openSUSE Security Announce
Threads by month
- ----- 2024 -----
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
October 2020
- 1 participants
- 82 discussions
[security-announce] openSUSE-SU-2020:1655-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 11 Oct '20
by opensuse-security@opensuse.org 11 Oct '20
11 Oct '20
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1655-1
Rating: important
References: #1055186 #1065600 #1065729 #1094244 #1112178
#1113956 #1154366 #1167527 #1168468 #1169972
#1171675 #1171688 #1171742 #1173115 #1174899
#1175228 #1175749 #1175882 #1176011 #1176022
#1176038 #1176069 #1176235 #1176242 #1176278
#1176316 #1176317 #1176318 #1176319 #1176320
#1176321 #1176381 #1176423 #1176482 #1176507
#1176536 #1176544 #1176545 #1176546 #1176548
#1176659 #1176698 #1176699 #1176700 #1176721
#1176722 #1176725 #1176732 #1176788 #1176789
#1176869 #1176877 #1176935 #1176950 #1176962
#1176966 #1176990 #1177030 #1177041 #1177042
#1177043 #1177044 #1177121 #1177206 #1177258
#1177291 #1177293 #1177294 #1177295 #1177296
#962356
Cross-References: CVE-2020-0404 CVE-2020-0427 CVE-2020-0431
CVE-2020-0432 CVE-2020-14381 CVE-2020-14386
CVE-2020-14390 CVE-2020-25212 CVE-2020-25284
CVE-2020-25641 CVE-2020-25643 CVE-2020-26088
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 59 fixes
is now available.
Description:
The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2020-25212: Fixed nfs getxattr kernel panic and memory overflow that
could lead to crashes or privilege escalations (bsc#1176381).
- CVE-2020-14381: Fixed inode life-time issue in futex handling
(bsc#1176011).
- CVE-2020-25643: Memory corruption and a read overflow is caused by
improper input validation in the ppp_cp_parse_cr function which can
cause the system to crash or cause a denial of service. The highest
threat from this vulnerability is to data confidentiality and integrity
as well as system availability (bnc#1177206).
- CVE-2020-25641: A zero-length biovec request issued by the block
subsystem could cause the kernel to enter an infinite loop, causing a
denial of service. This flaw allowed a local attacker with basic
privileges to issue requests to a block device, resulting in a denial of
service. The highest threat from this vulnerability is to system
availability (bnc#1177121).
- CVE-2020-26088: A missing CAP_NET_RAW check in NFC socket creation in
net/nfc/rawsock.c could be used by local attackers to create raw
sockets, bypassing security mechanisms, aka CID-26896f01467a
(bnc#1176990).
- CVE-2020-14390: When changing screen size, an out-of-bounds memory write
can occur leading to memory corruption or a denial of service. Due to
the nature of the flaw, privilege escalation cannot be fully ruled out
(bnc#1176235 bnc#1176278).
- CVE-2020-0432: In skb_to_mamac of networking.c, there is a possible out
of bounds write due to an integer overflow. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation (bnc#1176721).
- CVE-2020-0427: In create_pinctrl of core.c, there is a possible out of
bounds read due to a use after free. This could lead to local
information disclosure with no additional execution privileges needed.
User interaction is not needed for exploitation (bnc#1176725).
- CVE-2020-0431: In kbd_keycode of keyboard.c, there is a possible out of
bounds write due to a missing bounds check. This could lead to local
escalation of privilege with no additional execution privileges needed.
User interaction is not needed for exploitation (bnc#1176722).
- CVE-2020-0404: In uvc_scan_chain_forward of uvc_driver.c, there is a
possible linked list corruption due to an unusual root cause. This could
lead to local escalation of privilege in the kernel with no additional
execution privileges needed. User interaction is not needed for
exploitation (bnc#1176423).
- CVE-2020-25284: The rbd block device driver in drivers/block/rbd.c used
incomplete permission checking for access to rbd devices, which could be
leveraged by local attackers to map or unmap rbd block devices, aka
CID-f44d04e696fe (bnc#1176482).
- CVE-2020-14386: Memory corruption in af_apcket can be exploited to gain
root privileges from unprivileged processes. The highest threat from
this vulnerability is to data confidentiality and integrity
(bnc#1176069).
The following non-security bugs were fixed:
- 9p: Fix memory leak in v9fs_mount (git-fixes).
- ACPI: EC: Reference count query handlers under lock (git-fixes).
- Add de2b41be8fcc x86, vmlinux.lds: Page-align end of ..page_aligned
sections
- Add f29dfa53cc8a x86/bugs/multihit: Fix mitigation reporting when VMX is
not in use
- airo: Add missing CAP_NET_ADMIN check in AIROOLDIOCTL/SIOCDEVPRIVATE
(git-fixes).
- airo: Fix possible info leak in AIROOLDIOCTL/SIOCDEVPRIVATE (git-fixes).
- airo: Fix read overflows sending packets (git-fixes).
- ALSA: asihpi: fix iounmap in error handler (git-fixes).
- ALSA: firewire-digi00x: exclude Avid Adrenaline from detection
(git-fixes).
- ALSA; firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
- ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
- ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
(git-fixes).
- ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
(git-fixes).
- ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
(git-fixes).
- altera-stapl: altera_get_note: prevent write beyond end of 'key'
(git-fixes).
- amd-xgbe: Add a check for an skb in the timestamp path (git-fixes).
- amd-xgbe: Add additional dynamic debug messages (git-fixes).
- amd-xgbe: Add additional ethtool statistics (git-fixes).
- amd-xgbe: Add ethtool show/set channels support (git-fixes).
- amd-xgbe: Add ethtool show/set ring parameter support (git-fixes).
- amd-xgbe: Add ethtool support to retrieve SFP module info (git-fixes).
- amd-xgbe: Add hardware features debug output (git-fixes).
- amd-xgbe: Add NUMA affinity support for IRQ hints (git-fixes).
- amd-xgbe: Add NUMA affinity support for memory allocations (git-fixes).
- amd-xgbe: Add per queue Tx and Rx statistics (git-fixes).
- amd-xgbe: Advertise FEC support with the KR re-driver (git-fixes).
- amd-xgbe: Always attempt link training in KR mode (git-fixes).
- amd-xgbe: Be sure driver shuts down cleanly on module removal
(git-fixes).
- amd-xgbe: Convert to generic power management (git-fixes).
- amd-xgbe: Fix debug output of max channel counts (git-fixes).
- amd-xgbe: Fix error path in xgbe_mod_init() (git-fixes).
- amd-xgbe: Fixes for working with PHYs that support 2.5GbE (git-fixes).
- amd-xgbe: Fix SFP PHY supported/advertised settings (git-fixes).
- amd-xgbe: fix spelling mistake: "avialable" -> "available" (git-fixes).
- amd-xgbe: Handle return code from software reset function (git-fixes).
- amd-xgbe: Improve SFP 100Mbps auto-negotiation (git-fixes).
- amd-xgbe: Interrupt summary bits are h/w version dependent (git-fixes).
- amd-xgbe: Limit the I2C error messages that are output (git-fixes).
- amd-xgbe: Mark expected switch fall-throughs (git-fixes).
- amd-xgbe: Optimize DMA channel interrupt enablement (git-fixes).
- amd-xgbe: Prepare for ethtool set-channel support (git-fixes).
- amd-xgbe: Prevent looping forever if timestamp update fails (git-fixes).
- amd-xgbe: Read and save the port property registers during probe
(git-fixes).
- amd-xgbe: Remove field that indicates SFP diagnostic support (git-fixes).
- amd-xgbe: remove unnecessary conversion to bool (git-fixes).
- amd-xgbe: Remove use of comm_owned field (git-fixes).
- amd-xgbe: Set the MDIO mode for 10000Base-T configuration (git-fixes).
- amd-xgbe: Simplify the burst length settings (git-fixes).
- amd-xgbe: Update the BelFuse quirk to support SGMII (git-fixes).
- amd-xgbe: Update TSO packet statistics accuracy (git-fixes).
- amd-xgbe: use devm_platform_ioremap_resource() to simplify code
(git-fixes).
- amd-xgbe: use dma_mapping_error to check map errors (git-fixes).
- amd-xgbe: Use __napi_schedule() in BH context (git-fixes).
- amd-xgbe: Use the proper register during PTP initialization (git-fixes).
- ar5523: Add USB ID of SMCWUSBT-G2 wireless adapter (git-fixes).
- arm64: KVM: Do not generate UNDEF when LORegion feature is present
(jsc#SLE-4084).
- arm64: KVM: regmap: Fix unexpected switch fall-through (jsc#SLE-4084).
- asm-generic: fix -Wtype-limits compiler warnings (bsc#1112178).
- ASoC: kirkwood: fix IRQ error handling (git-fixes).
- ASoC: tegra: Fix reference count leaks (git-fixes).
- ath10k: fix array out-of-bounds access (git-fixes).
- ath10k: fix memory leak for tpc_stats_final (git-fixes).
- ath10k: use kzalloc to read for ath10k_sdio_hif_diag_read (git-fixes).
- batman-adv: Add missing include for in_interrupt() (git-fixes).
- batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
- batman-adv: bla: fix type misuse for backbone_gw hash indexing
(git-fixes).
- batman-adv: bla: use netif_rx_ni when not in interrupt context
(git-fixes).
- batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
(git-fixes).
- batman-adv: mcast/TT: fix wrongly dropped or rerouted packets
(git-fixes).
- bcache: Convert pr_<level> uses to a more typical style (git fixes
(block drivers)).
- bcache: fix overflow in offset_to_stripe() (git fixes (block drivers)).
- bcm63xx_enet: correct clock usage (git-fixes).
- bcm63xx_enet: do not write to random DMA channel on BCM6345 (git-fixes).
- bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes
(bitfield)).
- blktrace: fix debugfs use after free (git fixes (block drivers)).
- block: add docs for gendisk / request_queue refcount helpers (git fixes
(block drivers)).
- block: revert back to synchronous request_queue removal (git fixes
(block drivers)).
- block: Use non _rcu version of list functions for tag_set_list
(git-fixes).
- Bluetooth: Fix refcount use-after-free issue (git-fixes).
- Bluetooth: guard against controllers sending zero'd events (git-fixes).
