openSUSE Security Announce
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
April 2020
- 1 participants
- 49 discussions
[security-announce] openSUSE-SU-2020:0551-1: moderate: Recommended update for otrs
by opensuse-security@opensuse.org 25 Apr '20
by opensuse-security@opensuse.org 25 Apr '20
25 Apr '20
openSUSE Security Update: Recommended update for otrs
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0551-1
Rating: moderate
References: #1122560 #1137614 #1137615 #1139406 #1141430
#1141431 #1141432 #1156431 #1157001 #1160663
#1168029 #1168030 #1168031 #1168032
Cross-References: CVE-2019-10067 CVE-2019-12248 CVE-2019-12497
CVE-2019-12746 CVE-2019-13457 CVE-2019-13458
CVE-2019-16375 CVE-2019-18179 CVE-2019-18180
CVE-2019-9752 CVE-2019-9892 CVE-2020-1765
CVE-2020-1766 CVE-2020-1769 CVE-2020-1770
CVE-2020-1771 CVE-2020-1772 CVE-2020-1773
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
openSUSE Backports SLE-15
______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
Otrs was updated to 5.0.42, fixing lots of bugs and security issues:
https://community.otrs.com/otrs-community-edition-5s-patch-level-42/
- CVE-2020-1773 boo#1168029 OSA-2020-10:
* Session / Password / Password token leak An attacker with the ability
to generate session IDs or password reset tokens, either by being able
to authenticate or by exploiting OSA-2020-09, may be able to predict
other users session IDs, password reset tokens and automatically
generated passwords.
- CVE-2020-1772 boo#1168029 OSA-2020-09:
* Information Disclosure It’s possible to craft Lost Password requests
with wildcards in the Token value, which allows attacker to retrieve
valid Token(s), generated by users which already requested new
passwords.
- CVE-2020-1771 boo#1168030 OSA-2020-08:
* Possible XSS in Customer user address book Attacker is able craft an
article with a link to the customer address book with malicious
content (JavaScript). When agent opens the link, JavaScript code is
executed due to the missing parameter encoding.
- CVE-2020-1770 boo#1168031 OSA-2020-07:
* Information disclosure in support bundle files Support bundle
generated files could contain sensitive information that might be
unwanted to be disclosed.
- CVE-2020-1769 boo#1168032 OSA-2020-06:
* Autocomplete in the form login screens In the login screens (in agent
and customer interface), Username and Password fields use
autocomplete, which might be considered as security issue.
Update to 5.0.41
https://community.otrs.com/otrs-community-edition-5s-patch-level-41/
* bug#14912 - Installer refers to non-existing documentation
- added code to upgrade OTRS from 4 to 5
READ UPGRADING.SUSE
* steps 1 to 4 are done by rpm pkg
* steps 5 to *END* need to be done manually cause of DB backup
Update to 5.0.40
https://community.otrs.com/otrs-community-edition-5s-patch-level-40/
- CVE-2020-1766 boo#1160663 OSA-2020-02: Improper handling of uploaded
inline images Due to improper handling of uploaded images it is possible
in very unlikely and rare conditions to force the agents browser to
execute malicious javascript from a special crafted SVG file rendered as
inline jpg file.
* CVE-2020-1765, OSA-2020-01: Spoofing of From field in several screens
An improper control of parameters allows the spoofing of the from
fields of the following screens: AgentTicketCompose,
AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound
* run bin/otrs.Console.pl Maint::Config::Rebuild after the upgrade
- Update 5.0.39
https://community.otrs.com/otrs-community-edition-5s-patch-level-39/
* CVE-2019-18180 boo#1157001 OSA-2019-15: Denial of service OTRS can be
put into an endless loop by providing filenames with
overly long extensions. This applies to the PostMaster (sending in
email) and also upload (attaching files to mails, for example).
* CVE-2019-18179 OSA-2019-14: Information Disclosure An attacker who is
logged into OTRS as an agent is able to list tickets assigned to other
agents, which are in the queue where attacker doesn’t have permissions.
Update to 5.0.38
https://community.otrs.com/release-notes-otrs-5s-patch-level-38/
* CVE-2019-16375, boo#1156431 OSA-2019-13: Stored XXS An attacker who is
logged into OTRS as an agent or customer user with appropriate
permissions can create a carefully crafted string containing malicious
JavaScript code as an article body. This malicious code is executed when
an agent compose an answer to the original article.
Update to 5.0.37
https://community.otrs.com/release-notes-otrs-5s-patch-level-37/
* CVE-2019-13458, boo#1141432, OSA-2019-12:
Information Disclosure An attacker who is logged into OTRS as an agent
user with appropriate permissions can leverage OTRS tags in templates in
order to disclose hashed user passwords.
* CVE-2019-13457, boo#1141431, OSA-2019-11:
Information Disclosure A customer user can use the search results to
disclose information from their “company” tickets (with the same
CustomerID), even when CustomerDisableCompanyTicketAccess setting is
turned on.
* CVE-2019-12746, boo#1141430, OSA-2019-10:
Session ID Disclosure A user logged into OTRS as an agent might
unknowingly disclose their session ID by sharing the link of an embedded
ticket article with third parties. This identifier can be then potentially
abused in order to impersonate the agent user.
Update to 5.0.36
https://community.otrs.com/release-notes-otrs-5s-patch-level-36/
* CVE-2019-12497, boo#1137614, OSA-2019-09: Information Disclosure In the
customer or external frontend, personal information of agents can be
disclosed like Name and mail address in external notes.
* CVE-2019-12248, boo#1137615, OSA-2019-08: Loading External Image
Resources An attacker could send a malicious email to an OTRS system. If
a logged in agent user quotes it, the email could cause the browser to
load external image resources.
Update to 5.0.35
https://community.otrs.com/release-notes-otrs-5s-patch-level-35/
* CVE-2019-10067, boo#1139406, OSA-2019-05:
Reflected and Stored XSS An attacker who is logged into OTRS as an agent
user with appropriate permissions may manipulate the URL to cause
execution of JavaScript in the context of OTRS.
* CVE-2019-9892, boo#1139406, OSA-2019-04:
XXE Processing An attacker who is logged into OTRS as an agent user with
appropriate permissions may try to import carefully crafted Report
Statistics XML that will result in reading of arbitrary files of OTRS
filesystem.
- update missing CVE for OSA-2018-10, OSA-2019-01
Update to 5.0.34
* https://community.otrs.com/release-notes-otrs-5s-patch-level-34/
* CVE-2019-9752, boo#1122560, OSA-2019-01: Stored XSS An attacker who is
logged into OTRS as an agent or a customer user may upload a carefully
crafted resource in order to cause execution
of JavaScript in the context of OTRS.
Update to 5.0.33
* https://community.otrs.com/release-notes-otrs-5s-patch-level-33/
Update to 5.0.26
* https://www.otrs.com/release-notes-otrs-5s-patch-level-26
* https://www.otrs.com/release-notes-otrsitsm-module-5s-patch-level-26/
- remove obsolete
* otrs-scheduler.service
* otrs-scheduler.init
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-551=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-551=1
- openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2020-551=1
Package List:
- openSUSE Leap 15.1 (noarch):
otrs-5.0.42-lp151.2.3.1
otrs-doc-5.0.42-lp151.2.3.1
otrs-itsm-5.0.42-lp151.2.3.1
- openSUSE Backports SLE-15-SP1 (noarch):
otrs-5.0.42-bp151.3.3.1
otrs-doc-5.0.42-bp151.3.3.1
otrs-itsm-5.0.42-bp151.3.3.1
- openSUSE Backports SLE-15 (noarch):
otrs-5.0.42-bp150.2.10.1
otrs-doc-5.0.42-bp150.2.10.1
otrs-itsm-5.0.42-bp150.2.10.1
References:
https://www.suse.com/security/cve/CVE-2019-10067.html
https://www.suse.com/security/cve/CVE-2019-12248.html
https://www.suse.com/security/cve/CVE-2019-12497.html
https://www.suse.com/security/cve/CVE-2019-12746.html
https://www.suse.com/security/cve/CVE-2019-13457.html
https://www.suse.com/security/cve/CVE-2019-13458.html
https://www.suse.com/security/cve/CVE-2019-16375.html
https://www.suse.com/security/cve/CVE-2019-18179.html
https://www.suse.com/security/cve/CVE-2019-18180.html
https://www.suse.com/security/cve/CVE-2019-9752.html
https://www.suse.com/security/cve/CVE-2019-9892.html
https://www.suse.com/security/cve/CVE-2020-1765.html
https://www.suse.com/security/cve/CVE-2020-1766.html
https://www.suse.com/security/cve/CVE-2020-1769.html
https://www.suse.com/security/cve/CVE-2020-1770.html
https://www.suse.com/security/cve/CVE-2020-1771.html
https://www.suse.com/security/cve/CVE-2020-1772.html
https://www.suse.com/security/cve/CVE-2020-1773.html
https://bugzilla.suse.com/1122560
https://bugzilla.suse.com/1137614
https://bugzilla.suse.com/1137615
https://bugzilla.suse.com/1139406
https://bugzilla.suse.com/1141430
https://bugzilla.suse.com/1141431
https://bugzilla.suse.com/1141432
https://bugzilla.suse.com/1156431
https://bugzilla.suse.com/1157001
https://bugzilla.suse.com/1160663
https://bugzilla.suse.com/1168029
https://bugzilla.suse.com/1168030
https://bugzilla.suse.com/1168031
https://bugzilla.suse.com/1168032
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0549-1: moderate: Security update for crawl
by opensuse-security@opensuse.org 24 Apr '20
by opensuse-security@opensuse.org 24 Apr '20
24 Apr '20
openSUSE Security Update: Security update for crawl
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0549-1
Rating: moderate
References: #1169381
Cross-References: CVE-2020-11722
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for crawl fixes the following issues:
* CVE-2020-11722: Fixed a remote code evaluation issue with lua loadstring
(boo#1169381)
Update to version 0.24.0
* Vampire species simplified
* Thrown weapons streamlined
* Fedhas reimagined
* Sif Muna reworked
Update to version 0.23.2
* Trap system overhaul
* New Gauntlet portal to replace Labyrinths
* Nemelex Xobeh rework
* Nine unrandarts reworked and the new "Rift" unrandart added
* Support for seeded dungeon play
* build requires python and python-pyYAML
Update to 0.22.0
* Player ghosts now only appear in sealed ghost vaults
* New spell library interface
* User interface revamp for Tiles and WebTiles
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-549=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-549=1
Package List:
- openSUSE Leap 15.1 (x86_64):
crawl-0.24.0-lp151.3.3.2
crawl-debugsource-0.24.0-lp151.3.3.2
crawl-sdl-0.24.0-lp151.3.3.2
crawl-sdl-debuginfo-0.24.0-lp151.3.3.2
- openSUSE Leap 15.1 (noarch):
crawl-data-0.24.0-lp151.3.3.2
- openSUSE Backports SLE-15-SP1 (aarch64 s390x x86_64):
crawl-0.24.0-bp151.4.3.2
crawl-sdl-0.24.0-bp151.4.3.2
- openSUSE Backports SLE-15-SP1 (noarch):
crawl-data-0.24.0-bp151.4.3.2
References:
https://www.suse.com/security/cve/CVE-2020-11722.html
https://bugzilla.suse.com/1169381
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0545-1: moderate: Security update for vlc
by opensuse-security@opensuse.org 23 Apr '20
by opensuse-security@opensuse.org 23 Apr '20
23 Apr '20
openSUSE Security Update: Security update for vlc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0545-1
Rating: moderate
References: #1142161 #1146428
Cross-References: CVE-2019-13602 CVE-2019-13962 CVE-2019-14437
CVE-2019-14438 CVE-2019-14498 CVE-2019-14533
CVE-2019-14534 CVE-2019-14535 CVE-2019-14776
CVE-2019-14777 CVE-2019-14778 CVE-2019-14970
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 12 vulnerabilities is now available.
