September 2020 - openSUSE Security Announce

[security-announce] openSUSE-SU-2020:1328-1: important: Security update for chromium
by opensuse-security＠opensuse.org 03 Sep '20

03 Sep '20

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1328-1 Rating: important References: #1175757 Cross-References: CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill - CVE-2020-6561: Inappropriate implementation in Content Security Policy - CVE-2020-6562: Insufficient policy enforcement in Blink - CVE-2020-6563: Insufficient policy enforcement in intent handling. - CVE-2020-6564: Incorrect security UI in permissions - CVE-2020-6565: Incorrect security UI in Omnibox. - CVE-2020-6566: Insufficient policy enforcement in media. - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. - CVE-2020-6568: Insufficient policy enforcement in intent handling. - CVE-2020-6569: Integer overflow in WebUSB. - CVE-2020-6570: Side-channel information leakage in WebRTC. - CVE-2020-6571: Incorrect security UI in Omnibox. This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-1328=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 x86_64): chromedriver-85.0.4183.69-bp151.3.104.1 chromium-85.0.4183.69-bp151.3.104.1 References: https://www.suse.com/security/cve/CVE-2020-6558.html https://www.suse.com/security/cve/CVE-2020-6559.html https://www.suse.com/security/cve/CVE-2020-6560.html https://www.suse.com/security/cve/CVE-2020-6561.html https://www.suse.com/security/cve/CVE-2020-6562.html https://www.suse.com/security/cve/CVE-2020-6563.html https://www.suse.com/security/cve/CVE-2020-6564.html https://www.suse.com/security/cve/CVE-2020-6565.html https://www.suse.com/security/cve/CVE-2020-6566.html https://www.suse.com/security/cve/CVE-2020-6567.html https://www.suse.com/security/cve/CVE-2020-6568.html https://www.suse.com/security/cve/CVE-2020-6569.html https://www.suse.com/security/cve/CVE-2020-6570.html https://www.suse.com/security/cve/CVE-2020-6571.html https://bugzilla.suse.com/1175757 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1326-1: important: Security update for postgresql10
by opensuse-security＠opensuse.org 02 Sep '20

02 Sep '20

openSUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1326-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1326=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): postgresql10-10.14-lp152.2.6.2 postgresql10-contrib-10.14-lp152.2.6.2 postgresql10-contrib-debuginfo-10.14-lp152.2.6.2 postgresql10-debuginfo-10.14-lp152.2.6.2 postgresql10-debugsource-10.14-lp152.2.6.2 postgresql10-devel-10.14-lp152.2.6.2 postgresql10-devel-debuginfo-10.14-lp152.2.6.2 postgresql10-plperl-10.14-lp152.2.6.2 postgresql10-plperl-debuginfo-10.14-lp152.2.6.2 postgresql10-plpython-10.14-lp152.2.6.2 postgresql10-plpython-debuginfo-10.14-lp152.2.6.2 postgresql10-pltcl-10.14-lp152.2.6.2 postgresql10-pltcl-debuginfo-10.14-lp152.2.6.2 postgresql10-server-10.14-lp152.2.6.2 postgresql10-server-debuginfo-10.14-lp152.2.6.2 postgresql10-test-10.14-lp152.2.6.2 - openSUSE Leap 15.2 (noarch): postgresql10-docs-10.14-lp152.2.6.2 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1325-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 02 Sep '20

02 Sep '20