- Bluetooth: Handle Inquiry Cancel error after Inquiry Complete
(git-fixes).
- Bluetooth: L2CAP: handle l2cap config request during open state
(git-fixes).
- Bluetooth: prefetch channel before killing sock (git-fixes).
- bnxt_en: Fix completion ring sizing with TPA enabled
(networking-stable-20_07_29).
- bonding: use nla_get_u64 to extract the value for
IFLA_BOND_AD_ACTOR_SYSTEM (git-fixes).
- btrfs: require only sector size alignment for parent eb bytenr
(bsc#1176789).
- btrfs: tree-checker: fix the error message for transid error
(bsc#1176788).
- ceph: do not allow setlease on cephfs (bsc#1177041).
- ceph: fix potential mdsc use-after-free crash (bsc#1177042).
- ceph: fix use-after-free for fsc->mdsc (bsc#1177043).
- ceph: handle zero-length feature mask in session messages (bsc#1177044).
- cfg80211: regulatory: reject invalid hints (bsc#1176699).
- cifs: Fix leak when handling lease break for cached root fid
(bsc#1176242).
- cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
- cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
- clk: Add (devm_)clk_get_optional() functions (git-fixes).
- clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
- clk: samsung: exynos4: mark 'chipid' clock as CLK_IGNORE_UNUSED
(git-fixes).
- clk/ti/adpll: allocate room for terminating null (git-fixes).
- clocksource/drivers/h8300_timer8: Fix wrong return value in
h8300_8timer_init() (git-fixes).
- cpufreq: intel_pstate: Fix EPP setting via sysfs in active mode
(bsc#1176966).
- dmaengine: at_hdmac: check return value of of_find_device_by_node() in
at_dma_xlate() (git-fixes).
- dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
(git-fixes).
- dmaengine: pl330: Fix burst length if burst size is smaller than bus
width (git-fixes).
- dmaengine: tegra-apb: Prevent race conditions on channel's freeing
(git-fixes).
- dmaengine: zynqmp_dma: fix burst length configuration (git-fixes).
- dm crypt: avoid truncating the logical block size (git fixes (block
drivers)).
- dm: fix redundant IO accounting for bios that need splitting (git fixes
(block drivers)).
- dm integrity: fix a deadlock due to offloading to an incorrect workqueue
(git fixes (block drivers)).
- dm integrity: fix integrity recalculation that is improperly skipped
(git fixes (block drivers)).
- dm: report suspended device during destroy (git fixes (block drivers)).
- dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes
(block drivers)).
- dm: use noio when sending kobject event (git fixes (block drivers)).
- dm writecache: add cond_resched to loop in persistent_memory_claim()
(git fixes (block drivers)).
- dm writecache: correct uncommitted_block when discarding uncommitted
entry (git fixes (block drivers)).
- dm zoned: assign max_io_len correctly (git fixes (block drivers)).
- drivers: char: tlclk.c: Avoid data race between init and interrupt
handler (git-fixes).
- Drivers: hv: Specify receive buffer size using Hyper-V page size
(bsc#1176877).
- Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
- drivers: net: add missing interrupt.h include (git-fixes).
- drivers/net/ethernet/marvell/mvmdio.c: Fix non OF case (git-fixes).
- drivers/net/wan/x25_asy: Fix to make it work
(networking-stable-20_07_29).
- drm/amd/display: dal_ddc_i2c_payloads_create can fail causing panic
(git-fixes).
- drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
- drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
(git-fixes).
- drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
- drm/amdgpu: Fix bug in reporting voltage for CIK (git-fixes).
- drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
- drm/amdgpu: increase atombios cmd timeout (git-fixes).
- drm/amdgpu/powerplay: fix AVFS handling with custom powerplay table
(git-fixes).
- drm/amdgpu/powerplay/smu7: fix AVFS handling with custom powerplay table
(git-fixes).
- drm/amdkfd: fix a memory leak issue (git-fixes).
- drm/amdkfd: Fix reference count leaks (git-fixes).
- drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
- drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
- drm/ast: Initialize DRAM type before posting GPU (bsc#1113956) *
context changes
- drm/mediatek: Add exception handing in mtk_drm_probe() if component init
fail (git-fixes).
- drm/mediatek: Add missing put_device() call in mtk_hdmi_dt_parse_pdata()
(git-fixes).
- drm/msm/a5xx: Always set an OPP supported hardware value (git-fixes).
- drm/msm: add shutdown support for display platform_driver (git-fixes).
- drm/msm: Disable preemption on all 5xx targets (git-fixes).
- drm/msm: fix leaks if initialization fails (git-fixes).
- drm/msm/gpu: make ringbuffer readonly (bsc#1112178) * context changes
- drm/nouveau/debugfs: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/dispnv50: fix runtime pm imbalance on error (git-fixes).
- drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
(git-fixes).
- drm/nouveau: Fix reference count leak in nouveau_connector_detect
(git-fixes).
- drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
(git-fixes).
- drm/nouveau: fix runtime pm imbalance on error (git-fixes).
- drm/omap: fix possible object reference leak (git-fixes).
- drm/radeon: fix multiple reference count leak (git-fixes).
- drm/radeon: Prefer lower feedback dividers (git-fixes).
- drm/radeon: revert "Prefer lower feedback dividers" (git-fixes).
- drm/sun4i: Fix dsi dcs long write function (git-fixes).
- drm/sun4i: sun8i-csc: Secondary CSC register correction (git-fixes).
- drm/tve200: Stabilize enable/disable (git-fixes).
- drm/vc4/vc4_hdmi: fill ASoC card owner (git-fixes).
- e1000: Do not perform reset in reset_task if we are already down
(git-fixes).
- EDAC: Fix reference count leaks (bsc#1112178).
- fbcon: prevent user font height or width change from causing
(bsc#1112178)
- Fix error in kabi fix for: NFSv4: Fix OPEN / CLOSE race (bsc#1176950).
- ftrace: Move RCU is watching check after recursion check (git-fixes).
- ftrace: Setup correct FTRACE_FL_REGS flags for module (git-fixes).
- gma/gma500: fix a memory disclosure bug due to uninitialized bytes
(git-fixes).
- gpio: tc35894: fix up tc35894 interrupt configuration (git-fixes).
- gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable()
(git-fixes).
- gtp: fix Illegal context switch in RCU read-side critical section
(git-fixes).
- gtp: fix use-after-free in gtp_newlink() (git-fixes).
- HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
(git-fixes).
- hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
- hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
- hv_utils: return error if host timesysnc update is stale (bsc#1176877).
- hwmon: (applesmc) check status earlier (git-fixes).
- i2c: core: Do not fail PRP0001 enumeration when no ID table exist
(git-fixes).
- i2c: cpm: Fix i2c_ram structure (git-fixes).
- ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
- ieee802154/adf7242: check status of adf7242_read_reg (git-fixes).
- ieee802154: fix one possible memleak in ca8210_dev_com_init (git-fixes).
- iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak
(git-fixes).
- iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
- iio:accel:mma7455: Fix timestamp alignment and prevent data leak
(git-fixes).
- iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
- iio: adc: mcp3422: fix locking on error path (git-fixes).
- iio: adc: mcp3422: fix locking scope (git-fixes).
- iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
- iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set
(git-fixes).
- iio: improve IIO_CONCENTRATION channel type description (git-fixes).
- iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
- iio:light:max44000 Fix timestamp alignment and prevent data leak
(git-fixes).
- iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
- include: add additional sizes (bsc#1094244 ltc#168122).
- iommu/amd: Fix IOMMU AVIC not properly update the is_run bit in IRTE
(bsc#1177293).
- iommu/amd: Fix potential @entry null deref (bsc#1177294).
- iommu/amd: Print extended features in one line to fix divergent log
levels (bsc#1176316).
- iommu/amd: Re-factor guest virtual APIC (de-)activation code
(bsc#1177291).
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176317).
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode
(bsc#1177295).
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176318).
- iommu/exynos: add missing put_device() call in exynos_iommu_of_xlate()
(bsc#1177296).
- iommu/omap: Check for failure of a call to omap_iommu_dump_ctx
(bsc#1176319).
- iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176320).
- kernel-binary.spec.in: Package the obj_install_dir as explicit filelist.
- kernel-syms.spec.in: Also use bz compression (boo#1175882).
- KVM: arm64: Change 32-bit handling of VM system registers (jsc#SLE-4084).
- KVM: arm64: Cleanup __activate_traps and __deactive_traps for VHE and
non-VHE (jsc#SLE-4084).
- KVM: arm64: Configure c15, PMU, and debug register traps on cpu load/put
for VHE (jsc#SLE-4084).
- KVM: arm64: Defer saving/restoring 32-bit sysregs to vcpu load/put
(jsc#SLE-4084).
- KVM: arm64: Defer saving/restoring 64-bit sysregs to vcpu load/put on
VHE (jsc#SLE-4084).
- KVM: arm64: Directly call VHE and non-VHE FPSIMD enabled functions
(jsc#SLE-4084).
- KVM: arm64: Do not deactivate VM on VHE systems (jsc#SLE-4084).
- KVM: arm64: Do not save the host ELR_EL2 and SPSR_EL2 on VHE systems
(jsc#SLE-4084).
- KVM: arm64: Factor out fault info population and gic workarounds
(jsc#SLE-4084).
- KVM: arm64: Fix order of vcpu_write_sys_reg() arguments (jsc#SLE-4084).
- KVM: arm64: Forbid kprobing of the VHE world-switch code (jsc#SLE-4084).
- KVM: arm64: Improve debug register save/restore flow (jsc#SLE-4084).
- KVM: arm64: Introduce framework for accessing deferred sysregs
(jsc#SLE-4084).
- KVM: arm64: Introduce separate VHE/non-VHE sysreg save/restore functions
(jsc#SLE-4084).
- KVM: arm64: Introduce VHE-specific kvm_vcpu_run (jsc#SLE-4084).
- KVM: arm64: Move common VHE/non-VHE trap config in separate functions
(jsc#SLE-4084).
- KVM: arm64: Move debug dirty flag calculation out of world switch
(jsc#SLE-4084).
- KVM: arm64: Move HCR_INT_OVERRIDE to default HCR_EL2 guest flag
(jsc#SLE-4084).