Description:
This update for vlc fixes the following issues:
vlc was updated to version 3.0.9.2:
+ Misc: Properly bump the version in configure.ac.
Changes from version 3.0.9.1:
+ Misc: Fix VLSub returning 401 for earch request.
Changes from version 3.0.9:
+ Core: Work around busy looping when playing an invalid item through VLM.
+ Access:
* Multiple dvdread and dvdnav crashs fixes
* Fixed DVD glitches on clip change
* Fixed dvdread commands/data sequence inversion in some cases causing
unwanted glitches
* Better handling of authored as corrupted DVD
* Added libsmb2 support for SMB2/3 shares
+ Demux:
* Fix TTML entities not passed to decoder
* Fixed some WebVTT styling tags being not applied
* Misc raw H264/HEVC frame rate fixes
* Fix adaptive regression on TS format change (mostly HLS)
* Fixed MP4 regression with twos/sowt PCM audio
* Fixed some MP4 raw quicktime and ms-PCM audio
* Fixed MP4 interlacing handling
* Multiple adaptive stack (DASH/HLS/Smooth) fixes
* Enabled Live seeking for HLS
* Fixed seeking in some cases for HLS
* Improved Live playback for Smooth and DASH
* Fixed adaptive unwanted end of stream in some cases
* Faster adaptive start and new buffering control options
+ Packetizers:
* Fixes H264/HEVC incomplete draining in some cases
* packetizer_helper: Fix potential trailing junk on last packet
* Added missing drain in packetizers that was causing missing last frame
or audio
* Improved check to prevent fLAC synchronization drops
+ Decoder:
* avcodec: revector video decoder to fix incomplete drain
* spudec: implemented palette updates, fixing missing subtitles
on some DVD
* Fixed WebVTT CSS styling not being applied on Windows/macOS
* Fixed Hebrew teletext pages support in zvbi
* Fixed Dav1d aborting decoding on corrupted picture
* Extract and display of all CEA708 subtitles
* Update libfaad to 2.9.1
* Add DXVA support for VP9 Profile 2 (10 bits)
* Mediacodec aspect ratio with Amazon devices
+ Audio output:
* Added support for iOS audiounit audio above 48KHz
* Added support for amem audio up to 384KHz
+ Video output:
* Fix for opengl glitches in some drivers
* Fix GMA950 opengl support on macOS
* YUV to RGB StretchRect fixes with NVIDIA drivers
* Use libpacebo new tone mapping desaturation algorithm
+ Text renderer:
* Fix crashes on macOS with SSA/ASS subtitles containing emoji
* Fixed unwanted growing background in Freetype rendering and Y padding
+ Mux: Fixed some YUV mappings
+ Service Discovery: Update libmicrodns to 0.1.2.
+ Misc:
* Update YouTube, SoundCloud and Vocaroo scripts: this restores playback
of YouTube URLs.
* Add missing .wpl & .zpl file associations on Windows
* Improved chromecast audio quality
Update to version 3.0.8 'vetinari':
+ Fix stuttering for low framerate videos
+ Improve adaptive streaming
+ Improve audio output for external audio devices on macOS/iOS
+ Fix hardware acceleration with Direct3D11 for some AMD drivers
+ Fix WebVTT subtitles rendering
+ Vetinari is a major release changing a lot in the media engine of VLC.
It is one of the largest release we've ever done. Notably, it:
- activates hardware decoding on all platforms, of H.264 & H.265, 8 &
10bits, allowing 4K60 or even 8K decoding with little CPU consumption,
- merges all the code from the mobile ports into the same codebase with
common numbering and releases,
- supports 360 video and 3D audio, and prepares for VR content,
- supports direct HDR and HDR tone-mapping,
- updates the audio passthrough for HD Audio codecs,
- allows browsing of local network drives like SMB, FTP, SFTP, NFS...
- stores the passwords securely,
- brings a new subtitle rendering engine, supporting ComplexTextLayout
and font fallback to support multiple languages and fonts,
- supports ChromeCast with the new renderer framework,
- adds support for numerous new formats and codecs, including WebVTT,
AV1, TTML, HQX, 708, Cineform, and many more,
- improves Bluray support with Java menus, aka BD-J,
- updates the macOS interface with major cleaning and improvements,
- support HiDPI UI on Windows, with the switch to Qt5,
- prepares the experimental support for Wayland on Linux, and switches
to OpenGL by default on Linux.
+ Security fixes included:
* Fix a buffer overflow in the MKV demuxer (CVE-2019-14970)
* Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962)
* Fix a read buffer overflow in the FAAD decoder
* Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437,
CVE-2019-14438)
* Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776)
* Fix a use after free in the MKV demuxer (CVE-2019-14777,
CVE-2019-14778)
* Fix a use after free in the ASF demuxer (CVE-2019-14533)
* Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602)
* Fix a null dereference in the dvdnav demuxer
* Fix a null dereference in the ASF demuxer (CVE-2019-14534)
* Fix a null dereference in the AVI demuxer
* Fix a division by zero in the CAF demuxer (CVE-2019-14498)
* Fix a division by zero in the ASF demuxer (CVE-2019-14535)
- Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet
available.
- Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around
some image loading libraries (libpng, libjpeg, ...) which are either
wrapped by vlc itself (libpng_plugin.so) or via libavcodec
(libavcodec_plugin.so).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-545=1
Package List:
- openSUSE Leap 15.1 (noarch):
vlc-lang-3.0.9.2-lp151.6.6.1
- openSUSE Leap 15.1 (x86_64):
libvlc5-3.0.9.2-lp151.6.6.1
libvlc5-debuginfo-3.0.9.2-lp151.6.6.1
libvlccore9-3.0.9.2-lp151.6.6.1
libvlccore9-debuginfo-3.0.9.2-lp151.6.6.1
vlc-3.0.9.2-lp151.6.6.1
vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1
vlc-codec-gstreamer-debuginfo-3.0.9.2-lp151.6.6.1
vlc-debuginfo-3.0.9.2-lp151.6.6.1
vlc-debugsource-3.0.9.2-lp151.6.6.1
vlc-devel-3.0.9.2-lp151.6.6.1
vlc-jack-3.0.9.2-lp151.6.6.1
vlc-jack-debuginfo-3.0.9.2-lp151.6.6.1
vlc-noX-3.0.9.2-lp151.6.6.1
vlc-noX-debuginfo-3.0.9.2-lp151.6.6.1
vlc-opencv-3.0.9.2-lp151.6.6.1
vlc-opencv-debuginfo-3.0.9.2-lp151.6.6.1
vlc-qt-3.0.9.2-lp151.6.6.1
vlc-qt-debuginfo-3.0.9.2-lp151.6.6.1
vlc-vdpau-3.0.9.2-lp151.6.6.1
vlc-vdpau-debuginfo-3.0.9.2-lp151.6.6.1
References:
https://www.suse.com/security/cve/CVE-2019-13602.html
https://www.suse.com/security/cve/CVE-2019-13962.html
https://www.suse.com/security/cve/CVE-2019-14437.html
https://www.suse.com/security/cve/CVE-2019-14438.html
https://www.suse.com/security/cve/CVE-2019-14498.html
https://www.suse.com/security/cve/CVE-2019-14533.html
https://www.suse.com/security/cve/CVE-2019-14534.html
https://www.suse.com/security/cve/CVE-2019-14535.html
https://www.suse.com/security/cve/CVE-2019-14776.html
https://www.suse.com/security/cve/CVE-2019-14777.html
https://www.suse.com/security/cve/CVE-2019-14778.html
https://www.suse.com/security/cve/CVE-2019-14970.html
https://bugzilla.suse.com/1142161
https://bugzilla.suse.com/1146428
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0543-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 23 Apr '20
by opensuse-security@opensuse.org 23 Apr '20
23 Apr '20
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0543-1
Rating: important
References: #1051510 #1065600 #1065729 #1083647 #1085030
#1109911 #1111666 #1113956 #1114279 #1118338
#1120386 #1137325 #1142685 #1145051 #1145929
#1148868 #1157424 #1158983 #1159037 #1159198
#1159199 #1161561 #1161951 #1162171 #1163403
#1163897 #1164284 #1164777 #1164780 #1164893
#1165019 #1165182 #1165185 #1165211 #1165823
#1165949 #1166780 #1166860 #1166861 #1166862
#1166864 #1166866 #1166867 #1166868 #1166870
#1166940 #1166982 #1167005 #1167216 #1167288
#1167290 #1167316 #1167421 #1167423 #1167627
#1167629 #1168075 #1168202 #1168273 #1168276
#1168295 #1168367 #1168424 #1168443 #1168486
#1168552 #1168760 #1168762 #1168763 #1168764
#1168765 #1168829 #1168854 #1168881 #1168884
#1168952 #1169013 #1169057 #1169307 #1169308
#1169390 #1169514 #1169625
Cross-References: CVE-2019-19770 CVE-2019-3701 CVE-2019-9458
CVE-2020-10942 CVE-2020-11494 CVE-2020-11669
CVE-2020-8834
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves 7 vulnerabilities and has 76 fixes is
now available.
Description:
The openSUSE Leap 15.1 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2020-11669: An issue was discovered on the powerpc platform.
arch/powerpc/kernel/idle_book3s.S did not have save/restore
functionality for PNV_POWERSAVE_AMR, PNV_POWERSAVE_UAMOR, and
PNV_POWERSAVE_AMOR, aka CID-53a712bae5dd (bnc#1169390).
