod start (#8155) * Add an example of a pvc-based ceph cluster on bare metal (#7969) * Mount /dev for the OSD daemon on lv-backed pvc (#8304) * Add ceph cluster context for lib bucket provisioning reconcile (#8310) * Create PDBs for all rgw and cephfs (#8301) * Always rehydrate the access and secret keys (#8286) * Fix PDB of RGW instances (#8274) * Ability to disable pool mirroring (#8215) * Fetch rgw port from the CephObjectStore the OBC (#8244) * Enable debug logging for adminops client log level is debug (#8208) * Update blockPoolChannel before starting the mirror monitoring (#8222) * Scaling down nfs deployment was failing (#8250) - removed update-tarball.sh (_service file will be used instead) - Update to v1.6.7 Rook v1.6.7 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ignore atari partitions for OSDs when scanning disks. This is a partial fix for multiple OSDs being created unexpectedly per disk, causing OSD corruption. See details to know if your OSDs are affected (#8195) * Update CSIDriver object from betav1 to v1 (#8029) * Retry cluster reconcile immediately after cancellation (#8237) * Avoid operator resource over-usage when configuring RGW pools and memory limits are applied (#8238) * Remove k8s.io/kubernetes as a code dependency (#7913) * Silence harmless errors if the operator is still initializing (#8227) * If MDS resource limits are not set, assign mds_cache_memory_limit = resource requests * 0.8 (#8180) * Do not require rgw instances spec for external clusters (#8219) * Add tls support to external rgw endpoint (#8092) * Stop overwriting shared livenessProbe when overridden (#8206) * Update cluster-on-pvc example for proper OSD scheduling (#8199) - Update to v1.6.6 Rook v1.6.6 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Update csi sidecar images to latest release (#8125) * Update csi node-driver-registrar to latest release (#8190) * Evict a mon if colocated with another mon (#8181) * Enable logging in legacy LVM OSD daemons (#8175) * Do not leak key encryption key to the log (#8173) * Read and validate CSI params in a goroutine (#8140) * Only require rgw-admin-ops user when an RGW endpoint is provided (#8164) * Avoid unnecessary OSD restarts when multus is configured (#8142) * Use cacert if no client cert/key are present for OSD encryption with Vault (#8157) * Mons in stretch cluster should be assigned to a node when using dataDirHostPath (#8147) * Support cronjob v1 for newer versions of K8s to avoid deprecated v1beta1 (#8114) * Initialise httpclient for bucketchecker and objectstoreuse (#8139) * Activate osd container should use correct host path for config (#8137) * Set device class for already present osd deployments (#8134) * No need for --force when creating filesystem (#8130) * Expose enableCSIHostNetwork correctly in the helm chart (#8074) * Add RBAC for mgr to create service monitor (#8118) * Update operator internal controller runtime and k8s reference version (#8087) - Update to v1.6.5 Rook v1.6.5 is a patch release limited in scope and focusing on small feature additions and bug fixes. We are happy to announce the availability of a Helm chart to configure the CephCluster CR. Please try it out and share feedback! We would like to declare it stable in v1.7. * Ceph * Experimental Helm chart for CephClusters (#7778) * Disable insecure global id if no insecure clients are detected. If insecure clients are still required, see these instructions. (#7746) * Enable host networking by default in the CSI driver due to issues with client IO hangs when the driver restarts (#8102) * Add a disaster recovery guide for an accidentally deleted CephCluster CR (#8040) * Do not fail prepareOSD job if devices are not passed (#8098) * Ensure MDS and RGW are upgraded anytime the ceph image changes (#8060) * External cluster config enables v1 address type when enabling v2 (#8083) * Create object pools in parallel for faster object store reconcile (#8082) * Fix detection of delete event reconciliation (#8086) * Use RGW admin API for s3 user management (#7998) - Update to v1.6.4 Rook v1.6.4 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Support for separate tolerations and affinities for rbd and cephfs CSI drivers (#8006) * Update ceph version to 15.2.13 (#8004) * External cluster upgrades fix for CRD schema (#8042) * Build with golang 1.16 instead of 1.15 (#7945) * Retry starting CSI drivers on initial failure (#8020) * During uninstall stop monitoring rbd mirroring before cleanup (#8031) * Update the backend path for RGW transit engine (#8008) * If reducing mon count only remove one extra mon per health check (#8011) * Parse radosgw-admin json properly for internal commands (#8000) * Expand OSD PVCs only if the underlying storage class allow expansion (#8001) * Allow the operator log level to be changed dynamically (#7976) * Pin experimental volume replication to release-v0.1 branch (#7985) * Remove '--site-name' arg when creating bootstrap peer token (#7986) * Do not configure external metric endpoint if not present (#7974) * Helm chart to allow multiple filesystems (#7930) * Rehydrate the bootstrap peer token secret on monitor changes (#7935) - Update to v1.6.3 Rook v1.6.3 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Ensure correct devices are started for OSDs after node restart (#7951) * Write reconcile results to events on the CephCluster CR (#7222) * Updated dashboard ingress example for networking v1 (#7933) * Remove obsolete gateway type setting in object store CRD (#7919) * Support specifying only public network or only cluster network or both (#7546) * Generate same operator deployment for OKD as OCP (#7898) * Ensure correct hostpath lock for OSD integrity (#7886) * Improve resilience of mon failover if operator is restarted during failover (#7884) * Disallow overriding the liveness probe handler function (#7889) * Actively update the service endpoint for external mgr (#7875) * Remove obsolete CSI statefulset