- KVM: arm64: Move userspace system registers into separate function
(jsc#SLE-4084).
- KVM: arm64: Prepare to handle deferred save/restore of 32-bit registers
(jsc#SLE-4084).
- KVM: arm64: Prepare to handle deferred save/restore of ELR_EL1
(jsc#SLE-4084).
- KVM: arm64: Remove kern_hyp_va() use in VHE switch function
(jsc#SLE-4084).
- KVM: arm64: Remove noop calls to timer save/restore from VHE switch
(jsc#SLE-4084).
- KVM: arm64: Rework hyp_panic for VHE and non-VHE (jsc#SLE-4084).
- KVM: arm64: Rewrite sysreg alternatives to static keys (jsc#SLE-4084).
- KVM: arm64: Rewrite system register accessors to read/write functions
(jsc#SLE-4084).
- KVM: arm64: Slightly improve debug save/restore functions (jsc#SLE-4084).
- KVM: arm64: Unify non-VHE host/guest sysreg save and restore functions
(jsc#SLE-4084).
- KVM: arm64: Write arch.mdcr_el2 changes since last vcpu_load on VHE
(jsc#SLE-4084).
- KVM: arm/arm64: Avoid vcpu_load for other vcpu ioctls than KVM_RUN
(jsc#SLE-4084).
- KVM: arm/arm64: Avoid VGICv3 save/restore on VHE with no IRQs
(jsc#SLE-4084).
- KVM: arm/arm64: Get rid of vcpu->arch.irq_lines (jsc#SLE-4084).
- KVM: arm/arm64: Handle VGICv3 save/restore from the main VGIC code on
VHE (jsc#SLE-4084).
- KVM: arm/arm64: Move vcpu_load call after kvm_vcpu_first_run_init
(jsc#SLE-4084).
- KVM: arm/arm64: Move VGIC APR save/restore to vgic put/load
(jsc#SLE-4084).
- KVM: arm/arm64: Prepare to handle deferred save/restore of SPSR_EL1
(jsc#SLE-4084).
- KVM: arm/arm64: Remove leftover comment from kvm_vcpu_run_vhe
(jsc#SLE-4084).
- KVM: introduce kvm_arch_vcpu_async_ioctl (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_fpu
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_mpstate
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_get_regs
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl (jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_run
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_fpu
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_guest_debug
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_mpstate
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_regs
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_set_sregs
(jsc#SLE-4084).
- KVM: Move vcpu_load to arch-specific kvm_arch_vcpu_ioctl_translate
(jsc#SLE-4084).
- KVM: PPC: Fix compile error that occurs when CONFIG_ALTIVEC=n
(jsc#SLE-4084).
- KVM: Prepare for moving vcpu_load/vcpu_put into arch specific code
(jsc#SLE-4084).
- KVM: SVM: Add a dedicated INVD intercept routine (bsc#1112178).
- KVM: SVM: Fix disable pause loop exit/pause filtering capability on SVM
(bsc#1176321).
- KVM: SVM: fix svn_pin_memory()'s use of get_user_pages_fast()
(bsc#1112178).
- KVM: Take vcpu->mutex outside vcpu_load (jsc#SLE-4084).
- libceph: allow setting abort_on_full for rbd (bsc#1169972).
- libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
- libnvdimm: cover up struct nvdimm changes (bsc#1171742).
- libnvdimm/security, acpi/nfit: unify zero-key for all security commands
(bsc#1171742).
- libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
- libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
- lib/raid6: use vdupq_n_u8 to avoid endianness warnings (git fixes (block
drivers)).
- livepatch: Add -fdump-ipa-clones to build (). Add support for
-fdump-ipa-clones GCC option. Update config files accordingly.
- mac802154: tx: fix use-after-free (git-fixes).
- md: raid0/linear: fix dereference before null check on pointer mddev
(git fixes (block drivers)).
- media: davinci: vpif_capture: fix potential double free (git-fixes).
- media: pci: ttpci: av7110: fix possible buffer overflow caused by bad
DMA value in debiirq() (git-fixes).
- media: smiapp: Fix error handling at NVM reading (git-fixes).
- media: ti-vpe: cal: Restrict DMA to avoid memory corruption (git-fixes).
- mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
- mfd: mfd-core: Protect against NULL call-back function pointer
(git-fixes).
- mm: Avoid calling build_all_zonelists_init under hotplug context
(bsc#1154366).
- mmc: cqhci: Add cqhci_deactivate() (git-fixes).
- mmc: sdhci-msm: Add retries when all tuning phases are found valid
(git-fixes).
- mmc: sdhci-pci: Fix SDHCI_RESET_ALL for CQHCI for Intel GLK-based
controllers (git-fixes).
- mmc: sdhci: Workaround broken command queuing on Intel GLK based IRBIS
models (git-fixes).
- mm/page_alloc.c: fix a crash in free_pages_prepare() (git fixes
(mm/pgalloc)).
- mm/vmalloc.c: move 'area->pages' after if statement (git fixes
(mm/vmalloc)).
- mtd: cfi_cmdset_0002: do not free cfi->cfiq in error path of
cfi_amdstd_setup() (git-fixes).
- mtd: lpddr: Fix a double free in probe() (git-fixes).
- mtd: phram: fix a double free issue in error path (git-fixes).
- mtd: properly check all write ioctls for permissions (git-fixes).
- net: 8390: Fix manufacturer name in Kconfig help text (git-fixes).
- net: amd: fix return type of ndo_start_xmit function (git-fixes).
- net/amd: Remove useless driver version (git-fixes).
- net: amd-xgbe: fix comparison to bitshift when dealing with a mask
(git-fixes).
- net: amd-xgbe: Get rid of custom hex_dump_to_buffer() (git-fixes).
- net: apple: Fix manufacturer name in Kconfig help text (git-fixes).
- net: broadcom: Fix manufacturer name in Kconfig help text (git-fixes).
- net: dsa: b53: Fix sparse warnings in b53_mmap.c (git-fixes).
- net: dsa: b53: Use strlcpy() for ethtool::get_strings (git-fixes).
- net: dsa: mv88e6xxx: fix 6085 frame mode masking (git-fixes).
- net: dsa: mv88e6xxx: Fix interrupt masking on removal (git-fixes).
- net: dsa: mv88e6xxx: Fix name of switch 88E6141 (git-fixes).
- net: dsa: mv88e6xxx: fix shift of FID bits in
mv88e6185_g1_vtu_loadpurge() (git-fixes).
- net: dsa: mv88e6xxx: Unregister MDIO bus on error path (git-fixes).
- net: dsa: qca8k: Allow overwriting CPU port setting (git-fixes).
- net: dsa: qca8k: Enable RXMAC when bringing up a port (git-fixes).
- net: dsa: qca8k: Force CPU port to its highest bandwidth (git-fixes).
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
(git-fixes).
- net: fs_enet: do not call phy_stop() in interrupts (git-fixes).
- net: initialize fastreuse on inet_inherit_port
(networking-stable-20_08_15).
- net: lan78xx: Bail out if lan78xx_get_endpoints fails (git-fixes).
- net: lan78xx: replace bogus endpoint lookup (networking-stable-20_08_08).
- net: lio_core: fix potential sign-extension overflow on large shift
(git-fixes).
- net/mlx5: Add meaningful return codes to status_to_err function
(git-fixes).
- net/mlx5: E-Switch, Use correct flags when configuring vlan (git-fixes).
- net/mlx5e: XDP, Avoid checksum complete when XDP prog is loaded
(git-fixes).
- net: mvmdio: defer probe of orion-mdio if a clock is not ready
(git-fixes).
- net: mvneta: fix mtu change on port without link (git-fixes).
- net-next: ax88796: Do not free IRQ in ax_remove() (already freed in
ax_close()) (git-fixes).
- net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
- net: qca_spi: Avoid packet drop during initial sync (git-fixes).
- net: qca_spi: Make sure the QCA7000 reset is triggered (git-fixes).
- net: refactor bind_bucket fastreuse into helper
(networking-stable-20_08_15).
- net/smc: fix dmb buffer shortage (git-fixes).
- net/smc: fix restoring of fallback changes (git-fixes).
- net/smc: fix sock refcounting in case of termination (git-fixes).
- net/smc: improve close of terminated socket (git-fixes).
- net/smc: Prevent kernel-infoleak in __smc_diag_dump() (git-fixes).
- net/smc: remove freed buffer from list (git-fixes).
- net/smc: reset sndbuf_desc if freed (git-fixes).
- net/smc: set rx_off for SMCR explicitly (git-fixes).
- net/smc: switch smcd_dev_list spinlock to mutex (git-fixes).
- net/smc: tolerate future SMCD versions (git-fixes).
- net: stmmac: call correct function in
stmmac_mac_config_rx_queues_routing() (git-fixes).
- net: stmmac: Disable ACS Feature for GMAC >= 4 (git-fixes).
- net: stmmac: do not stop NAPI processing when dropping a packet
(git-fixes).
- net: stmmac: dwmac4: fix flow control issue (git-fixes).
- net: stmmac: dwmac_lib: fix interchanged sleep/timeout values in DMA
reset function (git-fixes).
- net: stmmac: dwmac-meson8b: Add missing boundary to RGMII TX clock array
(git-fixes).
- net: stmmac: dwmac-meson8b: fix internal RGMII clock configuration
(git-fixes).
- net: stmmac: dwmac-meson8b: fix setting the RGMII TX clock on Meson8b
(git-fixes).
- net: stmmac: dwmac-meson8b: Fix the RGMII TX delay on Meson8b/8m2 SoCs
(git-fixes).
- net: stmmac: dwmac-meson8b: only configure the clocks in RGMII mode
(git-fixes).
- net: stmmac: dwmac-meson8b: propagate rate changes to the parent clock
(git-fixes).
- net: stmmac: Fix error handling path in 'alloc_dma_rx_desc_resources()'
(git-fixes).
- net: stmmac: Fix error handling path in 'alloc_dma_tx_desc_resources()'
(git-fixes).
- net: stmmac: rename dwmac4_tx_queue_routing() to match reality
(git-fixes).
- net: stmmac: set MSS for each tx DMA channel (git-fixes).
- net: stmmac: Use correct values in TQS/RQS fields (git-fixes).