- CVE-2020-8834: KVM on Power8 processors had a conflicting use of
HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in
kvmppc_{save,restore}_tm, leading to a stack corruption. Because of
this, an attacker with the ability run code in kernel space of a guest
VM can cause the host kernel to panic. There were two commits that,
according to the reporter, introduced the vulnerability: f024ee098476
("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate
procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug
in fake suspend mode") (bnc#1168276).
- CVE-2020-11494: An issue was discovered in slc_bump in
drivers/net/can/slcan.c, which allowed attackers to read uninitialized
can_frame data, potentially containing sensitive information from kernel
stack memory, if the configuration lacks CONFIG_INIT_STACK_ALL, aka
CID-b9258a2cece4 (bnc#1168424).
- CVE-2019-9458: In the video driver there is a use after free due to a
race condition. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed
for exploitation (bnc#1168295).
- CVE-2019-3701: An issue was discovered in can_can_gw_rcv in
net/can/gw.c. The CAN frame modification rules allow bitwise logical
operations that can be also applied to the can_dlc field. The privileged
user "root" with CAP_NET_ADMIN can create a CAN frame modification rule
that made the data length code a higher value than the available CAN
frame data size. In combination with a configured checksum calculation
where the result is stored relatively to the end of the data (e.g.
cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in
skb_shared_info) can be rewritten which finally can cause a system
crash. Because of a missing check, the CAN drivers may write arbitrary
content beyond the data registers in the CAN controller's I/O memory
when processing can-gw manipulated outgoing frames (bnc#1120386).
- CVE-2020-10942: In get_raw_socket in drivers/vhost/net.c lacked
validation of an sk_family field, which might allow attackers to trigger
kernel stack corruption via crafted system calls (bnc#1167629).
- CVE-2019-19770: A use-after-free in the debugfs_remove function in
fs/debugfs/inode.c was fixed. (bnc#1159198).
The following non-security bugs were fixed:
- ACPI: watchdog: Fix gas->access_width usage (bsc#1051510).
- ACPICA: Introduce ACPI_ACCESS_BYTE_WIDTH() macro (bsc#1051510).
- ALSA: ali5451: remove redundant variable capture_flag (bsc#1051510).
- ALSA: core: Add snd_device_get_state() helper (bsc#1051510).
- ALSA: core: Replace zero-length array with flexible-array member
(bsc#1051510).
- ALSA: emu10k1: Fix endianness annotations (bsc#1051510).
- ALSA: hda/ca0132 - Add Recon3Di quirk to handle integrated sound on EVGA
X99 Classified motherboard (bsc#1051510).
- ALSA: hda/ca0132 - Replace zero-length array with flexible-array member
(bsc#1051510).
- ALSA: hda/realtek - Enable headset mic of Acer X2660G with ALC662
(git-fixes).
- ALSA: hda/realtek - Enable the headset of Acer N50-600 with ALC662
(git-fixes).
- ALSA: hda/realtek - Remove now-unnecessary XPS 13 headphone noise fixups
(bsc#1051510).
- ALSA: hda/realtek - Set principled PC Beep configuration for ALC256
(bsc#1051510).
- ALSA: hda/realtek - a fake key event is triggered by running shutup
(bsc#1051510).
- ALSA: hda/realtek: Enable mute LED on an HP system (bsc#1051510).
- ALSA: hda/realtek: Fix pop noise on ALC225 (git-fixes).
- ALSA: hda: Fix potential access overflow in beep helper (bsc#1051510).
- ALSA: hda: Use scnprintf() for string truncation (bsc#1051510).
- ALSA: hda: default enable CA0132 DSP support (bsc#1051510).
- ALSA: hda: remove redundant assignment to variable timeout (bsc#1051510).
- ALSA: hda_codec: Replace zero-length array with flexible-array member
(bsc#1051510).
- ALSA: hdsp: remove redundant assignment to variable err (bsc#1051510).
- ALSA: ice1724: Fix invalid access for enumerated ctl items (bsc#1051510).
- ALSA: info: remove redundant assignment to variable c (bsc#1051510).
- ALSA: korg1212: fix if-statement empty body warnings (bsc#1051510).
- ALSA: line6: Fix endless MIDI read loop (git-fixes).
- ALSA: pcm.h: add for_each_pcm_streams() (bsc#1051510).
- ALSA: pcm: Fix superfluous snprintf() usage (bsc#1051510).
- ALSA: pcm: Use a macro for parameter masks to reduce the needed cast
(bsc#1051510).
- ALSA: pcm: oss: Avoid plugin buffer overflow (git-fixes).
- ALSA: pcm: oss: Fix regression by buffer overflow fix (bsc#1051510).
- ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks
(git-fixes).
- ALSA: pcm: oss: Unlock mutex temporarily for sleeping at read/write
(bsc#1051510).
- ALSA: seq: oss: Fix running status after receiving sysex (git-fixes).
- ALSA: seq: virmidi: Fix running status after receiving sysex (git-fixes).
- ALSA: usb-audio: Add delayed_register option (bsc#1051510).
- ALSA: usb-audio: Add support for MOTU MicroBook IIc (bsc#1051510).
- ALSA: usb-audio: Create a registration quirk for Kingston HyperX Amp
(0951:16d8) (bsc#1051510).
- ALSA: usb-audio: Do not create a mixer element with bogus volume range
(bsc#1051510).
- ALSA: usb-audio: Fix case when USB MIDI interface has more than one
extra endpoint descriptor (bsc#1051510).
- ALSA: usb-audio: Fix mixer controls' USB interface for Kingston HyperX
Amp (0951:16d8) (bsc#1051510).
- ALSA: usb-audio: Inform devices that need delayed registration
(bsc#1051510).
- ALSA: usb-audio: Parse source ID of UAC2 effect unit (bsc#1051510).
- ALSA: usb-audio: Rewrite registration quirk handling (bsc#1051510).
- ALSA: usb-midi: Replace zero-length array with flexible-array member
(bsc#1051510).
- ALSA: usx2y: use for_each_pcm_streams() macro (bsc#1051510).
- ALSA: via82xx: Fix endianness annotations (bsc#1051510).
- ASoC: Intel: atom: Take the drv->lock mutex before calling
sst_send_slot_map() (bsc#1051510).
- ASoC: Intel: mrfld: fix incorrect check on p->sink (bsc#1051510).
- ASoC: Intel: mrfld: return error codes when an error occurs
(bsc#1051510).
- ASoC: jz4740-i2s: Fix divider written at incorrect offset in register
(bsc#1051510).
- ASoC: sun8i-codec: Remove unused dev from codec struct (bsc#1051510).
- Bluetooth: RFCOMM: fix ODEBUG bug in rfcomm_dev_ioctl (bsc#1051510).
- Btrfs: clean up error handling in btrfs_truncate() (bsc#1165949).
- Btrfs: do not reset bio->bi_ops while writing bio (bsc#1168273).
- Btrfs: fix missing delayed iputs on unmount (bsc#1165949).
- Btrfs: fix qgroup double free after failure to reserve metadata for
delalloc (bsc#1165949).
- Btrfs: fix race leading to metadata space leak after task received
signal (bsc#1165949).
- Btrfs: fix unwritten extent buffers and hangs on future writeback
attempts (bsc#1168273).
- Btrfs: make plug in writing meta blocks really work (bsc#1168273).
- Btrfs: only check delayed ref usage in should_end_transaction
(bsc#1165949).
- Btrfs: remove bio_flags which indicates a meta block of log-tree
(bsc#1168273).
- Crypto: chelsio - Fixes a deadlock between rtnl_lock and uld_mutex
(bsc#1111666).
- Crypto: chelsio - Fixes a hang issue during driver registration
(bsc#1111666).
- Deprecate NR_UNSTABLE_NFS, use NR_WRITEBACK (bsc#1163403).
- HID: apple: Add support for recent firmware on Magic Keyboards
(bsc#1051510).
- IB/hfi1: convert to debugfs_file_get() and -put() (bsc#1159198
bsc#1109911). Prerequisite for bsc#1159198.
- Input: add safety guards to input_set_keycode() (bsc#1168075).
- Input: avoid BIT() macro usage in the serio.h UAPI header (bsc#1051510).
- Input: raydium_i2c_ts - fix error codes in raydium_i2c_boot_trigger()
(bsc#1051510).
- Input: synaptics - enable RMI on HP Envy 13-ad105ng (bsc#1051510).
- MM: replace PF_LESS_THROTTLE with PF_LOCAL_THROTTLE (bsc#1163403).
- NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() (bsc#1051510).
- NFS: send state management on a single connection (bsc#1167005).
- OMAP: DSS2: remove non-zero check on variable r (bsc#1114279)
- PCI/AER: Factor message prefixes with dev_fmt() (bsc#1161561).
- PCI/AER: Log which device prevents error recovery (bsc#1161561).
- PCI/AER: Remove ERR_FATAL code from ERR_NONFATAL path (bsc#1161561).
- PCI/ASPM: Clear the correct bits when enabling L1 substates
(bsc#1051510).
- PCI/ERR: Always report current recovery status for udev (bsc#1161561).
- PCI/ERR: Handle fatal error recovery (bsc#1161561).
- PCI/ERR: Remove duplicated include from err.c (bsc#1161561).
- PCI/ERR: Simplify broadcast callouts (bsc#1161561).
- PCI/portdrv: Remove pcie_port_bus_type link order dependency
(bsc#1161561).
- PCI/switchtec: Fix init_completion race condition with poll_wait()
(bsc#1051510).
- PCI: Simplify disconnected marking (bsc#1161561).
- PCI: Unify device inaccessible (bsc#1161561).
- PCI: endpoint: Fix clearing start entry in configfs (bsc#1051510).
- PCI: pciehp: Fix MSI interrupt race (bsc#1159037).
- PCI: portdrv: Initialize service drivers directly (bsc#1161561).
- PM: core: Fix handling of devices deleted during system-wide resume
(git-fixes).
- SUNRPC: defer slow parts of rpc_free_client() to a workqueue
(bsc#1168202).
- USB: Disable LPM on WD19's Realtek Hub (git-fixes).
- USB: Fix novation SourceControl XL after suspend (git-fixes).
- USB: cdc-acm: fix rounding error in TIOCSSERIAL (git-fixes).
- USB: hub: Do not record a connect-change event during reset-resume
(git-fixes).
- USB: misc: iowarrior: add support for 2 OEMed devices (git-fixes).
- USB: misc: iowarrior: add support for the 100 device (git-fixes).
- USB: misc: iowarrior: add support for the 28 and 28L devices (git-fixes).
- USB: serial: io_edgeport: fix slab-out-of-bounds read in
edge_interrupt_callback (bsc#1051510).