template path vars from K8s 1.13 (#7877) * Create crash collector pods after mon secret created (#7867) * OSD controller only updates PDBs during node drains instead of any OSD down event (#7726) * Allow heap dump generation when logCollector sidecar is not running (#7847) * Add nullable to object gateway settings (#7857) - Update to v1.6.2 Rook v1.6.2 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Set base Ceph operator image and example deployments to v16.2.2 (#7829) * Update snapshot APIs from v1beta1 to v1 (#7711) * Documentation for creating static PVs (#7782) * Allow setting primary-affinity for the OSD (#7807) * Remove unneeded debug log statements (#7526) * Preserve volume claim template annotations during upgrade (#7835) * Allow re-creating erasure coded pool with different settings (#7820) * Double mon failover timeout during a node drain (#7801) * Remove unused volumesource schema from CephCluster CRD (#7813) * Set the device class on raw mode osds (#7815) * External cluster schema fix to allow not setting mons (#7789) * Add phase to the CephFilesystem CRD (#7752) * Generate full schema for volumeClaimTemplates in the CephCluster CRD (#7631) * Automate upgrades for the MDS daemon to properly scale down and scale up (#7445) * Add Vault KMS support for object stores (#7385) * Ensure object store endpoint is initialized when creating an object user (#7633) * Support for OBC operations when RGW is configured with TLS (#7764) * Preserve the OSD topology affinity during upgrade for clusters on PVCs (#7759) * Unify timeouts for various Ceph commands (#7719) * Allow setting annotations on RGW service (#7598) * Expand PVC size of mon daemons if requested (#7715) - Update to v1.6.1 Rook v1.6.1 is a patch release limited in scope and focusing on small feature additions and bug fixes. * Ceph * Disable host networking by default in the CSI plugin with option to enable (#7356) * Fix the schema for erasure-coded pools so replication size is not required (#7662) * Improve node watcher for adding new OSDs (#7568) * Operator base image updated to v16.2.1 (#7713) * Deployment examples updated to Ceph v15.2.11 (#7733) * Update Ceph-CSI to v3.3.1 (#7724) * Allow any device class for the OSDs in a pool instead of restricting the schema (#7718) * Fix metadata OSDs for Ceph Pacific (#7703) * Allow setting the initial CRUSH weight for an OSD (#7472) * Fix object store health check in case SSL is enabled (#7331) * Upgrades now ensure latest config flags are set for MDS and RGW (#7681) * Suppress noisy RGW log entry for radosgw-admin commands (#7663) - Update to v1.6.0 * Major Themes v1.6.0 is a minor release with features primarily for the Ceph operator. * K8s Version Support Kubernetes supported versions: 1.11 and newer * Upgrade Guides If you are running a previous Rook version, please see the corresponding storage provider upgrade guide: * Ceph * Breaking Changes * Removed Storage Providers Each storage provider is unique and requires time and attention to properly develop and support. After much discussion with the community, we have decided to remove three storage providers from Rook in order to focus our efforts on storage providers that have active community support. See the project status for more information. These storage providers have been removed: * CockroachDB * EdgeFS * YugabyteDB * Ceph Support for creating OSDs via Drive Groups was removed. Please refer to the Ceph upgrade guide for migration instructions. * Features * Ceph Ceph Pacific (v16) support, including features such as: Multiple Ceph Filesystems Networking dual stack CephFilesystemMirror CRD to support mirroring of CephFS volumes with Pacific Ceph CSI Driver CSI v3.3.0 driver enabled by default Volume Replication Controller for improved RBD replication support Multus support GRPC metrics disabled by default Ceph RGW Extended the support of vault KMS configuration Scale with multiple daemons with a single deployment instead of a separate deployment for each rgw daemon OSDs: LVM is no longer used to provision OSDs as of Nautilus 14.2.14 Octopus 15.2.9, and Pacific 16.2.0, simplifying the OSDs on raw devices, except for encrypted OSDs and multiple OSDs per device. More efficient updates for multiple OSDs at the same time (in the same failure domain) to speed up upgrades for larger Ceph clusters Multiple Ceph mgr daemons are supported for stretch clusters and other clusters where HA of the mgr is critical (set count: 2 under mgr in the CephCluster CR) Pod Disruption Budgets (PDBs) are enabled by default for Mon, RGW, MDS, and OSD daemons. See the disruption management settings. Monitor failover can be disabled, for scenarios where maintenance is planned and automatic mon failover is not desired CephClient CRD has been converted to use the controller-runtime library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - cpio-2.12-3.9.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - csi-external-snapshotter-4.2.0-3.12.2 updated - file-magic-5.32-7.14.1 updated - glibc-2.26-13.62.1 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.3.1 updated - libblkid1-2.33.2-4.16.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 added - libgcrypt20-1.8.2-8.42.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-hmac-3.6.7-14.13.5 added - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.58.1 updated - libldap-data-2.4.46-9.58.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libopenssl1_1-hmac-1.1.1d-11.38.1 added - libopenssl1_1-1.1.1d-11.38.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprotobuf-lite20-3.9.2-4.9.1 added - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.102.1 updated - libudev1-234-24.102.1 updated - libuuid1-2.33.2-4.16.1 updated - libz1-1.2.11-3.24.1 updated - libzypp-17.28.8-20.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - pam-1.3.0-6.50.1 updated - patterns-base-fips-20200124-4.12.1 added - permissions-20181225-23.12.1 updated - rpm-4.14.1-22.7.1 updated - terminfo-base-6.1-5.9.