- net-sysfs: add a newline when printing 'tx_timeout' by sysfs
(networking-stable-20_07_29).
- net: systemport: Fix software statistics for SYSTEMPORT Lite (git-fixes).
- net: systemport: Fix sparse warnings in bcm_sysport_insert_tsb()
(git-fixes).
- net: tc35815: Explicitly check NET_IP_ALIGN is not zero in tc35815_rx
(git-fixes).
- net: tulip: de4x5: Drop redundant MODULE_DEVICE_TABLE() (git-fixes).
- net: ucc_geth - fix Oops when changing number of buffers in the ring
(git-fixes).
- NFSv4: do not mark all open state for recovery when handling recallable
state revoked flag (bsc#1176935).
- nvme-fc: set max_segments to lldd max value (bsc#1176038).
- nvme-pci: override the value of the controller's numa node (bsc#1176507).
- ocfs2: give applications more IO opportunities during fstrim
(bsc#1175228).
- omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
(git-fixes).
- PCI/ASPM: Allow re-enabling Clock PM (git-fixes).
- PCI: Fix pci_create_slot() reference count leak (git-fixes).
- PCI: qcom: Add missing ipq806x clocks in PCIe driver (git-fixes).
- PCI: qcom: Add missing reset for ipq806x (git-fixes).
- PCI: qcom: Add support for tx term offset for rev 2.1.0 (git-fixes).
- PCI: qcom: Define some PARF params needed for ipq8064 SoC (git-fixes).
- PCI: rcar: Fix incorrect programming of OB windows (git-fixes).
- phy: samsung: s5pv210-usb2: Add delay after reset (git-fixes).
- pinctrl: mvebu: Fix i2c sda definition for 98DX3236 (git-fixes).
- platform/x86: fix kconfig dependency warning for FUJITSU_LAPTOP
(git-fixes).
- platform/x86: thinkpad_acpi: initialize tp_nvram_state variable
(git-fixes).
- platform/x86: thinkpad_acpi: re-initialize ACPI buffer size when reuse
(git-fixes).
- powerpc/64s: Blacklist functions invoked on a trap (bsc#1094244
ltc#168122).
- powerpc/64s: Fix HV NMI vs HV interrupt recoverability test (bsc#1094244
ltc#168122).
- powerpc/64s: Fix unrelocated interrupt trampoline address test
(bsc#1094244 ltc#168122).
- powerpc/64s: Include <asm/nmi.h> header file to fix a warning
(bsc#1094244 ltc#168122).
- powerpc/64s: machine check do not trace real-mode handler (bsc#1094244
ltc#168122).
- powerpc/64s: sreset panic if there is no debugger or crash dump handlers
(bsc#1094244 ltc#168122).
- powerpc/64s: system reset interrupt preserve HSRRs (bsc#1094244
ltc#168122).
- powerpc: Add cputime_to_nsecs() (bsc#1065729).
- powerpc/book3s64/radix: Add kernel command line option to disable radix
GTSE (bsc#1055186 ltc#153436).
- powerpc/book3s64/radix: Fix boot failure with large amount of guest
memory (bsc#1176022 ltc#187208).
- powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
- powerpc/init: Do not advertise radix during client-architecture-support
(bsc#1055186 ltc#153436 ).
- powerpc/kernel: Cleanup machine check function declarations
(bsc#1065729).
- powerpc/kernel: Enables memory hot-remove after reboot on pseries guests
(bsc#1177030 ltc#187588).
- powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436).
- powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only
(bsc#1177030 ltc#187588).
- powerpc/mm: Move book3s64 specifics in subdirectory mm/book3s64
(bsc#1176022 ltc#187208).
- powerpc/powernv: Remove real mode access limit for early allocations
(bsc#1176022 ltc#187208).
- powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186
ltc#153436).
- powerpc/pseries/le: Work around a firmware quirk (bsc#1094244
ltc#168122).
- powerpc/pseries: lift RTAS limit for radix (bsc#1176022 ltc#187208).
- powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244
ltc#168122).
- powerpc/pseries: Machine check use rtas_call_unlocked() with args on
stack (bsc#1094244 ltc#168122).
- powerpc/pseries: radix is not subject to RMA limit, remove it
(bsc#1176022 ltc#187208).
- powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths
(bsc#1094244 ltc#168122).
- powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
- powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244
ltc#168122).
- powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244
ltc#168122).
- powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
- powerpc/traps: fix recoverability of machine check handling on book3s/32
(bsc#1094244 ltc#168122).
- powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244
ltc#168122).
- powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S
(bsc#1065729).
- power: supply: max17040: Correct voltage reading (git-fixes).
- rcu: Do RCU GP kthread self-wakeup from softirq and interrupt (git fixes
(rcu)).
- regulator: push allocation in set_consumer_device_supply() out of lock
(git-fixes).
- Revert "ALSA: hda: Add support for Loongson 7A1000 controller"
(git-fixes).
- Revert "ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume
control" (git-fixes).
- Revert "i2c: cadence: Fix the hold bit setting" (git-fixes).
- rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules
(bsc#1176869 ltc#188243).
- rpm/constraints.in: recognize also kernel-source-azure (bsc#1176732)
- rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857
jsc#SLE-13618).
- rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115)
To avoid the unnecessary key enrollment, when enrolling the signing key
of the kernel package, "--ca-check" is added to mokutil so that mokutil
will ignore the request if the CA of the signing key already exists in
MokList or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is
only defined in a kernel module package (KMP), it's used to determine
whether the %post script is running in a kernel package, or a kernel
module package.
- rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
- rpm/macros.kernel-source: pass -c proerly in kernel module package
(bsc#1176698) The "-c" option wasn't passed down to
%_kernel_module_package so the ueficert subpackage wasn't generated even
if the certificate is specified in the spec file.
- rtc: ds1374: fix possible race condition (git-fixes).
- rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
- rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
(networking-stable-20_08_08).
- rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
(networking-stable-20_07_29).
- s390/mm: fix huge pte soft dirty copying (git-fixes).
- s390/qeth: do not process empty bridge port events (git-fixes).
- s390/qeth: integrate RX refill worker with NAPI (git-fixes).
- s390/qeth: tolerate pre-filled RX buffer (git-fixes).
- scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
- scsi: fnic: Do not call 'scsi_done()' for unhandled commands
(bsc#1168468, bsc#1171675).
- scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962
ltc#188304).
- scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
(bsc#1176962 ltc#188304).
- scsi: iscsi: iscsi_tcp: Avoid holding spinlock while calling
getpeername() (bsc#1177258).
- scsi: libfc: Fix for double free() (bsc#1174899).
- scsi: libfc: free response frame from GPN_ID (bsc#1174899).
- scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases
(bsc#1174899).
- scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
- scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
- scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
- scsi: qla2xxx: Fix the return value (bsc#1171688).
- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call
(bsc#1171688).
- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba()
(bsc#1171688).
- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg()
(bsc#1171688).
- scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1171688).
- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle()
(bsc#1171688).
- scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
- scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
- scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
- scsi: qla2xxx: Simplify return value logic in
qla2x00_get_sp_from_handle() (bsc#1171688).
- scsi: qla2xxx: Suppress two recently introduced compiler warnings
(git-fixes).
- scsi: qla2xxx: Warn if done() or free() are called on an already freed
srb (bsc#1171688).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra186
(git-fixes).
- sdhci: tegra: Remove SDHCI_QUIRK_DATA_TIMEOUT_USES_SDCLK for Tegra210
(git-fixes).
- serial: 8250: 8250_omap: Terminate DMA before pushing data on RX timeout
(git-fixes).
- serial: 8250_omap: Fix sleeping function called from invalid context
during probe (git-fixes).
- serial: 8250_port: Do not service RX FIFO if throttled (git-fixes).
- Set CONFIG_HAVE_KVM_VCPU_ASYNC_IOCTL=y (jsc#SLE-4084).
- smb3: Honor persistent/resilient handle flags for multiuser mounts
(bsc#1176546).
- smb3: Honor 'seal' flag for multiuser mounts (bsc#1176545).
- smb3: warn on confusing error scenario with sec=krb5 (bsc#1176548).
- staging:r8188eu: avoid skb_clone for amsdu to msdu conversion
(git-fixes).
- stmmac: Do not access tx_q->dirty_tx before netif_tx_lock (git-fixes).
- tcp: apply a floor of 1 for RTT samples from TCP timestamps
(networking-stable-20_08_08).
- thermal: ti-soc-thermal: Fix bogus thermal shutdowns for omap4430
(git-fixes).
- tools/power/cpupower: Fix initializer override in hsw_ext_cstates
(bsc#1112178).
- usb: core: fix slab-out-of-bounds Read in read_descriptors (git-fixes).
- usb: dwc3: Increase timeout for CmdAct cleared by device controller
(git-fixes).
- usb: EHCI: ehci-mv: fix error handling in mv_ehci_probe() (git-fixes).
- usb: EHCI: ehci-mv: fix less than zero comparison of an unsigned int
(git-fixes).
- usb: Fix out of sync data toggle if a configured device is reconfigured
(git-fixes).
- usb: gadget: f_ncm: add bounds checks to ncm_unwrap_ntb() (git-fixes).
- usb: gadget: f_ncm: Fix NDP16 datagram validation (git-fixes).
- usb: gadget: u_f: add overflow checks to VLA macros (git-fixes).
- usb: gadget: u_f: Unbreak offset calculation in VLAs (git-fixes).
- usb: hso: check for return value in hso_serial_common_create()
(networking-stable-20_08_08).
- usblp: fix race between disconnect() and read() (git-fixes).
- usb: lvtest: return proper error code in probe (git-fixes).
- usbnet: ipheth: fix potential null pointer dereference in
ipheth_carrier_set (git-fixes).
- usb: qmi_wwan: add D-Link DWM-222 A2 device ID (git-fixes).
- usb: quirks: Add no-lpm quirk for another Raydium touchscreen
(git-fixes).
- usb: quirks: Add USB_QUIRK_IGNORE_REMOTE_WAKEUP quirk for BYD zhaoxin
notebook (git-fixes).