- USB: serial: option: add ME910G1 ECM composition 0x110b (git-fixes).
- USB: serial: pl2303: add device-id for HP LD381 (git-fixes).
- ahci: Add support for Amazon's Annapurna Labs SATA controller
(bsc#1169013).
- apei/ghes: Do not delay GHES polling (bsc#1166982).
- ath9k: Handle txpower changes even when TPC is disabled (bsc#1051510).
- batman-adv: Avoid spurious warnings from bat_v neigh_cmp implementation
(bsc#1051510).
- batman-adv: Do not schedule OGM for disabled interface (bsc#1051510).
- batman-adv: prevent TT request storms by not sending inconsistent TT
TLVLs (bsc#1051510).
- binfmt_elf: Do not move brk for INTERP-less ET_EXEC (bsc#1169013).
- binfmt_elf: move brk out of mmap when doing direct loader exec
(bsc#1169013).
- blk-mq: Allow blocking queue tag iter callbacks (bsc#1167316).
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body
(bsc#1168760).
- block: keep bdi->io_pages in sync with max_sectors_kb for stacked
devices (bsc#1168762).
- bnxt_en: Support all variants of the 5750X chip family (bsc#1167216).
- bpf: Explicitly memset some bpf info structures declared on the stack
(bsc#1083647).
- bpf: Explicitly memset the bpf_attr structure (bsc#1083647).
- brcmfmac: abort and release host after error (bsc#1111666).
- btrfs: Account for trans_block_rsv in may_commit_transaction
(bsc#1165949).
- btrfs: Add enospc_debug printing in metadata_reserve_bytes (bsc#1165949).
- btrfs: Do mandatory tree block check before submitting bio (bsc#1168273).
- btrfs: Improve global reserve stealing logic (bsc#1165949).
- btrfs: Output ENOSPC debug info in inc_block_group_ro (bsc#1165949).
- btrfs: Remove btrfs_inode::delayed_iput_count (bsc#1165949).
- btrfs: Remove fs_info from do_chunk_alloc (bsc#1165949).
- btrfs: Remove redundant argument of flush_space (bsc#1165949).
- btrfs: Remove redundant mirror_num arg (bsc#1168273).
- btrfs: Rename bin_search -> btrfs_bin_search (bsc#1168273).
- btrfs: add a flush step for delayed iputs (bsc#1165949).
- btrfs: add assertions for releasing trans handle reservations
(bsc#1165949).
- btrfs: add btrfs_delete_ref_head helper (bsc#1165949).
- btrfs: add enospc debug messages for ticket failure (bsc#1165949).
- btrfs: add new flushing states for the delayed refs rsv (bsc#1165949).
- btrfs: add space reservation tracepoint for reserved bytes (bsc#1165949).
- btrfs: adjust dirty_metadata_bytes after writeback failure of extent
buffer (bsc#1168273).
- btrfs: allow us to use up to 90% of the global rsv for unlink
(bsc#1165949).
- btrfs: always reserve our entire size for the global reserve
(bsc#1165949).
- btrfs: assert on non-empty delayed iputs (bsc##1165949).
- btrfs: be more explicit about allowed flush states (bsc#1165949).
- btrfs: call btrfs_create_pending_block_groups unconditionally
(bsc#1165949).
- btrfs: catch cow on deleting snapshots (bsc#1165949).
- btrfs: change the minimum global reserve size (bsc#1165949).
- btrfs: check if there are free block groups for commit (bsc#1165949).
- btrfs: cleanup extent_op handling (bsc#1165949).
- btrfs: cleanup root usage by btrfs_get_alloc_profile (bsc#1165949).
- btrfs: cleanup the target logic in __btrfs_block_rsv_release
(bsc#1165949).
- btrfs: clear space cache inode generation always (bsc#1165949).
- btrfs: delayed-ref: pass delayed_refs directly to btrfs_delayed_ref_lock
(bsc#1165949).
- btrfs: do not account global reserve in can_overcommit (bsc#1165949).
- btrfs: do not allow reservations if we have pending tickets
(bsc#1165949).
- btrfs: do not call btrfs_start_delalloc_roots in flushoncommit
(bsc#1165949).
- btrfs: do not end the transaction for delayed refs in throttle
(bsc#1165949).
- btrfs: do not enospc all tickets on flush failure (bsc#1165949).
- btrfs: do not run delayed refs in the end transaction logic
(bsc#1165949).
- btrfs: do not run delayed_iputs in commit (bsc##1165949).
- btrfs: do not use ctl->free_space for max_extent_size (bsc##1165949).
- btrfs: do not use global reserve for chunk allocation (bsc#1165949).
- btrfs: drop get_extent from extent_page_data (bsc#1168273).
- btrfs: drop min_size from evict_refill_and_join (bsc##1165949).
- btrfs: drop unused space_info parameter from create_space_info
(bsc#1165949).
- btrfs: dump block_rsv details when dumping space info (bsc#1165949).
- btrfs: export __btrfs_block_rsv_release (bsc#1165949).
- btrfs: export block group accounting helpers (bsc#1165949).
- btrfs: export block_rsv_use_bytes (bsc#1165949).
- btrfs: export btrfs_block_rsv_add_bytes (bsc#1165949).
- btrfs: export space_info_add_*_bytes (bsc#1165949).
- btrfs: export the block group caching helpers (bsc#1165949).
- btrfs: export the caching control helpers (bsc#1165949).
- btrfs: export the excluded extents helpers (bsc#1165949).
- btrfs: extent-tree: Add lockdep assert when updating space info
(bsc#1165949).
- btrfs: extent-tree: Add trace events for space info numbers update
(bsc#1165949).
- btrfs: extent-tree: Detect bytes_may_use underflow earlier (bsc#1165949).
- btrfs: extent-tree: Detect bytes_pinned underflow earlier (bsc#1165949).
- btrfs: extent_io: Handle errors better in btree_write_cache_pages()
(bsc#1168273).
- btrfs: extent_io: Handle errors better in extent_write_full_page()
(bsc#1168273).
- btrfs: extent_io: Handle errors better in extent_write_locked_range()
(bsc#1168273).
- btrfs: extent_io: Handle errors better in extent_writepages()
(bsc#1168273).
- btrfs: extent_io: Kill dead condition in extent_write_cache_pages()
(bsc#1168273).
- btrfs: extent_io: Kill the forward declaration of flush_write_bio
(bsc#1168273).
- btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up
(bsc#1168273).
- btrfs: extent_io: add proper error handling to
lock_extent_buffer_for_io() (bsc#1168273).
- btrfs: factor our read/write stage off csum_tree_block into its callers
(bsc#1168273).
- btrfs: factor out the ticket flush handling (bsc#1165949).
- btrfs: fix insert_reserved error handling (bsc##1165949).
- btrfs: fix may_commit_transaction to deal with no partial filling
(bsc#1165949).
- btrfs: fix truncate throttling (bsc#1165949).
- btrfs: force chunk allocation if our global rsv is larger than metadata
(bsc#1165949).
- btrfs: introduce an evict flushing state (bsc#1165949).
- btrfs: introduce delayed_refs_rsv (bsc#1165949).
- btrfs: loop in inode_rsv_refill (bsc#1165949).
- btrfs: make btrfs_destroy_delayed_refs use btrfs_delayed_ref_lock
(bsc#1165949).
- btrfs: make btrfs_destroy_delayed_refs use btrfs_delete_ref_head
(bsc#1165949).
- btrfs: make caching_thread use btrfs_find_next_key (bsc#1165949).
- btrfs: merge two flush_write_bio helpers (bsc#1168273).
- btrfs: migrate btrfs_trans_release_chunk_metadata (bsc#1165949).
- btrfs: migrate inc/dec_block_group_ro code (bsc#1165949).
- btrfs: migrate nocow and reservation helpers (bsc#1165949).
- btrfs: migrate the alloc_profile helpers (bsc#1165949).
- btrfs: migrate the block group caching code (bsc#1165949).
- btrfs: migrate the block group cleanup code (bsc#1165949).
- btrfs: migrate the block group lookup code (bsc#1165949).
- btrfs: migrate the block group read/creation code (bsc#1165949).
- btrfs: migrate the block group ref counting stuff (bsc#1165949).
- btrfs: migrate the block group removal code (bsc#1165949).
- btrfs: migrate the block group space accounting helpers (bsc#1165949).
- btrfs: migrate the block-rsv code to block-rsv.c (bsc#1165949).
- btrfs: migrate the chunk allocation code (bsc#1165949).
- btrfs: migrate the delalloc space stuff to it's own home (bsc#1165949).
- btrfs: migrate the delayed refs rsv code (bsc#1165949).
- btrfs: migrate the dirty bg writeout code (bsc#1165949).
- btrfs: migrate the global_block_rsv helpers to block-rsv.c (bsc#1165949).
- btrfs: move and export can_overcommit (bsc#1165949).
- btrfs: move basic block_group definitions to their own header
(bsc#1165949).
- btrfs: move btrfs_add_free_space out of a header file (bsc#1165949).
- btrfs: move btrfs_block_rsv definitions into it's own header
(bsc#1165949).
- btrfs: move btrfs_raid_group values to btrfs_raid_attr table
(bsc#1165949).
- btrfs: move btrfs_space_info_add_*_bytes to space-info.c (bsc#1165949).
- btrfs: move dump_space_info to space-info.c (bsc#1165949).
- btrfs: move reserve_metadata_bytes and supporting code to space-info.c
(bsc#1165949).
- btrfs: move space_info to space-info.h (bsc#1165949).
- btrfs: move the space info update macro to space-info.h (bsc#1165949).
- btrfs: move the space_info handling code to space-info.c (bsc#1165949).
- btrfs: move the subvolume reservation stuff out of extent-tree.c
(bsc#1165949).
- btrfs: only check priority tickets for priority flushing (bsc#1165949).
- btrfs: only free reserved extent if we didn't insert it (bsc##1165949).
- btrfs: only reserve metadata_size for inodes (bsc#1165949).
- btrfs: only track ref_heads in delayed_ref_updates (bsc#1165949).
- btrfs: pass root to various extent ref mod functions (bsc#1165949).
- btrfs: qgroup: Do not hold qgroup_ioctl_lock in btrfs_qgroup_inherit()
(bsc#1165823).
- btrfs: qgroup: Mark qgroup inconsistent if we're inherting snapshot to a
new qgroup (bsc#1165823).
- btrfs: refactor block group replication factor calculation to a helper
(bsc#1165949).
- btrfs: refactor priority_reclaim_metadata_space (bsc#1165949).
- btrfs: refactor the ticket wakeup code (bsc#1165949).
- btrfs: release metadata before running delayed refs (bsc##1165949).