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.50-21.1 updated - container:sles15-image-15.0.0-9.5.77 updated From sle-updates at lists.suse.com Tue Jan 25 08:02:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 25 Jan 2022 09:02:05 +0100 (CET) Subject: SUSE-CU-2022:57-1: Security update of ses/7/rook/ceph Message-ID: <20220125080205.A6213FBAD@maintenance.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:57-1 Container Tags : ses/7/rook/ceph:1.7.7 , ses/7/rook/ceph:1.7.7.0 , ses/7/rook/ceph:1.7.7.0.1.1903 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.1903 Severity : critical Type : security References : 1027496 1029961 1065729 1085917 1113013 1122417 1125886 1134353 1148868 1152489 1154353 1159886 1161276 1162581 1164548 1167773 1169614 1170774 1171962 1172505 1172973 1172974 1173746 1174504 1174504 1176473 1176940 1177100 1177460 1178236 1179416 1179898 1179899 1179900 1179901 1179902 1179903 1180064 1180125 1180125 1180451 1180454 1180461 1181291 1181299 1181306 1181309 1181371 1181452 1181535 1181536 1182252 1183028 1183085 1183374 1183511 1183543 1183545 1183561 1183632 1183659 1183818 1183858 1183905 1183909 1184439 1184517 1184519 1184614 1184620 1184794 1184804 1184994 1185016 1185246 1185299 1185302 1185524 1185588 1185677 1185726 1185748 1185762 1185768 1186348 1186489 1186503 1186602 1186910 1187153 1187167 1187196 1187224 1187270 1187273 1187338 1187425 1187466 1187512 1187654 1187668 1187670 1187738 1187760 1187911 1187993 1188018 1188063 1188067 1188156 1188291 1188344 1188435 1188548 1188623 1188651 1188651 1188713 1188921 1188941 1188979 1188986 1189031 1189173 1189206 1189241 1189287 1189297 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189552 1189554 1189803 1189841 1189841 1189884 1189929 1189983 1189984 1189996 1190023 1190052 1190059 1190062 1190115 1190159 1190199 1190234 1190325 1190356 1190358 1190373 1190374 1190406 1190432 1190440 1190465 1190467 1190523 1190534 1190543 1190576 1190595 1190596 1190598 1190598 1190620 1190626 1190645 1190679 1190705 1190712 1190717 1190739 1190746 1190758 1190772 1190784 1190785 1190793 1190815 1190858 1190915 1190933 1190984 1191019 1191172 1191193 1191200 1191240 1191252 1191260 1191286 1191292 1191324 1191370 1191473 1191480 1191500 1191563 1191566 1191609 1191630 1191675 1191690 1191690 1191736 1191804 1191922 1191987 1192161 1192248 1192267 1192337 1192367 1192436 1192489 1192688 1192717 1192840 1193181 1193480 1193481 1193521 1193711 CVE-2016-10228 CVE-2019-20838 CVE-2020-12049 CVE-2020-14155 CVE-2020-16590 CVE-2020-16591 CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-29361 CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2020-3702 CVE-2021-20197 CVE-2021-20266 CVE-2021-20271 CVE-2021-20284 CVE-2021-20294 CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-3421 CVE-2021-3426 CVE-2021-3487 CVE-2021-35942 CVE-2021-3669 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-3733 CVE-2021-3737 CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 CVE-2021-42771 CVE-2021-43618 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1172505,CVE-2020-12049 This update for dbus-1 fixes the following issues: - CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2816-1 Released: Mon Aug 23 14:16:58 2021 Summary: Optional update for python-kubernetes Type: optional Severity: low References: This patch provides the python3-kubernetes package to the following modules: - Container Module for SUSE Linux Enterprise 15 SP2 - Container Module for SUSE Linux Enterprise 15 SP3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2863-1 Released: Mon Aug 30 08:18:50 2021 Summary: Recommended update for python-dbus-python Type: recommended Severity: moderate References: 1183818 This update for python-dbus-python fixes the following issues: - Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818) - update to 1.2.16: * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present. - Support builds with more than one python3 flavor - Clean duplicate python flavor variables for configure - Version update to version 1.2.14: * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions. * Disable -Winline. * Add clearer license information using SPDX-License-Identifier. * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx. * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag * Silence '-Wcast-function-type' with gcc 8. * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall. * Consistently save and restore the exception indicator when called from C code. - Add missing dependency for pkg-config files - Version update to version 1.2.8: * Python 2.7 required or 3.4 respectively * Upstream dropped epydoc completely - Add dbus-1-python3 package - Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to - When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon - New package: dbus-1-python-devel ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2895-1 Released: Tue Aug 31 19:40:50 2021 Summary: Recommended update for unixODBC Type: recommended Severity: moderate References: This update for unixODBC fixes the following issues: - ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004) - Fix incorrect permission for documentation files. - Update requires and baselibs for new libodbc2. - Employ shared library packaging guideline: new subpacakge libodbc2. - Update to 2.3.9: * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h - Update to 2.3.8: * Add configure support for editline * SQLDriversW was ignoring user config * SQLDataSources Fix termination character * Fix for pooling seg fault * Make calling SQLSetStmtAttrW call the W function in the driver is its there * Try and fix race condition clearing system odbc.ini file * Remove trailing space from isql/iusql SQL * When setting connection attributes set before connect also check if the W entry poins can be used * Try calling the W error functions first if available in the driver * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle * iconv handles was being lost when reusing pooled connection * Catch null copy in iniPropertyInsert * Fix a few leaks - Update to 2.3.7: * Fix for pkg-config file update on no linux platforms * Add W entry for GUI work * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString * SQLBrowseConnect/W allow disconnecting a started browse session after error * Add --with-stats-ftok-name configure option to allow the selection of a file name used to generate the IPC id when collecting stats. Default is the system odbc.ini file * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys * Connection pooling: Fix liveness check for Unicode drivers ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3021-1 Released: Mon Sep 13 10:32:31 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate References: 1181291,1183561,1184517,1185246,1186348,1188979,1189173 This update for ceph fixes the following issues: - cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517) - rgw: check object locks in multi-object delete (bsc#1185246) - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979) - mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173) - qa/tasks/salt_manager: allow gatherlogs for files in subdir - qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out - mgr/zabbix: adapt zabbix_sender default path (bsc#1186348) - Revert 'cephadm: default container_init to False' (bsc#1188979) - mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291) - mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561) - Update _constraints: only honor physical memory, not 'any memory' (e.g. swap). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3034-1 Released: Tue Sep 14 13:49:23 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate References: 1185748 This update for python-pytz fixes the following issues: - Add %pyunittest shim for platforms where it is missing. - Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748) - update to 2021.1: * update to IANA 2021a timezone release - update to 2020.5: * update to IANA 2020e timezone release - update to 2020.4: * update to IANA 2020d timezone release - update to version 2020.1: * Test against Python 3.8 and Python 3.9 * Bump version numbers to 2020.1/2020a * use .rst extension name * Make FixedOffset part of public API - Update to 2019.3 * IANA 2019c - Add versioned dependency on timezone database to ensure the correct data is installed - Add a symlink to the system timezone database - update to 2019.2 * IANA 2019b * Defer generating case-insensitive lookups ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552 This update for xfsprogs fixes the following issues: - Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299) - xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency. - mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536) - mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535) - xfs_growfs: Refactor geometry reporting. (bsc#1181306) - xfs_growfs: Allow mounted device node as argument. (bsc#1181299) - xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309) - xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651) - xfs_bmap: Remove '-c' from manpage. (bsc#1189552) - xfs_bmap: Do not reject '-e'. (bsc#1189552) - Implement 'libhandle1' through ECO. (jsc#SLE-20360) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important References: 1190858 This update for ca-certificates-mozilla fixes the following issues: - remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires September 30th 2021 and openssl certificate chain handling does not handle this correctly in openssl 1.0.2 and older. (bsc#1190858) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3318-1 Released: Wed Oct 6 19:31:19 2021 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1176473,1181371 This update for sudo fixes the following issues: - Update to sudo 1.8.27 (jsc#SLE-17083). - Fixed special handling of ipa_hostname (bsc#1181371). - Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate References: This update for ca-certificates-mozilla fixes the following issues: - A new sub-package for minimal base containers (jsc#SLE-22162) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1191019 This update for lvm2 fixes the following issues: - Do not crash vgextend when extending VG with missing PV. (bsc#1191019) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3412-1 Released: Wed Oct 13 10:50:33 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1189841,1190598 This update for suse-module-tools fixes the following issues: - Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3447-1 Released: Fri Oct 15 09:05:12 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490 The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193) - CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023) - CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159) - CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884) - CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534) - CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986) The following non-security bugs were fixed: - ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes). - apparmor: remove duplicate macro list_entry_is_head() (git-fixes). - ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes). - ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes). - ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes). - ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes). - ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes). - ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes). - ath9k: fix sleeping in atomic context (git-fixes). - blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762). - blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762). - blk-mq: mark if one queue map uses managed irq (bsc#1185762). - Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes). - bnx2x: fix an error code in bnx2x_nic_load() (git-fixes). - bnxt_en: Add missing DMA memory barriers (git-fixes). - bnxt_en: Disable aRFS if running on 212 firmware (git-fixes). - bnxt_en: Do not enable legacy TX push on older firmware (git-fixes). - bnxt_en: Store the running firmware version code (git-fixes). - bnxt: count Tx drops (git-fixes). - bnxt: disable napi before canceling DIM (git-fixes). - bnxt: do not lock the tx queue from napi poll (git-fixes). - bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes). - btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626). - clk: at91: clk-generated: Limit the requested rate to our range (git-fixes). - clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes). - console: consume APC, DM, DCS (git-fixes). - cuse: fix broken release (bsc#1190596). - cxgb4: dont touch blocked freelist bitmap after free (git-fixes). - debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746). - devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353). - dmaengine: ioat: depends on !UML (git-fixes). - dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes). - dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes). - docs: Fix infiniband uverbs minor number (git-fixes). - drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes). - drm: avoid blocking in drm_clients_info's rcu section (git-fixes). - drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes). - drm/amd/display: Fix timer_per_pixel unit error (git-fixes). - drm/amdgpu: Fix BUG_ON assert (git-fixes). - drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes). - drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes). - drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes). - e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100). - e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes). - EDAC/i10nm: Fix NVDIMM detection (bsc#1152489). - EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489). - erofs: fix up erofs_lookup tracepoint (git-fixes). - fbmem: do not allow too huge resolutions (git-fixes). - fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes). - fpga: machxo2-spi: Return an error on failure (git-fixes). - fuse: flush extending writes (bsc#1190595). - fuse: truncate pagecache on atomic_o_trunc (bsc#1190705). - genirq: add device_has_managed_msi_irq (bsc#1185762). - gpio: uniphier: Fix void functions to remove return value (git-fixes). - gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes). - gve: fix the wrong AdminQ buffer overflow check (bsc#1176940). - hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726). - hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726). - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes). - hwmon: (tmp421) fix rounding for negative values (git-fixes). - hwmon: (tmp421) report /PVLD condition as fault (git-fixes). - i40e: Add additional info to PHY type error (git-fixes). - i40e: Fix firmware LLDP agent related warning (git-fixes). - i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes). - i40e: Fix logic of disabling queues (git-fixes). - i40e: Fix queue-to-TC mapping on Tx (git-fixes). - iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940). - iavf: Set RSS LUT and key in reset handle path (git-fixes). - ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510). - ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943). - ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943). - ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943). - ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943). - ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943). - ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943). - ice: Prevent probing virtual functions (git-fixes). - iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes). - include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes). - iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784). - ionic: cleanly release devlink instance (bsc#1167773). - ionic: count csum_none when offload enabled (bsc#1167773). - ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115). - ipc/util.c: use binary search for max_idx (bsc#1159886). - ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467). - ipvs: avoid expiring many connections from timer (bsc#1190467). - ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467). - ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467). - iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes). - kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable. - kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs. - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead. - libata: fix ata_host_start() (git-fixes). - mac80211-hwsim: fix late beacon hrtimer handling (git-fixes). - mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes). - mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes). - mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes). - mac80211: mesh: fix potentially unaligned access (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes). - media: dib8000: rewrite the init prbs logic (git-fixes). - media: imx258: Limit the max analogue gain to 480 (git-fixes). - media: imx258: Rectify mismatch of VTS value (git-fixes). - media: rc-loopback: return number of emitters rather than error (git-fixes). - media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes). - media: uvc: do not do DMA on stack (git-fixes). - media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes). - mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes). - mlx4: Fix missing error code in mlx4_load_one() (git-fixes). - mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes). - mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785). - mmc: core: Return correct emmc response in case of ioctl error (git-fixes). - mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes). - mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes). - net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726). - net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726). - net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726). - net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726). - net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726). - net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726). - net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726). - net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726). - net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726). - net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726). - net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes). - net: sched: sch_teql: fix null-pointer dereference (bsc#1190717). - net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes). - net/mlx5: Fix flow table chaining (git-fixes). - net/mlx5: Fix return value from tracer initialization (git-fixes). - net/mlx5: Unload device upon firmware fatal error (git-fixes). - net/mlx5e: Avoid creating tunnel headers for local route (git-fixes). - net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes). - net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes). - netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062). - nfp: update ethtool reporting of pauseframe control (git-fixes). - NFS: change nfs_access_get_cached to only report the mask (bsc#1190746). - NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746). - NFS: pass cred explicitly for access tests (bsc#1190746). - nvme: avoid race in shutdown namespace removal (bsc#1188067). - nvme: fix refcounting imbalance when all paths are down (bsc#1188067). - parport: remove non-zero check on count (git-fixes). - PCI: aardvark: Fix checking for PIO status (git-fixes). - PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes). - PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes). - PCI: Add ACS quirks for Cavium multi-function devices (git-fixes). - PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes). - PCI: Add AMD GPU multi-function power dependencies (git-fixes). - PCI: ibmphp: Fix double unmap of io_mem (git-fixes). - PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes). - PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes). - PCI: pci-bridge-emul: Fix big-endian support (git-fixes). - PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes). - PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes). - PM: base: power: do not try to use non-existing RTC for storing data (git-fixes). - PM: EM: Increase energy calculation precision (git-fixes). - power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes). - power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289). - powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868). - powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523). - powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729). - powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729). - powerpc/perf: Fix the check for SIAR value (bsc#1065729). - powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729). - powerpc/perf: Use stack siar instead of mfspr (bsc#1065729). - powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729). - powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729). - powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729). - powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498). - powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729). - pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523). - pwm: img: Do not modify HW state in .remove() callback (git-fixes). - pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes). - pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes). - qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes). - RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774). - Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes). - regmap: fix page selection for noinc reads (git-fixes). - regmap: fix page selection for noinc writes (git-fixes). - regmap: fix the offset of register error log (git-fixes). - Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746). - rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages. - rpm/kernel-binary.spec: Use only non-empty certificates. - rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804). - rtc: rx8010: select REGMAP_I2C (git-fixes). - rtc: tps65910: Correct driver module alias (git-fixes). - s390/unwind: use current_frame_address() to unwind current task (bsc#1185677). - sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292). - scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576). - scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576). - scsi: fc: Add EDC ELS definition (bsc#1190576). - scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576). - scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576). - scsi: lpfc: Add cm statistics buffer support (bsc#1190576). - scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576). - scsi: lpfc: Add cmfsync WQE support (bsc#1190576). - scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576). - scsi: lpfc: Add EDC ELS support (bsc#1190576). - scsi: lpfc: Add MIB feature enablement support (bsc#1190576). - scsi: lpfc: Add rx monitoring statistics (bsc#1190576). - scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576). - scsi: lpfc: Add support for cm enablement buffer (bsc#1190576). - scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576). - scsi: lpfc: Add support for the CM framework (bsc#1190576). - scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576). - scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576). - scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576). - scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576). - scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576). - scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576). - scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576). - scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576). - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576). - scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576). - scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576). - scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576). - scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576). - scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576). - scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576). - scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576). - scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576). - scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576). - scsi: lpfc: Remove unneeded variable (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576). - scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576). - scsi: lpfc: Use correct scnprintf() limit (bsc#1190576). - scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576). - scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576). - scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576). - scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297). - serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes). - serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes). - serial: mvebu-uart: fix driver's tx_empty callback (git-fixes). - serial: sh-sci: fix break handling for sysrq (git-fixes). - spi: Fix tegra20 build with CONFIG_PM=n (git-fixes). - staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes). - staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes). - staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes). - thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes). - time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes). - tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes). - tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes). - tty: synclink_gt, drop unneeded forward declarations (git-fixes). - usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes). - usb: core: hcd: Add support for deferring roothub registration (git-fixes). - usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes). - usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes). - usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes). - usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes). - usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes). - usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes). - usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes). - usb: host: fotg210: fix the actual_length of an iso packet (git-fixes). - usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes). - usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes). - usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes). - usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes). - usb: serial: option: add device id for Foxconn T99W265 (git-fixes). - usb: serial: option: add Telit LN920 compositions (git-fixes). - usb: serial: option: remove duplicate USB device ID (git-fixes). - usbip: give back URBs for unsent unlink requests during cleanup (git-fixes). - usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes). - video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes). - video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes). - video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes). - vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406). - vmxnet3: add support for ESP IPv6 RSS (bsc#1190406). - vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406). - vmxnet3: prepare for version 6 changes (bsc#1190406). - vmxnet3: remove power of 2 limitation on the queues (bsc#1190406). - vmxnet3: set correct hash type based on rss information (bsc#1190406). - vmxnet3: update to version 6 (bsc#1190406). - watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes). - x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302). - x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439). - x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289). - x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489). - x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489). - x86/resctrl: Fix default monitoring groups reporting (bsc#1152489). - xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651). - xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679). - xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes). - xhci: Set HCD flag to defer primary roothub registration (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3515-1 Released: Tue Oct 26 13:48:04 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important References: 1191200,1191260,1191480,1191804,1191922 This update for suse-module-tools fixes the following issues: Update to version 15.2.15: - Fix bad exit status in openQA. (bsc#1191922) - Deal with existing certificates that should be de-enrolled. (bsc#1191804) - Ignore kernel keyring for kernel certificates. (bsc#1191480) - Print 'mokutil' output in verbose mode. - Skip certificate scriptlet on non-UEFI systems. (bsc#1191260) - Don't pass existing files to weak-modules2. (bsc#1191200) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3567-1 Released: Wed Oct 27 22:14:01 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate References: 1191690 This update for apparmor fixes the following issues: - Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3616-1 Released: Thu Nov 4 12:29:16 2021 Summary: Security update for binutils Type: security Severity: moderate References: 1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487 This update for binutils fixes the following issues: Update to binutils 2.37: * The GNU Binutils sources now requires a C99 compiler and library to build. * Support for Realm Management Extension (RME) for AArch64 has been added. * A new linker option '-z report-relative-reloc' for x86 