- usb: quirks: Ignore duplicate endpoint on Sound Devices MixPre-D
(git-fixes).
- usb: serial: ftdi_sio: add IDs for Xsens Mti USB converter (git-fixes).
- usb: serial: option: add support for SIM7070/SIM7080/SIM7090 modules
(git-fixes).
- usb: serial: option: support dynamic Quectel USB compositions
(git-fixes).
- usb: sisusbvga: Fix a potential UB casued by left shifting a negative
value (git-fixes).
- usb: storage: Add unusual_uas entry for Sony PSZ drives (git-fixes).
- usb: typec: ucsi: acpi: Check the _DEP dependencies (git-fixes).
- usb: uas: Add quirk for PNY Pro Elite (git-fixes).
- usb: UAS: fix disconnect by unplugging a hub (git-fixes).
- usb: yurex: Fix bad gfp argument (git-fixes).
- vgacon: remove software scrollback support (bsc#1176278).
- video: fbdev: fix OOB read in vga_8planes_imageblit() (git-fixes).
- virtio-blk: free vblk-vqs in error path of virtblk_probe() (git fixes
(block drivers)).
- vmxnet3: fix cksum offload issues for non-udp tunnels (git-fixes).
- vrf: prevent adding upper devices (git-fixes).
- vxge: fix return of a free'd memblock on a failed dma mapping
(git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1112178).
- xen: do not reschedule in preemption off sections (bsc#1175749).
- xen/events: do not use chip_data for legacy IRQs (bsc#1065600).
- XEN uses irqdesc::irq_data_common::handler_data to store a per interrupt
XEN data pointer which contains XEN specific information (bsc#1065600).
- xgbe: no need to check return value of debugfs_create functions
(git-fixes).
- xgbe: switch to more generic VxLAN detection (git-fixes).
- xhci: Do warm-reset when both CAS and XDEV_RESUME are set (git-fixes).
- yam: fix possible memory leak in yam_init_driver (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1655=1
Package List:
- openSUSE Leap 15.1 (noarch):
kernel-devel-4.12.14-lp151.28.71.1
kernel-docs-4.12.14-lp151.28.71.1
kernel-docs-html-4.12.14-lp151.28.71.1
kernel-macros-4.12.14-lp151.28.71.1
kernel-source-4.12.14-lp151.28.71.1
kernel-source-vanilla-4.12.14-lp151.28.71.1
- openSUSE Leap 15.1 (x86_64):
kernel-debug-4.12.14-lp151.28.71.2
kernel-debug-base-4.12.14-lp151.28.71.2
kernel-debug-base-debuginfo-4.12.14-lp151.28.71.2
kernel-debug-debuginfo-4.12.14-lp151.28.71.2
kernel-debug-debugsource-4.12.14-lp151.28.71.2
kernel-debug-devel-4.12.14-lp151.28.71.2
kernel-debug-devel-debuginfo-4.12.14-lp151.28.71.2
kernel-default-4.12.14-lp151.28.71.2
kernel-default-base-4.12.14-lp151.28.71.2
kernel-default-base-debuginfo-4.12.14-lp151.28.71.2
kernel-default-debuginfo-4.12.14-lp151.28.71.2
kernel-default-debugsource-4.12.14-lp151.28.71.2
kernel-default-devel-4.12.14-lp151.28.71.2
kernel-default-devel-debuginfo-4.12.14-lp151.28.71.2
kernel-kvmsmall-4.12.14-lp151.28.71.2
kernel-kvmsmall-base-4.12.14-lp151.28.71.2
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.71.2
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.71.2
kernel-kvmsmall-debugsource-4.12.14-lp151.28.71.2
kernel-kvmsmall-devel-4.12.14-lp151.28.71.2
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.71.2
kernel-obs-build-4.12.14-lp151.28.71.2
kernel-obs-build-debugsource-4.12.14-lp151.28.71.2
kernel-obs-qa-4.12.14-lp151.28.71.2
kernel-syms-4.12.14-lp151.28.71.1
kernel-vanilla-4.12.14-lp151.28.71.2
kernel-vanilla-base-4.12.14-lp151.28.71.2
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.71.2
kernel-vanilla-debuginfo-4.12.14-lp151.28.71.2
kernel-vanilla-debugsource-4.12.14-lp151.28.71.2
kernel-vanilla-devel-4.12.14-lp151.28.71.2
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.71.2
References:
https://www.suse.com/security/cve/CVE-2020-0404.html
https://www.suse.com/security/cve/CVE-2020-0427.html
https://www.suse.com/security/cve/CVE-2020-0431.html
https://www.suse.com/security/cve/CVE-2020-0432.html
https://www.suse.com/security/cve/CVE-2020-14381.html
https://www.suse.com/security/cve/CVE-2020-14386.html
https://www.suse.com/security/cve/CVE-2020-14390.html
https://www.suse.com/security/cve/CVE-2020-25212.html
https://www.suse.com/security/cve/CVE-2020-25284.html
https://www.suse.com/security/cve/CVE-2020-25641.html
https://www.suse.com/security/cve/CVE-2020-25643.html
https://www.suse.com/security/cve/CVE-2020-26088.html
https://bugzilla.suse.com/1055186
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1094244
https://bugzilla.suse.com/1112178
https://bugzilla.suse.com/1113956
https://bugzilla.suse.com/1154366
https://bugzilla.suse.com/1167527
https://bugzilla.suse.com/1168468
https://bugzilla.suse.com/1169972
https://bugzilla.suse.com/1171675
https://bugzilla.suse.com/1171688
https://bugzilla.suse.com/1171742
https://bugzilla.suse.com/1173115
https://bugzilla.suse.com/1174899
https://bugzilla.suse.com/1175228
https://bugzilla.suse.com/1175749
https://bugzilla.suse.com/1175882
https://bugzilla.suse.com/1176011
https://bugzilla.suse.com/1176022
https://bugzilla.suse.com/1176038
https://bugzilla.suse.com/1176069
https://bugzilla.suse.com/1176235
https://bugzilla.suse.com/1176242
https://bugzilla.suse.com/1176278
https://bugzilla.suse.com/1176316
https://bugzilla.suse.com/1176317
https://bugzilla.suse.com/1176318
https://bugzilla.suse.com/1176319
https://bugzilla.suse.com/1176320
https://bugzilla.suse.com/1176321
https://bugzilla.suse.com/1176381
https://bugzilla.suse.com/1176423
https://bugzilla.suse.com/1176482
https://bugzilla.suse.com/1176507
https://bugzilla.suse.com/1176536
https://bugzilla.suse.com/1176544
https://bugzilla.suse.com/1176545
https://bugzilla.suse.com/1176546
https://bugzilla.suse.com/1176548
https://bugzilla.suse.com/1176659
https://bugzilla.suse.com/1176698
https://bugzilla.suse.com/1176699
https://bugzilla.suse.com/1176700
https://bugzilla.suse.com/1176721
https://bugzilla.suse.com/1176722
https://bugzilla.suse.com/1176725
https://bugzilla.suse.com/1176732
https://bugzilla.suse.com/1176788
https://bugzilla.suse.com/1176789
https://bugzilla.suse.com/1176869
https://bugzilla.suse.com/1176877
https://bugzilla.suse.com/1176935
https://bugzilla.suse.com/1176950
https://bugzilla.suse.com/1176962
https://bugzilla.suse.com/1176966
https://bugzilla.suse.com/1176990
https://bugzilla.suse.com/1177030
https://bugzilla.suse.com/1177041
https://bugzilla.suse.com/1177042
https://bugzilla.suse.com/1177043
https://bugzilla.suse.com/1177044
https://bugzilla.suse.com/1177121
https://bugzilla.suse.com/1177206
https://bugzilla.suse.com/1177258
https://bugzilla.suse.com/1177291
https://bugzilla.suse.com/1177293
https://bugzilla.suse.com/1177294
https://bugzilla.suse.com/1177295
https://bugzilla.suse.com/1177296
https://bugzilla.suse.com/962356
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1652-1: moderate: Security update for nextcloud
by opensuse-security@opensuse.org 10 Oct '20
by opensuse-security@opensuse.org 10 Oct '20
10 Oct '20
openSUSE Security Update: Security update for nextcloud
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1652-1
Rating: moderate
References: #1171572 #1171579 #1177346
Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183
CVE-2020-8228 CVE-2020-8233
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for nextcloud fixes the following issues:
nextcloud version 20.0.0 fix some security issues:
- NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not
verified
- NC-SA-2020-033 (CVE-2020-8228) Missing rate limit on signup page
- NC-SA-2020-029 (CVE-2020-8233, boo#1177346) Re-Sharing allows increase
of privileges
- NC-SA-2020-026 Passowrd of share by mail is not hashed when given on
the create share call
- NC-SA-2020-023 Increase random used for encryption
- Update to 19.0.3
- Fix possible leaking scope in Flow (server#22410)
- Combine body-login rules in theming and fix twofactor and guest
styling on bright colors (server#22427)
- Show better quota warning for group folders and external storage
(server#22442)
- Add php docs build script (server#22448)
- Fix clicks on actions menu of non opaque file rows in acceptance tests
(server#22503)
- Fix writing BLOBs to postgres with recent contacts interaction
(server#22515)
- Set the mount id before calling storage wrapper (server#22519)
- Fix S3 error handling (server#22521)
- Only disable zip64 if the size is known (server#22537)
- Change free space calculation (server#22553)
- Do not keep the part file if the forbidden exception has no retry set
(server#22560)
- Fix app password updating out of bounds (server#22569)
- Use the correct root to determinate the webroot for the resource
(server#22579)
- Upgrade icewind/smb to 3.2.7 (server#22581)
- Bump elliptic from 6.4.1 to 6.5.3 (notifications#732)
- Fixes regression that prevented you from toggling the encryption flag
(privacy#489)
- Match any non-whitespace character in filesystem pattern
(serverinfo#229)
- Catch StorageNotAvailable exceptions (text#1001)
- Harden read only check on public endpoints (text#1017)
- Harden check when using token from memcache (text#1020)
- Sessionid is an int (text#1029)
- Only overwrite Ctrl-f when text is focussed (text#990)
- Set the X-Requested-With header on dav requests (viewer#582)
- Update to 19.0.2
- [stable19] lower minimum search length to 2 characters (server#21782)
- [stable19] Call openssl_pkey_export with $config and log errors.