- btrfs: remove orig_bytes from reserve_ticket (bsc#1165949).
- btrfs: rename btrfs_space_info_add_old_bytes (bsc#1165949).
- btrfs: rename do_chunk_alloc to btrfs_chunk_alloc (bsc#1165949).
- btrfs: rename the btrfs_calc_*_metadata_size helpers (bsc#1165949).
- btrfs: replace cleaner_delayed_iput_mutex with a waitqueue (bsc#1165949).
- btrfs: reserve delalloc metadata differently (bsc#1165949).
- btrfs: reserve extra space during evict (bsc#1165949).
- btrfs: reset max_extent_size on clear in a bitmap (bsc##1165949).
- btrfs: reset max_extent_size properly (bsc##1165949).
- btrfs: rework btrfs_check_space_for_delayed_refs (bsc#1165949).
- btrfs: rework wake_all_tickets (bsc#1165949).
- btrfs: roll tracepoint into btrfs_space_info_update helper (bsc#1165949).
- btrfs: run btrfs_try_granting_tickets if a priority ticket fails
(bsc#1165949).
- btrfs: run delayed iput at unlink time (bsc#1165949).
- btrfs: run delayed iputs before committing (bsc#1165949).
- btrfs: set max_extent_size properly (bsc##1165949).
- btrfs: sink extent_write_full_page tree argument (bsc#1168273).
- btrfs: sink extent_write_locked_range tree parameter (bsc#1168273).
- btrfs: sink flush_fn to extent_write_cache_pages (bsc#1168273).
- btrfs: sink get_extent parameter to extent_write_full_page (bsc#1168273).
- btrfs: sink get_extent parameter to extent_write_locked_range
(bsc#1168273).
- btrfs: sink get_extent parameter to extent_fiemap (bsc#1168273).
- btrfs: sink get_extent parameter to extent_readpages (bsc#1168273).
- btrfs: sink get_extent parameter to extent_writepages (bsc#1168273).
- btrfs: sink get_extent parameter to get_extent_skip_holes (bsc#1168273).
- btrfs: sink writepage parameter to extent_write_cache_pages
(bsc#1168273).
- btrfs: stop partially refilling tickets when releasing space
(bsc#1165949).
- btrfs: stop using block_rsv_release_bytes everywhere (bsc#1165949).
- btrfs: switch to on-stack csum buffer in csum_tree_block (bsc#1168273).
- btrfs: temporarily export btrfs_get_restripe_target (bsc#1165949).
- btrfs: temporarily export fragment_free_space (bsc#1165949).
- btrfs: temporarily export inc_block_group_ro (bsc#1165949).
- btrfs: track DIO bytes in flight (bsc#1165949).
- btrfs: tree-checker: Remove comprehensive root owner check (bsc#1168273).
- btrfs: unexport can_overcommit (bsc#1165949).
- btrfs: unexport the temporary exported functions (bsc#1165949).
- btrfs: unify error handling for ticket flushing (bsc#1165949).
- btrfs: unify extent_page_data type passed as void (bsc#1168273).
- btrfs: update may_commit_transaction to use the delayed refs rsv
(bsc#1165949).
- btrfs: use btrfs_try_granting_tickets in update_global_rsv (bsc#1165949).
- btrfs: wait on caching when putting the bg cache (bsc#1165949).
- btrfs: wait on ordered extents on abort cleanup (bsc#1165949).
- btrfs: wakeup cleaner thread when adding delayed iput (bsc#1165949).
- ceph: canonicalize server path in place (bsc#1168443).
- ceph: check POOL_FLAG_FULL/NEARFULL in addition to OSDMAP_FULL/NEARFULL
(bsc#1169307).
- ceph: remove the extra slashes in the server path (bsc#1168443).
- cfg80211: check reg_rule for NULL in handle_channel_custom()
(bsc#1051510).
- cfg80211: check wiphy driver existence for drvinfo report (bsc#1051510).
- cgroup: memcg: net: do not associate sock with unrelated cgroup
(bsc#1167290).
- cifs: ignore cached share root handle closing errors (bsc#1166780).
- clk: imx: Align imx sc clock msg structs to 4 (bsc#1111666).
- clk: imx: Align imx sc clock msg structs to 4 (git-fixes).
- clk: qcom: rcg: Return failure for RCG update (bsc#1051510).
- configfs: Fix bool initialization/comparison (bsc#1051510).
- cpufreq: Register drivers only after CPU devices have been registered
(bsc#1051510).
- cpuidle: Do not unset the driver if it is there already (bsc#1051510).
- crypto: arm64/sha-ce - implement export/import (bsc#1051510).
- crypto: mxs-dcp - fix scatterlist linearization for hash (bsc#1051510).
- crypto: tcrypt - fix printed skcipher [a]sync mode (bsc#1051510).
- debugfs: add support for more elaborate ->d_fsdata (bsc#1159198
bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: call debugfs_real_fops() only after debugfs_file_get()
(bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: call debugfs_real_fops() only after debugfs_file_get()
(bsc#1159198). Prerequisite for bsc#1159198.
- debugfs: convert to debugfs_file_get() and -put() (bsc#1159198
bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: debugfs_real_fops(): drop __must_hold sparse annotation
(bsc#1159198 bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: debugfs_use_start/finish do not exist anymore (bsc#1159198).
Prerequisite for bsc#1159198.
- debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198
bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: defer debugfs_fsdata allocation to first usage (bsc#1159198).
Prerequisite for bsc#1159198.
- debugfs: fix debugfs_real_fops() build error (bsc#1159198 bsc#1109911).
Prerequisite for bsc#1159198.
- debugfs: implement per-file removal protection (bsc#1159198
bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: purge obsolete SRCU based removal protection (bsc#1159198
bsc#1109911). Prerequisite for bsc#1159198.
- debugfs: simplify __debugfs_remove_file() (bsc#1159198). Prerequisite
for bsc#1159198.
- dmaengine: ste_dma40: fix unneeded variable warning (bsc#1051510).
- drm/amd/amdgpu: Fix GPR read from debugfs (v2) (bsc#1113956)
- drm/amd/display: Add link_rate quirk for Apple 15" MBP 2017
(bsc#1111666).
- drm/amd/display: Fix wrongly passed static prefix (bsc#1111666).
- drm/amd/display: remove duplicated assignment to grph_obj_type
(bsc#1051510).
- drm/amdgpu: fix typo for vcn1 idle check (bsc#1111666).
- drm/bochs: downgrade pci_request_region failure from error to warning
(bsc#1051510).
- drm/bridge: dw-hdmi: fix AVI frame colorimetry (bsc#1051510).
- drm/drm_dp_mst:remove set but not used variable 'origlen' (bsc#1051510).
- drm/exynos: dsi: fix workaround for the legacy clock name (bsc#1111666).
- drm/exynos: dsi: propagate error value and silence meaningless warning
(bsc#1111666).
- drm/lease: fix WARNING in idr_destroy (bsc#1113956)
- drm/msm: Set dma maximum segment size for mdss (bsc#1051510).
- drm/msm: Use the correct dma_sync calls harder (bsc#1051510).
- drm/msm: Use the correct dma_sync calls in msm_gem (bsc#1051510).
- drm/msm: stop abusing dma_map/unmap for cache (bsc#1051510).
- drm/sun4i: dsi: Use NULL to signify "no panel" (bsc#1111666).
- drm/v3d: Replace wait_for macros to remove use of msleep (bsc#1111666).
- drm/vc4: Fix HDMI mode validation (git-fixes).
- drm_dp_mst_topology: fix broken drm_dp_sideband_parse_remote_dpcd_read()
(bsc#1051510).
- dt-bindings: allow up to four clocks for orion-mdio (bsc#1051510).
- efi: Do not attempt to map RCI2 config table if it does not exist
(jsc#ECO-366, bsc#1168367).
- efi: Export Runtime Configuration Interface table to sysfs (jsc#ECO-366,
bsc#1168367).
- efi: Fix a race and a buffer overflow while reading efivars via sysfs
(bsc#1164893).
- efi: x86: move efi_is_table_address() into arch/x86 (jsc#ECO-366,
bsc#1168367).
- ext4: Avoid ENOSPC when avoiding to reuse recently deleted inodes
(bsc#1165019).
- ext4: Check for non-zero journal inum in ext4_calculate_overhead
(bsc#1167288).
- ext4: add cond_resched() to __ext4_find_entry() (bsc#1166862).
- ext4: do not assume that mmp_nodename/bdevname have NUL (bsc#1166860).
- ext4: fix a data race in EXT4_I(inode)->i_disksize (bsc#1166861).
- ext4: fix incorrect group count in ext4_fill_super error message
(bsc#1168765).
- ext4: fix incorrect inodes per group in error message (bsc#1168764).
- ext4: fix potential race between online resizing and write operations
(bsc#1166864).
- ext4: fix potential race between s_flex_groups online resizing and
access (bsc#1166867).
- ext4: fix potential race between s_group_info online resizing and access
(bsc#1166866).
- ext4: fix race between writepages and enabling EXT4_EXTENTS_FL
(bsc#1166870).
- ext4: fix support for inode sizes > 1024 bytes (bsc#1164284).
- ext4: potential crash on allocation error in ext4_alloc_flex_bg_array()
(bsc#1166940).
- ext4: rename s_journal_flag_rwsem to s_writepages_rwsem (bsc#1166868).
- ext4: validate the debug_want_extra_isize mount option at parse time
(bsc#1163897).
- fat: fix uninit-memory access for partial initialized inode
(bsc#1051510).
- fat: work around race with userspace's read via blockdev while mounting
(bsc#1051510).
- fbdev/g364fb: Fix build failure (bsc#1051510).
- fbdev: potential information leak in do_fb_ioctl() (bsc#1114279)
- fbmem: Adjust indentation in fb_prepare_logo and fb_blank (bsc#1114279)
- firmware: arm_sdei: fix double-lock on hibernate with shared events
(bsc#1111666).
- firmware: arm_sdei: fix possible double-lock on hibernate error path
(bsc#1111666).
- ftrace/kprobe: Show the maxactive number on kprobe_events (git-fixes).
- i2c: hix5hd2: add missed clk_disable_unprepare in remove (bsc#1051510).
- i2c: jz4780: silence log flood on txabrt (bsc#1051510).
- ibmvfc: do not send implicit logouts prior to NPIV login (bsc#1169625
ltc#184611).
- iio: gyro: adis16136: check ret val for non-zero vs less-than-zero
(bsc#1051510).
- iio: imu: adis16400: check ret val for non-zero vs less-than-zero
(bsc#1051510).
- iio: imu: adis16480: check ret val for non-zero vs less-than-zero
(bsc#1051510).