ELF targets has been added to report dynamic relative relocations. * A new linker option '-z start-stop-gc' has been added to disable special treatment of __start_*/__stop_* references when --gc-sections. * A new linker options '-Bno-symbolic' has been added which will cancel the '-Bsymbolic' and '-Bsymbolic-functions' options. * The readelf tool has a new command line option which can be used to specify how the numeric values of symbols are reported. --sym-base=0|8|10|16 tells readelf to display the values in base 8, base 10 or base 16. A sym base of 0 represents the default action of displaying values under 10000 in base 10 and values above that in base 16. * A new format has been added to the nm program. Specifying '--format=just-symbols' (or just using -j) will tell the program to only display symbol names and nothing else. * A new command line option '--keep-section-symbols' has been added to objcopy and strip. This stops the removal of unused section symbols when the file is copied. Removing these symbols saves space, but sometimes they are needed by other tools. * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options supported by objcopy now make undefined symbols weak on targets that support weak symbols. * Readelf and objdump can now display and use the contents of .debug_sup sections. * Readelf and objdump will now follow links to separate debug info files by default. This behaviour can be stopped via the use of the new '-wN' or '--debug-dump=no-follow-links' options for readelf and the '-WN' or '--dwarf=no-follow-links' options for objdump. Also the old behaviour can be restored by the use of the '--enable-follow-debug-links=no' configure time option. The semantics of the =follow-links option have also been slightly changed. When enabled, the option allows for the loading of symbol tables and string tables from the separate files which can be used to enhance the information displayed when dumping other sections, but it does not automatically imply that information from the separate files should be displayed. If other debug section display options are also enabled (eg '--debug-dump=info') then the contents of matching sections in both the main file and the separate debuginfo file *will* be displayed. This is because in most cases the debug section will only be present in one of the files. If however non-debug section display options are enabled (eg '--sections') then the contents of matching parts of the separate debuginfo file will *not* be displayed. This is because in most cases the user probably only wanted to load the symbol information from the separate debuginfo file. In order to change this behaviour a new command line option --process-links can be used. This will allow di0pslay options to applied to both the main file and any separate debuginfo files. * Nm has a new command line option: '--quiet'. This suppresses 'no symbols' diagnostic. Update to binutils 2.36: New features in the Assembler: - General: * When setting the link order attribute of ELF sections, it is now possible to use a numeric section index instead of symbol name. * Added a .nop directive to generate a single no-op instruction in a target neutral manner. This instruction does have an effect on DWARF line number generation, if that is active. * Removed --reduce-memory-overheads and --hash-size as gas now uses hash tables that can be expand and shrink automatically. - X86/x86_64: * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker instructions. * Support non-absolute segment values for lcall and ljmp. * Add {disp16} pseudo prefix to x86 assembler. * Configure with --enable-x86-used-note by default for Linux/x86. - ARM/AArch64: * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82, Neoverse V1, and Neoverse N2 cores. * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder Extension) and BRBE (Branch Record Buffer Extension) system registers. * Add support for Armv8-R and Armv8.7-A ISA extensions. * Add support for DSB memory nXS barrier, WFET and WFIT instruction for Armv8.7. * Add support for +csre feature for -march. Add CSR PDEC instruction for CSRE feature in AArch64. * Add support for +flagm feature for -march in Armv8.4 AArch64. * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add atomic 64-byte load/store instructions for this feature. * Add support for +pauth (Pointer Authentication) feature for -march in AArch64. New features in the Linker: * Add --error-handling-script= command line option to allow a helper script to be invoked when an undefined symbol or a missing library is encountered. This option can be suppressed via the configure time switch: --enable-error-handling-script=no. * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark x86-64-{baseline|v[234]} ISA level as needed. * Add -z unique-symbol to avoid duplicated local symbol names. * The creation of PE format DLLs now defaults to using a more secure set of DLL characteristics. * The linker now deduplicates the types in .ctf sections. The new command-line option --ctf-share-types describes how to do this: its default value, share-unconflicted, produces the most compact output. * The linker now omits the 'variable section' from .ctf sections by default, saving space. This is almost certainly what you want unless you are working on a project that has its own analogue of symbol tables that are not reflected in the ELF symtabs. New features in other binary tools: * The ar tool's previously unused l modifier is now used for specifying dependencies of a static library. The arguments of this option (or --record-libdeps long form option) will be stored verbatim in the __.LIBDEP member of the archive, which the linker may read at link time. * Readelf can now display the contents of LTO symbol table sections when asked to do so via the --lto-syms command line option. * Readelf now accepts the -C command line option to enable the demangling of symbol names. In addition the --demangle=