(server#21804)
- [stable19] Improve error reporting on sharing errors (server#21806)
- [stable19] Do not log RequestedRangeNotSatisfiable exceptions in DAV
(server#21840)
- [stable19] Fix parsing of language code (server#21857)
- [stable19] fix typo in revokeShare() (server#21876)
- [stable19] Discourage webauthn user interaction (server#21917)
- [stable19] Encryption is ready if master key is enabled (server#21935)
- [stable19] Disable fragile comments tests (server#21939)
- [stable19] Do not double encode the userid in webauthn login
(server#21953)
- [stable19] update icewind/smb to 3.2.6 (server#21955)
- [stable19] Respect default share permissions (server#21967)
- [stable19] allow admin to configure the max trashbin size
(server#21975)
- [stable19] Fix risky test in twofactor_backupcodes (server#21978)
- [stable19] Fix PHPUnit deprecation warnings (server#21981)
- [stable19] fix moving files from external storage to object store
trashbin (server#21983)
- [stable19] Ignore whitespace in sharing by mail (server#21991)
- [stable19] Properly fetch translation for remote wipe confirmation
dialog (server#22036)
- [stable19] parse_url returns null in case a parameter is not found
(server#22044)
- Bump elliptic from 6.5.2 to 6.5.3 (server#22050)
- [stable19] Correctly remove usergroup shares on removing group members
(server#22053)
- [stable19] Fix height to big for iPhone when using many apps
(server#22064)
- [stable19] reset the cookie internally in new API when abandoning
paged results op (server#22069)
- [stable19] Add Guzzle's InvalidArgumentException (server#22070)
- [stable19] contactsmanager shall limit number of results early
(server#22091)
- [stable19] Fix browser freeze on long password input (server#22094)
- [stable19] Search also the email and displayname in user mangement for
groups (server#22118)
- [stable19] Ensured large image is unloaded from memory when generating
previews (server#22121)
- [stable19] fix display of remote users in incoming share notifications
(server#22131)
- [stable19] Reuse cache for directory mtime/size if filesystem changes
can be ignored (server#22171)
- [stable19] Remove unexpected argument (server#22178)
- [stable19] Do not exit if available space cannot be determined on file
transfer (server#22181)
- [stable19] Fix empty 'more' apps navigation after installing an app
(server#22183)
- [stable19] Fix default log_rotate_size in config.sample.php
(server#22192)
- [stable19] shortcut in reading nested group members when IN_CHAIN is
available (server#22203)
- [stable19] Fix chmod on file descriptor (server#22208)
- [stable19] Do clearstatcache() on rmdir (server#22209)
- [stable19] SSE enhancement of file signature (server#22210)
- [stable19] remove logging message carrying no valuable information
(server#22215)
- [stable19] Add app config option to disable "Email was changed by
admin" activity (server#22232)
- [stable19] Delete chunks if the move on an upload failed (server#22239)
- [stable19] Silence duplicate session warnings (server#22247)
- [3rdparty] Doctrine: Fix unquoted stmt fragments backslash escaping
(server#22252)
- [stable19] Allow to disable share emails (server#22300)
- [stable19] Show disabled user count in occ user:report (server#22302)
- Bump 3rdparty to last stable19 commit (server#22303)
- [stable19] fixing a logged deprecation message (server#22309)
- [stable19] CalDAV: Add ability to limit sharing to owner (server#22333)
- [stable19] Only copy the link when updating a share or no password was
forced (server#22337)
- [stable19] Remove encryption option for nextcloud external storage
(server#22341)
- [stable19] l10n:Correct appid for WebAuthn (server#22348)
- [stable19] Properly search for users when limittogroups is enabled
(server#22355)
- [stable19] SSE: make legacy format opt in (server#22381)
- [stable19] Update the CRL (server#22387)
- [stable19] Fix missing FN from federated contact (server#22400)
- [stable19] fix event icon sizes and text alignment (server#22414)
- [stable19] Bump stecman/symfony-console-completion from 0.8.0 to
0.11.0 (3rdparty#457)
- [stable19] Add Guzzle's InvalidArgumentException (3rdparty#474)
- [stable19] Doctrine: Fix unquoted stmt fragments backslash escaping
(3rdparty#486)
- [stable19] Fix cypress (viewer#545)
- Move to webpack vue global config & bump deps (viewer#558)
- Update to 19.0.1
- Security update Fix (CVE-2020-8183, NC-SA-2020-026, CWE-256) A logic
error in Nextcloud Server 19.0.0 caused a plaintext storage of the
share password when it was given on the initial create API call.
- Update to 19.0.0
* Changes Nextcloud Hub v19, code name “home office”, represents a
big step forward for remote collaboration in teams. This release
brings document collaboration to video chats, introduces password-less
login and improves performance. As this is a major release, the
changelog is too long to put here. Users can look at github milestones
to find what has been merged. A quick overview of what is new:
- password-less authentication and many other security measures
- Talk 9 with built-in office document editing courtesy of Collabora,
a grid view & more
- MUCH improved performance, Deck integration in Calendar, guest
account groups and more!
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1652=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1652=1
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-1652=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1652=1
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2020-1652=1
Package List:
- openSUSE Leap 15.2 (noarch):
nextcloud-20.0.0-lp152.3.3.1
- openSUSE Leap 15.1 (noarch):
nextcloud-20.0.0-lp151.2.9.1
- openSUSE Backports SLE-15-SP2 (noarch):
nextcloud-20.0.0-bp152.2.3.1
- openSUSE Backports SLE-15-SP1 (noarch):
nextcloud-20.0.0-bp151.3.12.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
nextcloud-20.0.0-25.1
References:
https://www.suse.com/security/cve/CVE-2020-8154.html
https://www.suse.com/security/cve/CVE-2020-8155.html
https://www.suse.com/security/cve/CVE-2020-8183.html
https://www.suse.com/security/cve/CVE-2020-8228.html
https://www.suse.com/security/cve/CVE-2020-8233.html
https://bugzilla.suse.com/1171572
https://bugzilla.suse.com/1171579
https://bugzilla.suse.com/1177346
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1652-1: moderate: Security update for nextcloud
by opensuse-security@opensuse.org 10 Oct '20
by opensuse-security@opensuse.org 10 Oct '20
10 Oct '20
openSUSE Security Update: Security update for nextcloud
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1652-1
Rating: moderate
References: #1171572 #1171579 #1177346
Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183
CVE-2020-8228 CVE-2020-8233
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP2
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for nextcloud fixes the following issues:
nextcloud version 20.0.0 fix some security issues:
- NC-SA-2020-037 PIN for passwordless WebAuthm is asked for but not
verified
- NC-SA-2020-033 (CVE-2020-8228) Missing rate limit on signup page
- NC-SA-2020-029 (CVE-2020-8233, boo#1177346) Re-Sharing allows increase
of privileges
- NC-SA-2020-026 Passowrd of share by mail is not hashed when given on
the create share call
- NC-SA-2020-023 Increase random used for encryption
- Update to 19.0.3
- Fix possible leaking scope in Flow (server#22410)
- Combine body-login rules in theming and fix twofactor and guest
styling on bright colors (server#22427)
- Show better quota warning for group folders and external storage
(server#22442)
- Add php docs build script (server#22448)
- Fix clicks on actions menu of non opaque file rows in acceptance tests
(server#22503)
- Fix writing BLOBs to postgres with recent contacts interaction
(server#22515)
- Set the mount id before calling storage wrapper (server#22519)
- Fix S3 error handling (server#22521)
- Only disable zip64 if the size is known (server#22537)
- Change free space calculation (server#22553)
- Do not keep the part file if the forbidden exception has no retry set
(server#22560)
- Fix app password updating out of bounds (server#22569)
- Use the correct root to determinate the webroot for the resource
(server#22579)
- Upgrade icewind/smb to 3.2.7 (server#22581)
- Bump elliptic from 6.4.1 to 6.5.3 (notifications#732)
- Fixes regression that prevented you from toggling the encryption flag
(privacy#489)
- Match any non-whitespace character in filesystem pattern
(serverinfo#229)
- Catch StorageNotAvailable exceptions (text#1001)
- Harden read only check on public endpoints (text#1017)
- Harden check when using token from memcache (text#1020)
- Sessionid is an int (text#1029)
- Only overwrite Ctrl-f when text is focussed (text#990)
- Set the X-Requested-With header on dav requests (viewer#582)
- Update to 19.0.2
- [stable19] lower minimum search length to 2 characters (server#21782)
- [stable19] Call openssl_pkey_export with $config and log errors.