- iio: imu: adis: check ret val for non-zero vs less-than-zero
(bsc#1051510).
- iio: magnetometer: ak8974: Fix negative raw values in sysfs
(bsc#1051510).
- iio: potentiostat: lmp9100: fix
iio_triggered_buffer_{predisable,postenable} positions (bsc#1051510).
- intel_th: Fix user-visible error codes (bsc#1051510).
- intel_th: pci: Add Elkhart Lake CPU support (bsc#1051510).
- iommu/amd: Fix the configuration of GCR3 table root pointer
(bsc#1169057).
- ipmi: fix hung processes in __get_guid() (bsc#1111666).
- ipmi:ssif: Handle a possible NULL pointer reference (bsc#1051510).
- ipvlan: do not add hardware address of master to its unicast filter list
(bsc#1137325).
- irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (bsc#1051510).
- irqdomain: Fix a memory leak in irq_domain_push_irq() (bsc#1051510).
- kABI workaround for pcie_port_bus_type change (bsc#1161561).
- kABI: fixes for debugfs per-file removal protection backports
(bsc#1159198 bsc#1109911).
- kABI: restore debugfs_remove_recursive() (bsc#1159198).
- kabi fix for (bsc#1168202).
- libceph: fix alloc_msg_with_page_vector() memory leaks (bsc#1169308).
- libfs: fix infoleak in simple_attr_read() (bsc#1168881).
- lpfc: add support for translating an RSCN rcv into a discovery rescan
(bsc#1164777 bsc#1164780 bsc#1165211).
- lpfc: add support to generate RSCN events for nport (bsc#1164777
bsc#1164780 bsc#1165211).
- mac80211: Do not send mesh HWMP PREQ if HWMP is disabled (bsc#1051510).
- mac80211: consider more elements in parsing CRC (bsc#1051510).
- mac80211: free peer keys before vif down in mesh (bsc#1051510).
- mac80211: mesh: fix RCU warning (bsc#1051510).
- mac80211: only warn once on chanctx_conf being NULL (bsc#1051510).
- mac80211: rx: avoid RCU list traversal under mutex (bsc#1051510).
- macsec: add missing attribute validation for port (bsc#1051510).
- macsec: fix refcnt leak in module exit routine (bsc#1051510).
- media: dib0700: fix rc endpoint lookup (bsc#1051510).
- media: flexcop-usb: fix endpoint sanity check (git-fixes).
- media: go7007: Fix URB type for interrupt handling (bsc#1051510).
- media: ov519: add missing endpoint sanity checks (bsc#1168829).
- media: ov6650: Fix .get_fmt() V4L2_SUBDEV_FORMAT_TRY support
(bsc#1051510).
- media: ov6650: Fix some format attributes not under control
(bsc#1051510).
- media: ov6650: Fix stored crop rectangle not in sync with hardware
(bsc#1051510).
- media: ov6650: Fix stored frame format not in sync with hardware
(bsc#1051510).
- media: stv06xx: add missing descriptor sanity checks (bsc#1168854).
- media: tda10071: fix unsigned sign extension overflow (bsc#1051510).
- media: usbtv: fix control-message timeouts (bsc#1051510).
- media: v4l2-core: fix entity initialization in device_register_subdev
(bsc#1051510).
- media: vsp1: tidyup VI6_HGT_LBn_H() macro (bsc#1051510).
- media: xirlink_cit: add missing descriptor sanity checks (bsc#1051510).
- mfd: dln2: Fix sanity checking for endpoints (bsc#1051510).
- misc: pci_endpoint_test: Fix to support > 10 pci-endpoint-test devices
(bsc#1051510).
- mm/filemap.c: do not initiate writeback if mapping has no dirty pages
(bsc#1168884).
- mm/memory_hotplug.c: only respect mem= parameter during boot stage
(bsc#1065600).
- mmc: sdhci-of-at91: fix cd-gpios for SAMA5D2 (bsc#1051510).
- mwifiex: set needed_headroom, not hard_header_len (bsc#1051510).
- net/nfc: Avoid stalls when nfc_alloc_send_skb() returned NULL
(bsc#1051510).
- net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
(networking-stable-20_02_19).
- net/sched: matchall: add missing validation of TCA_MATCHALL_FLAGS
(networking-stable-20_02_19).
- net/smc: fix leak of kernel memory to user space
(networking-stable-20_02_19).
- net: dsa: tag_qca: Make sure there is headroom for tag
(networking-stable-20_02_19).
- net: ena: Add PCI shutdown handler to allow safe kexec (bsc#1167421,
bsc#1167423).
- net: nfc: fix bounds checking bugs on "pipe" (bsc#1051510).
- net: phy: micrel: kszphy_resume(): add delay after genphy_resume()
before accessing PHY registers (bsc#1051510).
- net_sched: keep alloc_hash updated after hash allocation (git-fixes).
- netfilter: conntrack: sctp: use distinct states for new SCTP connections
(bsc#1159199).
- nvme-multipath: also check for a disabled path if there is a single
sibling (bsc#1158983).
- nvme-multipath: do not select namespaces which are about to be removed
(bsc#1158983).
- nvme-multipath: factor out a nvme_path_is_disabled helper (bsc#1158983).
- nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (bsc#1158983).
- nvme-multipath: fix possible I/O hang when paths are updated
(bsc#1158983).
- nvme-multipath: fix possible io hang after ctrl reconnect (bsc#1158983).
- nvme-multipath: remove unused groups_only mode in ana log (bsc#1158983).
- nvme-multipath: round-robin I/O policy (bsc#1158983).
- nvme: fix a possible deadlock when passthru commands sent to a multipath
device (bsc#1158983).
- nvme: fix controller removal race with scan work (bsc#1158983).
- objtool: Add is_static_jump() helper (bsc#1169514).
- objtool: Add relocation check for alternative sections (bsc#1169514).
- partitions/efi: Fix partition name parsing in GUID partition entry
(bsc#1168763).
- perf/amd/uncore: Replace manual sampling check with CAP_NO_INTERRUPT
flag (bsc#1114279).
- perf: qcom_l2: fix column exclusion check (git-fixes).
- pinctrl: core: Remove extra kref_get which blocks hogs being freed
(bsc#1051510).
- platform/x86: pmc_atom: Add Lex 2I385SW to critclk_systems DMI table
(bsc#1051510).
- powerpc/64/tm: Do not let userspace set regs->trap via sigreturn
(bsc#1118338 ltc#173734).
- powerpc/64: mark start_here_multiplatform as __ref (bsc#1148868).
- powerpc/64s: Fix section mismatch warnings from boot code (bsc#1148868).
- powerpc/hash64/devmap: Use H_PAGE_THP_HUGE when setting up huge devmap
PTE entries (bsc#1065729).
- powerpc/kprobes: Ignore traps that happened in real mode (bsc#1065729).
- powerpc/mm: Fix section mismatch warning in
stop_machine_change_mapping() (bsc#1148868).
- powerpc/pseries/ddw: Extend upper limit for huge DMA window for
persistent memory (bsc#1142685 ltc#179509).
- powerpc/pseries/iommu: Fix set but not used values (bsc#1142685
ltc#179509).
- powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation
(bsc#1142685 ltc#179509).
- powerpc/vmlinux.lds: Explicitly retain .gnu.hash (bsc#1148868).
- powerpc/xive: Replace msleep(x) with msleep(OPAL_BUSY_DELAY_MS)
(bsc#1085030).
- powerpc/xive: Use XIVE_BAD_IRQ instead of zero to catch non configured
IPIs (bsc#1085030).
- pwm: bcm2835: Dynamically allocate base (bsc#1051510).
- pwm: meson: Fix confusing indentation (bsc#1051510).
- pwm: pca9685: Fix PWM/GPIO inter-operation (bsc#1051510).
- pwm: rcar: Fix late Runtime PM enablement (bsc#1051510).
- pwm: renesas-tpu: Fix late Runtime PM enablement (bsc#1051510).
- pxa168fb: fix release function mismatch in probe failure (bsc#1051510).
- qmi_wwan: unconditionally reject 2 ep interfaces (bsc#1051510).
- rtlwifi: rtl8192de: Fix missing callback that tests for hw release of
buffer (git-fixes).
- s390/mm: fix dynamic pagetable upgrade for hugetlbfs (bsc#1165182
LTC#184102).
- s390/qeth: fix potential deadlock on workqueue flush (bsc#1165185
LTC#184108).
- scsi: core: avoid repetitive logging of device offline messages
(bsc#1145929).
- scsi: core: kABI fix offline_already (bsc#1145929).
- scsi: fc: Update Descriptor definition and add RDF and Link Integrity
FPINs (bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: ibmvfc: Fix NULL return compiler warning (bsc#1161951 ltc#183551).
- scsi: lpfc: Change default SCSI LUN QD to 64 (bsc#1164777 bsc#1164780
bsc#1165211 jsc#SLE-8654).
- scsi: lpfc: Clean up hba max_lun_queue_depth checks (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Copyright updates for 12.6.0.4 patches (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix Fabric hostname registration if system hostname changes
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix MDS Latency Diagnostics Err-drop rates (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix RQ buffer leakage when no IOCBs available (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix broken Credit Recovery after driver load (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix compiler warning on frame size (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Fix coverity errors in fmdi attribute handling (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix crash after handling a pci error (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix crash in target side cable pulls hitting WAIT_FOR_UNREG
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix disablement of FC-AL on lpe35000 models (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix driver nvme rescan logging (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Fix erroneous cpu limit of 128 on I/O statistics
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix improper flag check for IO type (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Fix incomplete NVME discovery when target (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix kasan slab-out-of-bounds error in lpfc_unreg_login
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix lockdep error - register non-static key (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix lpfc overwrite of sg_cnt field in nvmefc_tgt_fcp_req
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix lpfc_io_buf resource leak in lpfc_get_scsi_buf_s4 error
path (bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix memory leak on lpfc_bsg_write_ebuf_set func (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix missing check for CSF in Write Object Mbox Rsp
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix ras_log via debugfs (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Fix registration of ELS type support in fdmi (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix release of hwq to clear the eq relationship (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix scsi host template for SLI3 vports (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix unmap of dpp bars affecting next driver load
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix update of wq consumer index in lpfc_sli4_wq_release
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Fix: Rework setting of fdmi symbolic node name registration
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Make debugfs ktime stats generic for NVME and SCSI
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Make lpfc_defer_acc_rsp static (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Remove handler for obsolete ELS - Read Port Status (RPS)
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: Remove prototype FIPS/DSS options from SLI-3 (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: lpfc: Update lpfc version to 12.6.0.3 (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Update lpfc version to 12.6.0.4 (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: Update lpfc version to 12.8.0.0 (bsc#1164777 bsc#1164780
bsc#1165211).