(server#21804)
- [stable19] Improve error reporting on sharing errors (server#21806)
- [stable19] Do not log RequestedRangeNotSatisfiable exceptions in DAV
(server#21840)
- [stable19] Fix parsing of language code (server#21857)
- [stable19] fix typo in revokeShare() (server#21876)
- [stable19] Discourage webauthn user interaction (server#21917)
- [stable19] Encryption is ready if master key is enabled (server#21935)
- [stable19] Disable fragile comments tests (server#21939)
- [stable19] Do not double encode the userid in webauthn login
(server#21953)
- [stable19] update icewind/smb to 3.2.6 (server#21955)
- [stable19] Respect default share permissions (server#21967)
- [stable19] allow admin to configure the max trashbin size
(server#21975)
- [stable19] Fix risky test in twofactor_backupcodes (server#21978)
- [stable19] Fix PHPUnit deprecation warnings (server#21981)
- [stable19] fix moving files from external storage to object store
trashbin (server#21983)
- [stable19] Ignore whitespace in sharing by mail (server#21991)
- [stable19] Properly fetch translation for remote wipe confirmation
dialog (server#22036)
- [stable19] parse_url returns null in case a parameter is not found
(server#22044)
- Bump elliptic from 6.5.2 to 6.5.3 (server#22050)
- [stable19] Correctly remove usergroup shares on removing group members
(server#22053)
- [stable19] Fix height to big for iPhone when using many apps
(server#22064)
- [stable19] reset the cookie internally in new API when abandoning
paged results op (server#22069)
- [stable19] Add Guzzle's InvalidArgumentException (server#22070)
- [stable19] contactsmanager shall limit number of results early
(server#22091)
- [stable19] Fix browser freeze on long password input (server#22094)
- [stable19] Search also the email and displayname in user mangement for
groups (server#22118)
- [stable19] Ensured large image is unloaded from memory when generating
previews (server#22121)
- [stable19] fix display of remote users in incoming share notifications
(server#22131)
- [stable19] Reuse cache for directory mtime/size if filesystem changes
can be ignored (server#22171)
- [stable19] Remove unexpected argument (server#22178)
- [stable19] Do not exit if available space cannot be determined on file
transfer (server#22181)
- [stable19] Fix empty 'more' apps navigation after installing an app
(server#22183)
- [stable19] Fix default log_rotate_size in config.sample.php
(server#22192)
- [stable19] shortcut in reading nested group members when IN_CHAIN is
available (server#22203)
- [stable19] Fix chmod on file descriptor (server#22208)
- [stable19] Do clearstatcache() on rmdir (server#22209)
- [stable19] SSE enhancement of file signature (server#22210)
- [stable19] remove logging message carrying no valuable information
(server#22215)
- [stable19] Add app config option to disable "Email was changed by
admin" activity (server#22232)
- [stable19] Delete chunks if the move on an upload failed (server#22239)
- [stable19] Silence duplicate session warnings (server#22247)
- [3rdparty] Doctrine: Fix unquoted stmt fragments backslash escaping
(server#22252)
- [stable19] Allow to disable share emails (server#22300)
- [stable19] Show disabled user count in occ user:report (server#22302)
- Bump 3rdparty to last stable19 commit (server#22303)
- [stable19] fixing a logged deprecation message (server#22309)
- [stable19] CalDAV: Add ability to limit sharing to owner (server#22333)
- [stable19] Only copy the link when updating a share or no password was
forced (server#22337)
- [stable19] Remove encryption option for nextcloud external storage
(server#22341)
- [stable19] l10n:Correct appid for WebAuthn (server#22348)
- [stable19] Properly search for users when limittogroups is enabled
(server#22355)
- [stable19] SSE: make legacy format opt in (server#22381)
- [stable19] Update the CRL (server#22387)
- [stable19] Fix missing FN from federated contact (server#22400)
- [stable19] fix event icon sizes and text alignment (server#22414)
- [stable19] Bump stecman/symfony-console-completion from 0.8.0 to
0.11.0 (3rdparty#457)
- [stable19] Add Guzzle's InvalidArgumentException (3rdparty#474)
- [stable19] Doctrine: Fix unquoted stmt fragments backslash escaping
(3rdparty#486)
- [stable19] Fix cypress (viewer#545)
- Move to webpack vue global config & bump deps (viewer#558)
- Update to 19.0.1
- Security update Fix (CVE-2020-8183, NC-SA-2020-026, CWE-256) A logic
error in Nextcloud Server 19.0.0 caused a plaintext storage of the
share password when it was given on the initial create API call.
- Update to 19.0.0
* Changes Nextcloud Hub v19, code name “home office”, represents a
big step forward for remote collaboration in teams. This release
brings document collaboration to video chats, introduces password-less
login and improves performance. As this is a major release, the
changelog is too long to put here. Users can look at github milestones
to find what has been merged. A quick overview of what is new:
- password-less authentication and many other security measures
- Talk 9 with built-in office document editing courtesy of Collabora,
a grid view & more
- MUCH improved performance, Deck integration in Calendar, guest
account groups and more!
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1652=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1652=1
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-1652=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1652=1
Package List:
- openSUSE Leap 15.2 (noarch):
nextcloud-20.0.0-lp152.3.3.1
- openSUSE Leap 15.1 (noarch):
nextcloud-20.0.0-lp151.2.9.1
- openSUSE Backports SLE-15-SP2 (noarch):
nextcloud-20.0.0-bp152.2.3.1
- openSUSE Backports SLE-15-SP1 (noarch):
nextcloud-20.0.0-bp151.3.12.1
References:
https://www.suse.com/security/cve/CVE-2020-8154.html
https://www.suse.com/security/cve/CVE-2020-8155.html
https://www.suse.com/security/cve/CVE-2020-8183.html
https://www.suse.com/security/cve/CVE-2020-8228.html
https://www.suse.com/security/cve/CVE-2020-8233.html
https://bugzilla.suse.com/1171572
https://bugzilla.suse.com/1171579
https://bugzilla.suse.com/1177346
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1650-1: important: Security update for kdeconnect-kde
by opensuse-security@opensuse.org 10 Oct '20
by opensuse-security@opensuse.org 10 Oct '20
10 Oct '20
openSUSE Security Update: Security update for kdeconnect-kde
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1650-1
Rating: important
References: #1176268
Cross-References: CVE-2020-26164
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for kdeconnect-kde fixes the following issues:
kdeconnect-kde was updated to fix various security issues in its default
enabled network service (CVE-2020-26164, boo#1176268):
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-1650=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
kdeconnect-kde-20.04.2-bp152.2.3.1
- openSUSE Backports SLE-15-SP2 (noarch):
kdeconnect-kde-lang-20.04.2-bp152.2.3.1
kdeconnect-kde-zsh-completion-20.04.2-bp152.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-26164.html
https://bugzilla.suse.com/1176268
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1646-1: moderate: Security update for grafana
by opensuse-security@opensuse.org 10 Oct '20
by opensuse-security@opensuse.org 10 Oct '20
10 Oct '20
openSUSE Security Update: Security update for grafana
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1646-1
Rating: moderate
References: #1170557
Cross-References: CVE-2020-12245 CVE-2020-13379
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for grafana fixes the following issues:
Update to version 7.1.5:
* Features / Enhancements
- Stats: Stop counting the same user multiple times.
- Field overrides: Filter by field name using regex.
- AzureMonitor: map more units.
- Explore: Don't run queries on datasource change.
- Graph: Support setting field unit & override data source (automatic)
unit.
- Explore: Unification of logs/metrics/traces user interface
- Table: JSON Cell should try to convert strings to JSON
- Variables: enables cancel for slow query variables queries.
- TimeZone: unify the time zone pickers to one that can rule them all.
- Search: support URL query params.
- Grafana-UI: Add FileUpload.
- TablePanel: Sort numbers correctly.
* Bug fixes
- Alerting: remove LongToWide call in alerting.
- AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified
and alias was used.
- Variables: Fixes issue with All variable not being resolved.
- Templating: Fixes so texts show in picker not the values.
- Templating: Templating: Fix undefined result when using raw
interpolation format
- TextPanel: Fix content overflowing panel boundaries.
- StatPanel: Fix stat panel display name not showing when explicitly set.
- Query history: Fix search filtering if null value.
- Flux: Ensure connections to InfluxDB are closed.
- Dashboard: Fix for viewer can enter panel edit mode by modifying url
(but cannot not save anything).
- Prometheus: Fix prom links in mixed mode.
- Sign In Use correct url for the Sign In button.
- StatPanel: Fixes issue with name showing for single series / field
results
- BarGauge: Fix space bug in single series mode.
- Auth: Fix POST request failures with anonymous access
- Templating: Fix recursive loop of template variable queries when
changing ad-hoc-variable
- Templating: Fixed recursive queries triggered when switching dashboard
settings view
- GraphPanel: Fix annotations overflowing panels.
- Prometheus: Fix performance issue in processing of histogram labels.
- Datasources: Handle URL parsing error.
- Security: Use Header.Set and Header.Del for X-Grafana-User header.
Update to version 7.0.3
* Features / Enhancements
- Stats: include all fields. #24829, @ryantxu
- Variables: change VariableEditorList row action Icon to IconButton.
#25217, @hshoff
* Bug fixes
- Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian
- Configuration: Fix env var override of sections containing hyphen.
#25178, @marefr
- Dashboard: Get panels in collapsed rows. #25079, @peterholmberg
- Do not show alerts tab when alerting is disabled. #25285, @dprokop
- Jaeger: fixes cascader option label duration value. #25129, @Estrax
- Transformations: Fixed Transform tab crash & no update after adding
first transform. #25152, @torkelo
Update to version 7.0.2
* Bug fixes
- Security: Urgent security patch release to fix CVE-2020-13379
Update to version 7.0.1
* Features / Enhancements
- Datasource/CloudWatch: Makes CloudWatch Logs query history more
readable. #24795, @kaydelaney
- Download CSV: Add date and time formatting. #24992, @ryantxu
- Table: Make last cell value visible when right aligned. #24921,
@peterholmberg
- TablePanel: Adding sort order persistance. #24705, @torkelo
- Transformations: Display correct field name when using reduce
transformation. #25068, @peterholmberg
- Transformations: Allow custom number input for binary operations.
#24752, @ryantxu
* Bug fixes
- Dashboard/Links: Fixes dashboard links by tags not working. #24773,
@KamalGalrani
- Dashboard/Links: Fixes open in new window for dashboard link.
#24772, @KamalGalrani
- Dashboard/Links: Variables are resolved and limits to 100. #25076,
@hugohaggmark
- DataLinks: Bring back variables interpolation in title. #24970,
@dprokop
- Datasource/CloudWatch: Field suggestions no longer limited to
prefix-only. #24855, @kaydelaney
- Explore/Table: Keep existing field types if possible. #24944,
@kaydelaney
- Explore: Fix wrap lines toggle for results of queries with filter
expression. #24915, @ivanahuckova
- Explore: fix undo in query editor. #24797, @zoltanbedi
- Explore: fix word break in type head info. #25014, @zoltanbedi
- Graph: Legend decimals now work as expected. #24931, @torkelo
- LoginPage: Fix hover color for service buttons. #25009, @tskarhed
- LogsPanel: Fix scrollbar. #24850, @ivanahuckova
- MoveDashboard: Fix for moving dashboard caused all variables to be
lost. #25005, @torkelo
- Organize transformer: Use display name in field order comparer.