- scsi: lpfc: add RDF registration and Link Integrity FPIN logging
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: fix spelling mistake "Notication" -> "Notification"
(bsc#1164777 bsc#1164780 bsc#1165211).
- scsi: lpfc: fix spelling mistakes of asynchronous (bsc#1164777
bsc#1164780 bsc#1165211).
- scsi: qla2xxx: Fix I/Os being passed down when FC device is being
deleted (bsc#1157424).
- serdev: ttyport: restore client ops on deregistration (bsc#1051510).
- staging: ccree: use signal safe completion wait (git-fixes).
- staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table
(bsc#1051510).
- staging: vt6656: fix sign of rx_dbm to bb_pre_ed_rssi (bsc#1051510).
- staging: wlan-ng: fix ODEBUG bug in prism2sta_disconnect_usb
(bsc#1051510).
- staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback
(bsc#1051510).
- swiotlb: do not panic on mapping failures (bsc#1162171).
- swiotlb: remove the overflow buffer (bsc#1162171).
- thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n
(bsc#1051510).
- tpm: ibmvtpm: Wait for buffer to be set before proceeding (bsc#1065729).
- tty/serial: atmel: manage shutdown in case of RS485 or ISO7816 mode
(bsc#1051510).
- tty: evh_bytechan: Fix out of bounds accesses (bsc#1051510).
- tty: serial: imx: setup the correct sg entry for tx dma (bsc#1051510).
- usb: audio-v2: Add uac2_effect_unit_descriptor definition (bsc#1051510).
- usb: core: hub: do error out if usb_autopm_get_interface() fails
(git-fixes).
- usb: core: port: do error out if usb_autopm_get_interface() fails
(git-fixes).
- usb: dwc2: Fix in ISOC request length checking (git-fixes).
- usb: gadget: composite: Fix bMaxPower for SuperSpeedPlus (git-fixes).
- usb: gadget: f_fs: Fix use after free issue as part of queue failure
(bsc#1051510).
- usb: host: xhci-plat: add a shutdown (git-fixes).
- usb: musb: Disable pullup at init (git-fixes).
- usb: musb: fix crash with highmen PIO and usbmon (bsc#1051510).
- usb: quirks: add NO_LPM quirk for Logitech Screen Share (git-fixes).
- usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters
(git-fixes).
- usb: storage: Add quirk for Samsung Fit flash (git-fixes).
- usb: uas: fix a plug & unplug racing (git-fixes).
- usb: xhci: apply XHCI_SUSPEND_DELAY to AMD XHCI controller 1022:145c
(git-fixes).
- virtio-blk: improve virtqueue error to BLK_STS (bsc#1167627).
- virtio_ring: fix unmap of indirect descriptors (bsc#1162171).
- x86/mce: Fix logic and comments around MSR_PPIN_CTL (bsc#1114279).
- x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes
(bsc#1114279).
- xen/blkfront: fix memory allocation flags in blkfront_setup_indirect()
(bsc#1168486).
- xhci: Do not open code __print_symbolic() in xhci trace events
(git-fixes).
- xhci: apply XHCI_PME_STUCK_QUIRK to Intel Comet Lake platforms
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-543=1
Package List:
- openSUSE Leap 15.1 (noarch):
kernel-devel-4.12.14-lp151.28.48.1
kernel-docs-4.12.14-lp151.28.48.1
kernel-docs-html-4.12.14-lp151.28.48.1
kernel-macros-4.12.14-lp151.28.48.1
kernel-source-4.12.14-lp151.28.48.1
kernel-source-vanilla-4.12.14-lp151.28.48.1
- openSUSE Leap 15.1 (x86_64):
kernel-debug-4.12.14-lp151.28.48.1
kernel-debug-base-4.12.14-lp151.28.48.1
kernel-debug-base-debuginfo-4.12.14-lp151.28.48.1
kernel-debug-debuginfo-4.12.14-lp151.28.48.1
kernel-debug-debugsource-4.12.14-lp151.28.48.1
kernel-debug-devel-4.12.14-lp151.28.48.1
kernel-debug-devel-debuginfo-4.12.14-lp151.28.48.1
kernel-default-4.12.14-lp151.28.48.1
kernel-default-base-4.12.14-lp151.28.48.1
kernel-default-base-debuginfo-4.12.14-lp151.28.48.1
kernel-default-debuginfo-4.12.14-lp151.28.48.1
kernel-default-debugsource-4.12.14-lp151.28.48.1
kernel-default-devel-4.12.14-lp151.28.48.1
kernel-default-devel-debuginfo-4.12.14-lp151.28.48.1
kernel-kvmsmall-4.12.14-lp151.28.48.1
kernel-kvmsmall-base-4.12.14-lp151.28.48.1
kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.48.1
kernel-kvmsmall-debuginfo-4.12.14-lp151.28.48.1
kernel-kvmsmall-debugsource-4.12.14-lp151.28.48.1
kernel-kvmsmall-devel-4.12.14-lp151.28.48.1
kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.48.1
kernel-obs-build-4.12.14-lp151.28.48.1
kernel-obs-build-debugsource-4.12.14-lp151.28.48.1
kernel-obs-qa-4.12.14-lp151.28.48.1
kernel-syms-4.12.14-lp151.28.48.1
kernel-vanilla-4.12.14-lp151.28.48.1
kernel-vanilla-base-4.12.14-lp151.28.48.1
kernel-vanilla-base-debuginfo-4.12.14-lp151.28.48.1
kernel-vanilla-debuginfo-4.12.14-lp151.28.48.1
kernel-vanilla-debugsource-4.12.14-lp151.28.48.1
kernel-vanilla-devel-4.12.14-lp151.28.48.1
kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.48.1
References:
https://www.suse.com/security/cve/CVE-2019-19770.html
https://www.suse.com/security/cve/CVE-2019-3701.html
https://www.suse.com/security/cve/CVE-2019-9458.html
https://www.suse.com/security/cve/CVE-2020-10942.html
https://www.suse.com/security/cve/CVE-2020-11494.html
https://www.suse.com/security/cve/CVE-2020-11669.html
https://www.suse.com/security/cve/CVE-2020-8834.html
https://bugzilla.suse.com/1051510
https://bugzilla.suse.com/1065600
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1083647
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1109911
https://bugzilla.suse.com/1111666
https://bugzilla.suse.com/1113956
https://bugzilla.suse.com/1114279
https://bugzilla.suse.com/1118338
https://bugzilla.suse.com/1120386
https://bugzilla.suse.com/1137325
https://bugzilla.suse.com/1142685
https://bugzilla.suse.com/1145051
https://bugzilla.suse.com/1145929
https://bugzilla.suse.com/1148868
https://bugzilla.suse.com/1157424
https://bugzilla.suse.com/1158983
https://bugzilla.suse.com/1159037
https://bugzilla.suse.com/1159198
https://bugzilla.suse.com/1159199
https://bugzilla.suse.com/1161561
https://bugzilla.suse.com/1161951
https://bugzilla.suse.com/1162171
https://bugzilla.suse.com/1163403
https://bugzilla.suse.com/1163897
https://bugzilla.suse.com/1164284
https://bugzilla.suse.com/1164777
https://bugzilla.suse.com/1164780
https://bugzilla.suse.com/1164893
https://bugzilla.suse.com/1165019
https://bugzilla.suse.com/1165182
https://bugzilla.suse.com/1165185
https://bugzilla.suse.com/1165211
https://bugzilla.suse.com/1165823
https://bugzilla.suse.com/1165949
https://bugzilla.suse.com/1166780
https://bugzilla.suse.com/1166860
https://bugzilla.suse.com/1166861
https://bugzilla.suse.com/1166862
https://bugzilla.suse.com/1166864
https://bugzilla.suse.com/1166866
https://bugzilla.suse.com/1166867
https://bugzilla.suse.com/1166868
https://bugzilla.suse.com/1166870
https://bugzilla.suse.com/1166940
https://bugzilla.suse.com/1166982
https://bugzilla.suse.com/1167005
https://bugzilla.suse.com/1167216
https://bugzilla.suse.com/1167288
https://bugzilla.suse.com/1167290
https://bugzilla.suse.com/1167316
https://bugzilla.suse.com/1167421
https://bugzilla.suse.com/1167423
https://bugzilla.suse.com/1167627
https://bugzilla.suse.com/1167629
https://bugzilla.suse.com/1168075
https://bugzilla.suse.com/1168202
https://bugzilla.suse.com/1168273
https://bugzilla.suse.com/1168276
https://bugzilla.suse.com/1168295
https://bugzilla.suse.com/1168367
https://bugzilla.suse.com/1168424
https://bugzilla.suse.com/1168443
https://bugzilla.suse.com/1168486
https://bugzilla.suse.com/1168552
https://bugzilla.suse.com/1168760
https://bugzilla.suse.com/1168762
https://bugzilla.suse.com/1168763
https://bugzilla.suse.com/1168764
https://bugzilla.suse.com/1168765
https://bugzilla.suse.com/1168829
https://bugzilla.suse.com/1168854
https://bugzilla.suse.com/1168881
https://bugzilla.suse.com/1168884
https://bugzilla.suse.com/1168952
https://bugzilla.suse.com/1169013
https://bugzilla.suse.com/1169057
https://bugzilla.suse.com/1169307
https://bugzilla.suse.com/1169308
https://bugzilla.suse.com/1169390
https://bugzilla.suse.com/1169514
https://bugzilla.suse.com/1169625
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0544-1: important: Security update for MozillaThunderbird
by opensuse-security@opensuse.org 23 Apr '20
by opensuse-security@opensuse.org 23 Apr '20
23 Apr '20
openSUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0544-1
Rating: important
References: #1168630 #1168874
Cross-References: CVE-2020-6819 CVE-2020-6820 CVE-2020-6821
CVE-2020-6822 CVE-2020-6825
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 5 vulnerabilities is now available.
Description:
This update for MozillaThunderbird to version 68.7.0 fixes the following
issues:
- CVE-2020-6819: Use-after-free while running the nsDocShell destructor
(boo#1168630)
- CVE-2020-6820: Use-after-free when handling a ReadableStream
(boo#1168630)
- CVE-2020-6821: Uninitialized memory could be read when using the WebGL
copyTexSubImage() (boo#1168874)
- CVE-2020-6822: Out of bounds write in GMPDecodeData when processing
large images (boo#1168874)
- CVE-2020-6825: Memory safety bugs fixed (boo#1168874)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-544=1
Package List:
- openSUSE Leap 15.1 (x86_64):
MozillaThunderbird-68.7.0-lp151.2.35.1
MozillaThunderbird-debuginfo-68.7.0-lp151.2.35.1
MozillaThunderbird-debugsource-68.7.0-lp151.2.35.1
MozillaThunderbird-translations-common-68.7.0-lp151.2.35.1
MozillaThunderbird-translations-other-68.7.0-lp151.2.35.1
References:
https://www.suse.com/security/cve/CVE-2020-6819.html
https://www.suse.com/security/cve/CVE-2020-6820.html
https://www.suse.com/security/cve/CVE-2020-6821.html
https://www.suse.com/security/cve/CVE-2020-6822.html
https://www.suse.com/security/cve/CVE-2020-6825.html
https://bugzilla.suse.com/1168630
https://bugzilla.suse.com/1168874
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0542-1: important: Security update for freeradius-server
by opensuse-security@opensuse.org 23 Apr '20
by opensuse-security@opensuse.org 23 Apr '20
23 Apr '20
openSUSE Security Update: Security update for freeradius-server
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0542-1
Rating: important
References: #1132549 #1132664
Cross-References: CVE-2019-11234 CVE-2019-11235
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for freeradius-server fixes the following issues:
Security issues fixed:
- CVE-2019-11235: Fixed an authentication bypass related to the EAP-PWD
Commit frame and insufficent validation of elliptic curve points
(bsc#1132549).
- CVE-2019-11234: Fixed an authentication bypass caused by reflecting
privous values back to the server (bsc#1132664).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-542=1
Package List:
- openSUSE Leap 15.1 (x86_64):
freeradius-server-3.0.16-lp151.4.3.1
freeradius-server-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-debugsource-3.0.16-lp151.4.3.1
freeradius-server-devel-3.0.16-lp151.4.3.1
freeradius-server-doc-3.0.16-lp151.4.3.1
freeradius-server-krb5-3.0.16-lp151.4.3.1
freeradius-server-krb5-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-ldap-3.0.16-lp151.4.3.1
freeradius-server-ldap-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-libs-3.0.16-lp151.4.3.1
freeradius-server-libs-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-mysql-3.0.16-lp151.4.3.1
freeradius-server-mysql-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-perl-3.0.16-lp151.4.3.1
freeradius-server-perl-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-postgresql-3.0.16-lp151.4.3.1
freeradius-server-postgresql-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-python-3.0.16-lp151.4.3.1
freeradius-server-python-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-sqlite-3.0.16-lp151.4.3.1
freeradius-server-sqlite-debuginfo-3.0.16-lp151.4.3.1
freeradius-server-utils-3.0.16-lp151.4.3.1
freeradius-server-utils-debuginfo-3.0.16-lp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-11234.html
https://www.suse.com/security/cve/CVE-2019-11235.html
https://bugzilla.suse.com/1132549
https://bugzilla.suse.com/1132664
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0541-1: critical: Security update for chromium
by opensuse-security@opensuse.org 20 Apr '20
by opensuse-security@opensuse.org 20 Apr '20
20 Apr '20
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0541-1
Rating: critical
References: #1169729
Cross-References: CVE-2020-6457
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for chromium fixes the following issues:
Chromium was updated to 81.0.4044.113 (boo#1169729):
- CVE-2020-6457: Fixed a use after free in speech recognizer
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-541=1
Package List:
- openSUSE Leap 15.1 (x86_64):
chromedriver-81.0.4044.113-lp151.2.80.1
chromedriver-debuginfo-81.0.4044.113-lp151.2.80.1
chromium-81.0.4044.113-lp151.2.80.1
chromium-debuginfo-81.0.4044.113-lp151.2.80.1
chromium-debugsource-81.0.4044.113-lp151.2.80.1
References:
https://www.suse.com/security/cve/CVE-2020-6457.html
https://bugzilla.suse.com/1169729
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0540-1: important: Security update for chromium
by opensuse-security@opensuse.org 19 Apr '20
by opensuse-security@opensuse.org 19 Apr '20
19 Apr '20
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0540-1
Rating: important
References: #1167465 #1168421 #1168911
Cross-References: CVE-2020-6423 CVE-2020-6430 CVE-2020-6431
CVE-2020-6432 CVE-2020-6433 CVE-2020-6434
CVE-2020-6435 CVE-2020-6436 CVE-2020-6437
CVE-2020-6438 CVE-2020-6439 CVE-2020-6440
CVE-2020-6441 CVE-2020-6442 CVE-2020-6443
CVE-2020-6444 CVE-2020-6445 CVE-2020-6446
CVE-2020-6447 CVE-2020-6448 CVE-2020-6450
CVE-2020-6451 CVE-2020-6452 CVE-2020-6454
CVE-2020-6455 CVE-2020-6456
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes 26 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium was updated to 81.0.4044.92 boo#1168911:
* CVE-2020-6454: Use after free in extensions
* CVE-2020-6423: Use after free in audio
* CVE-2020-6455: Out of bounds read in WebSQL
* CVE-2020-6430: Type Confusion in V8
* CVE-2020-6456: Insufficient validation of untrusted input in clipboard
* CVE-2020-6431: Insufficient policy enforcement in full screen
* CVE-2020-6432: Insufficient policy enforcement in navigations
* CVE-2020-6433: Insufficient policy enforcement in extensions
* CVE-2020-6434: Use after free in devtools
* CVE-2020-6435: Insufficient policy enforcement in extensions
* CVE-2020-6436: Use after free in window management
* CVE-2020-6437: Inappropriate implementation in WebView
* CVE-2020-6438: Insufficient policy enforcement in extensions
* CVE-2020-6439: Insufficient policy enforcement in navigations
* CVE-2020-6440: Inappropriate implementation in extensions
* CVE-2020-6441: Insufficient policy enforcement in omnibox
* CVE-2020-6442: Inappropriate implementation in cache
* CVE-2020-6443: Insufficient data validation in developer tools
* CVE-2020-6444: Uninitialized Use in WebRTC
* CVE-2020-6445: Insufficient policy enforcement in trusted types
* CVE-2020-6446: Insufficient policy enforcement in trusted types
* CVE-2020-6447: Inappropriate implementation in developer tools
* CVE-2020-6448: Use after free in V8
Chromium was updated to 80.0.3987.162 boo#1168421:
* CVE-2020-6450: Use after free in WebAudio.
* CVE-2020-6451: Use after free in WebAudio.
* CVE-2020-6452: Heap buffer overflow in media.
- Use a symbolic icon for GNOME
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-540=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):
chromedriver-81.0.4044.92-bp151.3.66.1
chromium-81.0.4044.92-bp151.3.66.1
References:
https://www.suse.com/security/cve/CVE-2020-6423.html
https://www.suse.com/security/cve/CVE-2020-6430.html
https://www.suse.com/security/cve/CVE-2020-6431.html
https://www.suse.com/security/cve/CVE-2020-6432.html
https://www.suse.com/security/cve/CVE-2020-6433.html
https://www.suse.com/security/cve/CVE-2020-6434.html
https://www.suse.com/security/cve/CVE-2020-6435.html
https://www.suse.com/security/cve/CVE-2020-6436.html
https://www.suse.com/security/cve/CVE-2020-6437.html
https://www.suse.com/security/cve/CVE-2020-6438.html
https://www.suse.com/security/cve/CVE-2020-6439.html
https://www.suse.com/security/cve/CVE-2020-6440.html
https://www.suse.com/security/cve/CVE-2020-6441.html
https://www.suse.com/security/cve/CVE-2020-6442.html
https://www.suse.com/security/cve/CVE-2020-6443.html
https://www.suse.com/security/cve/CVE-2020-6444.html
https://www.suse.com/security/cve/CVE-2020-6445.html
https://www.suse.com/security/cve/CVE-2020-6446.html
https://www.suse.com/security/cve/CVE-2020-6447.html
https://www.suse.com/security/cve/CVE-2020-6448.html
https://www.suse.com/security/cve/CVE-2020-6450.html
https://www.suse.com/security/cve/CVE-2020-6451.html
https://www.suse.com/security/cve/CVE-2020-6452.html
https://www.suse.com/security/cve/CVE-2020-6454.html
https://www.suse.com/security/cve/CVE-2020-6455.html
https://www.suse.com/security/cve/CVE-2020-6456.html
https://bugzilla.suse.com/1167465
https://bugzilla.suse.com/1168421
https://bugzilla.suse.com/1168911
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0539-1: moderate: Security update for mp3gain
by opensuse-security@opensuse.org 18 Apr '20
by opensuse-security@opensuse.org 18 Apr '20
18 Apr '20
openSUSE Security Update: Security update for mp3gain
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0539-1
Rating: moderate
References: #1154971
Cross-References: CVE-2017-12911 CVE-2019-18359
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for mp3gain fixes the following issues:
Update to version 1.6.2.
- CVE-2019-18359: Fixed a buffer over-read was discovered in ReadMP3APETag
(boo#1154971)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-539=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
mp3gain-1.6.2-bp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2017-12911.html
https://www.suse.com/security/cve/CVE-2019-18359.html
https://bugzilla.suse.com/1154971
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0
[security-announce] openSUSE-SU-2020:0535-1: moderate: Security update for gstreamer-rtsp-server
by opensuse-security@opensuse.org 17 Apr '20
by opensuse-security@opensuse.org 17 Apr '20
17 Apr '20
openSUSE Security Update: Security update for gstreamer-rtsp-server
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:0535-1
Rating: moderate
References: #1168026
Cross-References: CVE-2020-6095
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gstreamer-rtsp-server fixes the following issues:
- CVE-2020-6095: Fixed a NULL pointer dereference when handling an invalid
basic Authorization header (boo#1168026).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-535=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-535=1
Package List:
- openSUSE Leap 15.1 (x86_64):
gstreamer-rtsp-server-debuginfo-1.12.5-lp151.3.3.1
gstreamer-rtsp-server-debugsource-1.12.5-lp151.3.3.1
gstreamer-rtsp-server-devel-1.12.5-lp151.3.3.1
gstreamer-rtsp-server-devel-debuginfo-1.12.5-lp151.3.3.1
libgstrtspserver-1_0-0-1.12.5-lp151.3.3.1
libgstrtspserver-1_0-0-debuginfo-1.12.5-lp151.3.3.1
typelib-1_0-GstRtspServer-1_0-1.12.5-lp151.3.3.1
- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
gstreamer-rtsp-server-devel-1.12.5-bp151.4.3.1
libgstrtspserver-1_0-0-1.12.5-bp151.4.3.1
typelib-1_0-GstRtspServer-1_0-1.12.5-bp151.4.3.1
References:
https://www.suse.com/security/cve/CVE-2020-6095.html
https://bugzilla.suse.com/1168026
--
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org
1
0