#24984, @dprokop
- Panel: shows correct panel menu items in view mode. #24912,
@hugohaggmark
- PanelEditor Fix missing labels and description if there is only
single option in category. #24905, @dprokop
- PanelEditor: Overrides name matcher still show all original field
names even after Field default display name is specified. #24933,
@torkelo
- PanelInspector: Makes sure Data display options are visible. #24902,
@hugohaggmark
- PanelInspector: Hides unsupported data display options for Panel
type. #24918, @hugohaggmark
- PanelMenu: Make menu disappear on button press. #25015, @tskarhed
- Postgres: Fix add button. #25087, @phemmer
- Prometheus: Fix recording rules expansion. #24977, @ivanahuckova
- Stackdriver: Fix creating Service Level Objectives (SLO) datasource
query variable. #25023, @papagian
Update to version 7.0.0
* Breaking changes
- Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and
starting from Grafana v7.0.0, all PhantomJS support has been
removed. This means that Grafana no longer ships with a built-in
image renderer, and we advise you to install the Grafana Image
Renderer plugin.
- Dashboard: A global minimum dashboard refresh interval is now
enforced and defaults to 5 seconds.
- Interval calculation: There is now a new option Max data points that
controls the auto interval $__interval calculation. Interval was
previously calculated by dividing the panel width by the time range.
With the new max data points option it is now easy to set
$__interval to a dynamic value that is time range agnostic. For
example if you set Max data points to 10 Grafana will dynamically
set $__interval by dividing the current time range by 10.
- Datasource/Loki: Support for deprecated Loki endpoints has been
removed.
- Backend plugins: Grafana now requires backend plugins to be signed,
otherwise Grafana will not load/start them. This is an additional
security measure to make sure backend plugin binaries and files
haven't been tampered with. Refer to Upgrade Grafana for more
information.
- @grafana/ui: Forms migration notice, see @grafana/ui changelog
- @grafana/ui: Select API change for creating custom values, see
@grafana/ui changelog
+ Deprecation warnings
- Scripted dashboards is now deprecated. The feature is not removed
but will be in a future release. We hope to address the underlying
requirement of dynamic dashboards in a different way. #24059
- The unofficial first version of backend plugins together with
usage of grafana/grafana-plugin-model is now deprecated and support for
that will be removed in a future release. Please refer to backend plugins
documentation for information about the new officially supported backend
plugins.
* Features / Enhancements
- Backend plugins: Log deprecation warning when using the unofficial
first version of backend plugins. #24675, @marefr
- Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal
- Loki: Allow multiple derived fields with the same name. #24437,
@aocenas
- Orgs: Add future deprecation notice. #24502, @torkelo
* Bug Fixes
- @grafana/toolkit: Use process.cwd() instead of PWD to get directory.
#24677, @zoltanbedi
- Admin: Makes long settings values line break in settings page.
#24559, @hugohaggmark
- Dashboard: Allow editing provisioned dashboard JSON and add
confirmation when JSON is copied to dashboard. #24680, @dprokop
- Dashboard: Fix for strange "dashboard not found" errors when opening
links in dashboard settings. #24416, @torkelo
- Dashboard: Fix so default data source is selected when data source
can't be found in panel editor. #24526, @mckn
- Dashboard: Fixed issue changing a panel from transparent back to
normal in panel editor. #24483, @torkelo
- Dashboard: Make header names reflect the field name when exporting
to CSV file from the the panel inspector. #24624, @peterholmberg
- Dashboard: Make sure side pane is displayed with tabs by default in
panel editor. #24636, @dprokop
- Data source: Fix query/annotation help content formatting. #24687,
@AgnesToulet
- Data source: Fixes async mount errors. #24579, @Estrax
- Data source: Fixes saving a data source without failure when URL
doesn't specify a protocol. #24497, @aknuds1
- Explore/Prometheus: Show results of instant queries only in table.
#24508, @ivanahuckova
- Explore: Fix rendering of react query editors. #24593, @ivanahuckova
- Explore: Fixes loading more logs in logs context view. #24135,
@Estrax
- Graphite: Fix schema and dedupe strategy in rollup indicators for
Metrictank queries. #24685, @torkelo
- Graphite: Makes query annotations work again. #24556, @hugohaggmark
- Logs: Clicking "Load more" from context overlay doesn't expand log
row. #24299, @kaydelaney
- Logs: Fix total bytes process calculation. #24691, @davkal
- Org/user/team preferences: Fixes so UI Theme can be set back to
Default. #24628, @AgnesToulet
- Plugins: Fix manifest validation. #24573, @aknuds1
- Provisioning: Use proxy as default access mode in provisioning.
#24669, @bergquist
- Search: Fix select item when pressing enter and Grafana is served
using a sub path. #24634, @tskarhed
- Search: Save folder expanded state. #24496, @Clarity-89
- Security: Tag value sanitization fix in OpenTSDB data source.
#24539, @rotemreiss
- Table: Do not include angular options in options when switching from
angular panel. #24684, @torkelo
- Table: Fixed persisting column resize for time series fields.
#24505, @torkelo
- Table: Fixes Cannot read property subRows of null. #24578,
@hugohaggmark
- Time picker: Fixed so you can enter a relative range in the time
picker without being converted to absolute range. #24534, @mckn
- Transformations: Make transform dropdowns not cropped. #24615,
@dprokop
- Transformations: Sort order should be preserved as entered by user
when using the reduce transformation. #24494, @hugohaggmark
- Units: Adds scale symbol for currencies with suffixed symbol.
#24678, @hugohaggmark
- Variables: Fixes filtering options with more than 1000 entries.
#24614, @hugohaggmark
- Variables: Fixes so Textbox variables read value from url. #24623,
@hugohaggmark
- Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas
- SAML: Switch from email to login for user login attribute mapping
(Enterprise)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-1646=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
grafana-7.1.5-bp152.3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-12245.html
https://www.suse.com/security/cve/CVE-2020-13379.html
https://bugzilla.suse.com/1170557
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1647-1: important: Security update for kdeconnect-kde
by opensuse-security@opensuse.org 10 Oct '20
by opensuse-security@opensuse.org 10 Oct '20
10 Oct '20
openSUSE Security Update: Security update for kdeconnect-kde
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1647-1
Rating: important
References: #1176268
Cross-References: CVE-2020-26164
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for kdeconnect-kde fixes the following issues:
kdeconnect-kde was updated to fix various security issues in its default
enabled network service (CVE-2020-26164, boo#1176268):
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1647=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
kdeconnect-kde-1.3.3-bp151.4.3.1
- openSUSE Backports SLE-15-SP1 (noarch):
kdeconnect-kde-lang-1.3.3-bp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2020-26164.html
https://bugzilla.suse.com/1176268
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1644-1: moderate: Security update for nodejs8
by opensuse-security@opensuse.org 10 Oct '20
by opensuse-security@opensuse.org 10 Oct '20
10 Oct '20
openSUSE Security Update: Security update for nodejs8
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1644-1
Rating: moderate
References: #1172686 #1173937
Cross-References: CVE-2020-15095
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for nodejs8 fixes the following issues:
- CVE-2020-15095: Fixed information leak through log files (bsc#1173937).
- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation
on Aarch64 with gcc10 (bsc#1172686).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1644=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
nodejs8-8.17.0-lp151.2.21.1
nodejs8-debuginfo-8.17.0-lp151.2.21.1
nodejs8-debugsource-8.17.0-lp151.2.21.1
nodejs8-devel-8.17.0-lp151.2.21.1
npm8-8.17.0-lp151.2.21.1
- openSUSE Leap 15.1 (noarch):
nodejs8-docs-8.17.0-lp151.2.21.1
References:
https://www.suse.com/security/cve/CVE-2020-15095.html
https://bugzilla.suse.com/1172686
https://bugzilla.suse.com/1173937
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1631-1: important: Security update for kdeconnect-kde
by opensuse-security@opensuse.org 07 Oct '20
by opensuse-security@opensuse.org 07 Oct '20
07 Oct '20
openSUSE Security Update: Security update for kdeconnect-kde
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1631-1
Rating: important
References: #1176268
Cross-References: CVE-2020-26164
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for kdeconnect-kde fixes the following issues:
kdeconnect-kde was updated to fix various security issues in its default
enabled network service (CVE-2020-26164, boo#1176268):
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1631=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1631=1
Package List:
- openSUSE Leap 15.2 (x86_64):
kdeconnect-kde-20.04.2-lp152.2.3.1
kdeconnect-kde-debuginfo-20.04.2-lp152.2.3.1
kdeconnect-kde-debugsource-20.04.2-lp152.2.3.1
- openSUSE Leap 15.2 (noarch):
kdeconnect-kde-lang-20.04.2-lp152.2.3.1
kdeconnect-kde-zsh-completion-20.04.2-lp152.2.3.1
- openSUSE Leap 15.1 (x86_64):
kdeconnect-kde-1.3.3-lp151.2.3.1
kdeconnect-kde-debuginfo-1.3.3-lp151.2.3.1
kdeconnect-kde-debugsource-1.3.3-lp151.2.3.1
- openSUSE Leap 15.1 (noarch):
kdeconnect-kde-lang-1.3.3-lp151.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-26164.html
https://bugzilla.suse.com/1176268
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1628-1: important: Security update for perl-DBI
by opensuse-security@opensuse.org 06 Oct '20
by opensuse-security@opensuse.org 06 Oct '20
06 Oct '20
openSUSE Security Update: Security update for perl-DBI
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1628-1
Rating: important
References: #1176764
Cross-References: CVE-2019-20919
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile
(bsc#1176764).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-1628=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
perl-DBI-1.642-lp152.2.6.1
perl-DBI-debuginfo-1.642-lp152.2.6.1
perl-DBI-debugsource-1.642-lp152.2.6.1
References:
https://www.suse.com/security/cve/CVE-2019-20919.html
https://bugzilla.suse.com/1176764
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:1620-1: important: Security update for perl-DBI
by opensuse-security@opensuse.org 05 Oct '20
by opensuse-security@opensuse.org 05 Oct '20
05 Oct '20
openSUSE Security Update: Security update for perl-DBI
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1620-1
Rating: important
References: #1176764
Cross-References: CVE-2019-20919
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl-DBI fixes the following issues:
- CVE-2019-20919: Fixed a NULL profile dereference in dbi_profile
(bsc#1176764).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-1620=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
perl-DBI-1.639-lp151.3.13.1
perl-DBI-debuginfo-1.639-lp151.3.13.1
perl-DBI-debugsource-1.639-lp151.3.13.1
References:
https://www.suse.com/security/cve/CVE-2019-20919.html
https://bugzilla.suse.com/1176764
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0