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1325-1 Rating: important References: #1065600 #1065729 #1071995 #1083548 #1085030 #1085308 #1087082 #1111666 #1112178 #1113956 #1133021 #1144333 #1152148 #1163524 #1165629 #1166965 #1169790 #1170232 #1171688 #1172073 #1172108 #1172418 #1172428 #1172783 #1172871 #1172872 #1172873 #1172963 #1173485 #1173798 #1173954 #1174003 #1174026 #1174205 #1174387 #1174484 #1174547 #1174550 #1174625 #1174689 #1174699 #1174734 #1174771 #1174852 #1174873 #1174904 #1174926 #1174968 #1175062 #1175063 #1175064 #1175065 #1175066 #1175067 #1175112 #1175127 #1175128 #1175149 #1175199 #1175213 #1175228 #1175232 #1175284 #1175393 #1175394 #1175396 #1175397 #1175398 #1175399 #1175400 #1175401 #1175402 #1175403 #1175404 #1175405 #1175406 #1175407 #1175408 #1175409 #1175410 #1175411 #1175412 #1175413 #1175414 #1175415 #1175416 #1175417 #1175418 #1175419 #1175420 #1175421 #1175422 #1175423 #1175440 #1175493 #1175515 #1175518 #1175526 #1175550 #1175654 #1175666 #1175667 #1175668 #1175669 #1175670 #1175767 #1175768 #1175769 #1175770 #1175771 #1175772 #1175786 #1175873 Cross-References: CVE-2018-3639 CVE-2020-14314 CVE-2020-14331 CVE-2020-14356 CVE-2020-1749 CVE-2020-24394 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 107 fixes is now available. Description: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bnc#1085308 bnc#1087082 bnc#1172782 bnc#1172783). Mitigations for Arm had not been included yet. - CVE-2020-14314: Fixed potential negative array index in do_split() (bsc#1173798). - CVE-2020-14331: Fixed a buffer over write in vgacon_scroll (bnc#1174205). - CVE-2020-14356: A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions was found in the way when reboot the system. A local user could use this flaw to crash the system or escalate their privileges on the system (bnc#1175213). - CVE-2020-1749: Some ipv6 protocols were not encrypted over ipsec tunnels (bsc#1165629). - CVE-2020-24394: fs/nfsd/vfs.c (in the NFS server) could set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered (bnc#1175518). The following non-security bugs were fixed: - ACPI: kABI fixes for subsys exports (bsc#1174968). - ACPI / LPSS: Resume BYT/CHT I2C controllers from resume_noirq (bsc#1174968). - ACPI / LPSS: Use acpi_lpss_* instead of acpi_subsys_* functions for hibernate (bsc#1174968). - ACPI: PM: Introduce "poweroff" callbacks for ACPI PM domain and LPSS (bsc#1174968). - ACPI: PM: Simplify and fix PM domain hibernation callbacks (bsc#1174968). - af_key: pfkey_dump needs parameter validation (git-fixes). - agp/intel: Fix a memory leak on module initialisation failure (git-fixes). - ALSA: core: pcm_iec958: fix kernel-doc (bsc#1111666). - ALSA: echoaduio: Drop superfluous volatile modifier (bsc#1111666). - ALSA: echoaudio: Fix potential Oops in snd_echo_resume() (bsc#1111666). - ALSA: hda: Add support for Loongson 7A1000 controller (bsc#1111666). - ALSA: hda/ca0132 - Add new quirk ID for Recon3D (bsc#1111666). - ALSA: hda/ca0132 - Fix AE-5 microphone selection commands (bsc#1111666). - ALSA: hda/ca0132 - Fix ZxR Headphone gain control get value (bsc#1111666). - ALSA: hda: fix snd_hda_codec_cleanup() documentation (bsc#1111666). - ALSA: hda - fix the micmute led status for Lenovo ThinkCentre AIO (bsc#1111666). - ALSA: hda/realtek: Add alc269/alc662 pin-tables for Loongson-3 laptops (bsc#1111666). - ALSA: hda/realtek: Add model alc298-samsung-headphone (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion (git-fixes). - ALSA: hda/realtek: Add quirk for Samsung Galaxy Flex Book (git-fixes). - ALSA: hda/realtek: Fix pin default on Intel NUC 8 Rugged (bsc#1111666). - ALSA: hda/realtek - Fix unused variable warning (bsc#1111666). - ALSA: hda - reverse the setting value in the micmute_led_set (bsc#1111666). - ALSA: pci: delete repeated words in comments (bsc#1111666). - ALSA: seq: oss: Serialize ioctls (bsc#1111666). - ALSA: usb-audio: Add capture support for Saffire 6 (USB 1.1) (git-fixes). - ALSA: usb-audio: add quirk for Pioneer DDJ-RB (bsc#1111666). - ALSA: usb-audio: add startech usb audio dock name (bsc#1111666). - ALSA: usb-audio: Add support for Lenovo ThinkStation P620 (bsc#1111666). - ALSA: usb-audio: Creative USB X-Fi Pro SB1095 volume knob support (bsc#1111666). - ALSA: usb-audio: Disable Lenovo P620 Rear line-in volume control (bsc#1111666). - ALSA: usb-audio: endpoint : remove needless check before usb_free_coherent() (bsc#1111666). - ALSA: usb-audio: fix overeager device match for MacroSilicon MS2109 (bsc#1174625). - ALSA: usb-audio: fix spelling mistake "buss" -> "bus" (bsc#1111666). - ALSA: usb-audio: ignore broken processing/extension unit (git-fixes). - ALSA: usb-audio: Update documentation comment for MS2109 quirk (git-fixes). - ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 (bsc#1111666). - ALSA: usb/line6: remove 'defined but not used' warning (bsc#1111666). - arm64: Add MIDR encoding for HiSilicon Taishan CPUs (bsc#1174547). - arm64: Add MIDR encoding for NVIDIA CPUs (bsc#1174547). - arm64: add sysfs vulnerability show for meltdown (bsc#1174547). - arm64: Add sysfs vulnerability show for spectre-v1 (bsc#1174547). - arm64: add sysfs vulnerability show for spectre-v2 (bsc#1174547). - arm64: add sysfs vulnerability show for speculative store bypass (bsc#1174547). - arm64: Advertise mitigation of Spectre-v2, or lack thereof (bsc#1174547) - arm64: Always enable spectre-v2 vulnerability detection (bsc#1174547). - arm64: Always enable ssb vulnerability detection (bsc#1174547). - arm64: backtrace: Do not bother trying to unwind the userspace stack (bsc#1175397). - arm64: capabilities: Add NVIDIA Denver CPU to bp_harden list (bsc#1174547). - arm64: capabilities: Merge duplicate Cavium erratum entries (bsc#1174547). - arm64: capabilities: Merge entries for ARM64_WORKAROUND_CLEAN_CACHE (bsc#1174547). - arm64: cpufeature: Enable Qualcomm Falkor/Kryo errata 1003 (bsc#1175398). - arm64: Do not mask out PTE_RDONLY in pte_same() (bsc#1175393). - arm64: enable generic CPU vulnerabilites support (bsc#1174547). Update config/arm64/default - arm64: Ensure VM_WRITE|VM_SHARED ptes are clean by default (bsc#1175394). - arm64: errata: Do not define type field twice for arm64_errata entries (bsc#1174547). - arm64: errata: Update stale comment (bsc#1174547). - arm64: Get rid of __smccc_workaround_1_hvc_* (bsc#1174547). - arm64: kpti: Avoid rewriting early page tables when KASLR is enabled (bsc#1174547). - arm64: kpti: Update arm64_kernel_use_ng_mappings() when forced on (bsc#1174547). - arm64: kpti: Whitelist Cortex-A CPUs that do not implement the CSV3 field (bsc#1174547). - arm64: kpti: Whitelist HiSilicon Taishan v110 CPUs (bsc#1174547). - arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1 (bsc#1133021). - arm64: KVM: Guests can skip __install_bp_hardening_cb()s HYP work (bsc#1174547). - arm64: KVM: Use SMCCC_ARCH_WORKAROUND_1 for Falkor BP hardening (bsc#1174547). - arm64: mm: Fix pte_mkclean, pte_mkdirty semantics (bsc#1175526). - arm64: Provide a command line to disable spectre_v2 mitigation (bsc#1174547). - arm64: Silence clang warning on mismatched value/register sizes (bsc#1175396). - arm64/speculation: Support 'mitigations=' cmdline option (bsc#1174547). - arm64: ssbd: explicitly depend on <linux/prctl.h> (bsc#1175399). - arm64: ssbs: Do not treat CPUs with SSBS as unaffected by SSB (bsc#1174547). - arm64: ssbs: Fix context-switch when SSBS is present on all CPUs (bsc#1175669). - arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h> (bsc#1175401). - arm64/sve: Fix wrong free for task->thread.sve_state (bsc#1175400). - arm64: tlbflush: avoid writing RES0 bits (bsc#1175402). - arm64: Use firmware to detect CPUs that are not affected by Spectre-v2 (bsc#1174547). - ARM: KVM: invalidate BTB on guest exit for Cortex-A12/A17 (bsc#1133021). - ARM: KVM: invalidate icache on guest exit for Cortex-A15 (bsc#1133021). - ARM: spectre-v2: KVM: invalidate icache on guest exit for Brahma B15 (bsc#1133021). - ASoC: hda/tegra: Set buffer alignment to 128 bytes (bsc#1111666). - ASoC: intel: Fix memleak in sst_media_open (git-fixes). - ASoC: rt5670: Correct RT5670_LDO_SEL_MASK (git-fixes). - AX.25: Fix out-of-bounds read in ax25_connect() (git-fixes). - AX.25: Prevent integer overflows in connect and sendmsg (git-fixes). - AX.25: Prevent out-of-bounds read in ax25_sendmsg() (git-fixes). - ax88172a: fix ax88172a_unbind() failures (git-fixes). - b43: Remove uninitialized_var() usage (git-fixes). - bcache: allocate meta data pages as compound pages (bsc#1172873). - block: check queue's limits.discard_granularity in __blkdev_issue_discard() (bsc#1152148). - block: improve discard bio alignment in __blkdev_issue_discard() (bsc#1152148). - Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() (bsc#1111666). - Bluetooth: Fix update of connection state in `hci_encrypt_cfm` (git-fixes). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_evt() (bsc#1111666). - Bluetooth: Prevent out-of-bounds read in hci_inquiry_result_with_rssi_evt() (bsc#1111666). - bonding: fix active-backup failover for current ARP slave (bsc#1174771). - bonding: fix a potential double-unregister (git-fixes). - bonding: show saner speed for broadcast mode (git-fixes). - bpf: Fix map leak in HASH_OF_MAPS map (git-fixes). - brcmfmac: keep SDIO watchdog running when console_interval is non-zero (bsc#1111666). - brcmfmac: set state of hanger slot to FREE when flushing PSQ (bsc#1111666). - brcmfmac: To fix Bss Info flag definition Bug (bsc#1111666). - btrfs: fix a block group ref counter leak after failure to remove block group (bsc#1175149). - btrfs: fix block group leak when removing fails (bsc#1175149). - btrfs: fix bytes_may_use underflow when running balance and scrub in parallel (bsc#1175149). - btrfs: fix corrupt log due to concurrent fsync of inodes with shared extents (bsc#1175149). - btrfs: fix data block group relocation failure due to concurrent scrub (bsc#1175149). - btrfs: fix double free on ulist after backref resolution failure (bsc#1175149). - btrfs: fix fatal extent_buffer readahead vs releasepage race (bsc#1175149). - btrfs: fix memory leaks after failure to lookup checksums during inode logging (bsc#1175550). - btrfs: fix page leaks after failure to lock page for delalloc (bsc#1175149). - btrfs: fix race between block group removal and block group creation (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow after nocow buffered write (bsc#1175149). - btrfs: fix space_info bytes_may_use underflow during space cache writeout (bsc#1175149). - btrfs: fix wrong file range cleanup after an error filling dealloc range (bsc#1175149). - btrfs: inode: fix NULL pointer dereference if inode does not need compression (bsc#1174484). - btrfs: Open code btrfs_write_and_wait_marked_extents (bsc#1175149). - btrfs: Rename and export clear_btree_io_tree (bsc#1175149). - btrfs: treat RWF_{,D}SYNC writes as sync for CRCs (bsc#1175493). - cfg80211: check vendor command doit pointer before use (git-fixes). - char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667). - cifs: document and cleanup dfs mount (bsc#1144333 bsc#1172428). - cifs: Fix an error pointer dereference in cifs_mount() (bsc#1144333 bsc#1172428). - cifs: fix double free error on share and prefix (bsc#1144333 bsc#1172428). - cifs: handle empty list of targets in cifs_reconnect() (bsc#1144333 bsc#1172428). - cifs: handle RESP_GET_DFS_REFERRAL.PathConsumed in reconnect (bsc#1144333 bsc#1172428). - cifs: merge __{cifs,smb2}_reconnect[_tcon]() into cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: only update prefix path of DFS links in cifs_tree_connect() (bsc#1144333 bsc#1172428). - cifs: reduce number of referral requests in DFS link lookups (bsc#1144333 bsc#1172428). - cifs: rename reconn_inval_dfs_target() (bsc#1144333 bsc#1172428). - clk: at91: clk-generated: check best_rate against ranges (bsc#1111666). - clk: clk-atlas6: fix return value check in atlas6_clk_init() (bsc#1111666). - clk: iproc: round clock rate to the closest (bsc#1111666). - clk: spear: Remove uninitialized_var() usage (git-fixes). - clk: st: Remove uninitialized_var() usage (git-fixes). - console: newport_con: fix an issue about leak related system resources (git-fixes). - crypto: ccp - Fix use of merged scatterlists (git-fixes). - crypto: cpt - do not sleep of CRYPTO_TFM_REQ_MAY_SLEEP was not specified (git-fixes). - crypto: qat - fix double free in qat_uclo_create_batch_init_list (git-fixes). - dev: Defer free of skbs in flush_backlog (git-fixes). - device property: Fix the secondary firmware node handling in set_primary_fwnode() (git-fixes). - devres: keep both device name and resource name in pretty name (git-fixes). - dlm: Fix kobject memleak (bsc#1175768). - dmaengine: fsl-edma: Fix NULL pointer exception in fsl_edma_tx_handler (git-fixes). - Documentation/networking: Add net DIM documentation (bsc#1174852). - dpaa2-eth: Fix passing zero to 'PTR_ERR' warning (bsc#1175403). - dpaa2-eth: free already allocated channels on probe defer (bsc#1175404). - dpaa2-eth: prevent array underflow in update_cls_rule() (bsc#1175405). - dpaa_eth: add dropped frames to percpu ethtool stats (bsc#1174550). - dpaa_eth: add newline in dev_err() msg (bsc#1174550). - dpaa_eth: avoid timestamp read on error paths (bsc#1175406). - dpaa_eth: change DMA device (bsc#1174550). - dpaa_eth: cleanup skb_to_contig_fd() (bsc#1174550). - dpaa_eth: defer probing after qbman (bsc#1174550). - dpaa_eth: extend delays in ndo_stop (bsc#1174550). - dpaa_eth: fix DMA mapping leak (bsc#1174550). - dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1174550). - dpaa_eth: FMan erratum A050385 workaround (bsc#1174550). - dpaa_eth: perform DMA unmapping before read (bsc#1175407). - dpaa_eth: register a device link for the qman portal used (bsc#1174550). - dpaa_eth: remove netdev_err() for user errors (bsc#1174550). - dpaa_eth: remove redundant code (bsc#1174550). - dpaa_eth: simplify variables used in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use a page to store the SGT (bsc#1174550). - dpaa_eth: use fd information in dpaa_cleanup_tx_fd() (bsc#1174550). - dpaa_eth: use only one buffer pool per interface (bsc#1174550). - dpaa_eth: use page backed rx buffers (bsc#1174550). - driver core: Avoid binding drivers to dead devices (git-fixes). - Drivers: hv: balloon: Remove dependencies on guest page size (git-fixes). - Drivers: hv: vmbus: Fix virt_to_hvpfn() for X86_PAE (git-fixes). - Drivers: hv: vmbus: Only notify Hyper-V for die events that are oops (bsc#1175127, bsc#1175128). - Drivers: hv: vmbus: Remove the undesired put_cpu_ptr() in hv_synic_cleanup() (git-fixes). - drivers/perf: hisi: Fix typo in events attribute array (bsc#1175408). - drivers/perf: hisi: Fixup one DDRC PMU register offset (bsc#1175410). - drivers/perf: hisi: Fix wrong value for all counters enable (bsc#1175409). - drm: Added orientation quirk for ASUS tablet model T103HAF (bsc#1111666). - drm/amd/display: fix pow() crashing when given base 0 (git-fixes). - drm/amdgpu: avoid dereferencing a NULL pointer (bsc#1111666). - drm/amdgpu: Fix bug where DPM is not enabled after hibernate and resume (bsc#1111666). - drm/amdgpu: Fix NULL dereference in dpm sysfs handlers (bsc#1113956) - drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() (git-fixes). - drm/amdgpu: Replace invalid device ID with a valid device ID (bsc#1113956) - drm/arm: fix unintentional integer overflow on left shift (git-fixes). - drm/bridge: dw-hdmi: Do not cleanup i2c adapter and ddc ptr in (bsc#1113956) - drm/bridge: sil_sii8620: initialize return of sii8620_readb (git-fixes). - drm/dbi: Fix SPI Type 1 (9-bit) transfer (bsc#1113956) - drm/debugfs: fix plain echo to connector "force" attribute (bsc#1111666). - drm/etnaviv: Fix error path on failure to enable bus clk (git-fixes). - drm/etnaviv: fix ref count leak via pm_runtime_get_sync (bsc#1111666). - drm: fix drm_dp_mst_port refcount leaks in drm_dp_mst_allocate_vcpi (bsc#1112178) - drm: hold gem reference until object is no longer accessed (bsc#1113956) - drm/imx: fix use after free (git-fixes). - drm/imx: imx-ldb: Disable both channels for split mode in enc->disable() (git-fixes). - drm/imx: tve: fix regulator_disable error path (git-fixes). - drm/mipi: use dcs write for mipi_dsi_dcs_set_tear_scanline (git-fixes). - drm/msm/adreno: fix updating ring fence (git-fixes). - drm/msm: ratelimit crtc event overflow error (bsc#1111666). - drm/nouveau/fbcon: fix module unload when fbcon init has failed for some reason (git-fixes). - drm/nouveau/fbcon: zero-initialise the mode_cmd2 structure (git-fixes). - drm/nouveau: fix multiple instances of reference count leaks (bsc#1111666). - drm/panel: otm8009a: Drop unnessary backlight_device_unregister() (git-fixes). - drm: panel: simple: Fix bpc for LG LB070WV8 panel (git-fixes). - drm/radeon: disable AGP by default (bsc#1111666). - drm/radeon: fix array out-of-bounds read and write issues (git-fixes). - drm/radeon: Fix reference count leaks caused by pm_runtime_get_sync (bsc#1111666). - drm/rockchip: fix VOP_WIN_GET macro (bsc#1175411). - drm/tilcdc: fix leak & null ref in panel_connector_get_modes (bsc#1111666). - drm/ttm/nouveau: do not call tt destroy callback on alloc failure (bsc#1175232). - drm/vmwgfx: Fix two list_for_each loop exit tests (bsc#1111666). - drm/vmwgfx: Use correct vmw_legacy_display_unit pointer (bsc#1111666). - drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: fix checking of directory entry validity for inline directories (bsc#1175771). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - fbdev: Detect integer underflow at "struct fbcon_ops"->clear_margins. (bsc#1112178) - firmware: google: check if size is valid when decoding VPD data (git-fixes). - firmware: google: increment VPD key_len properly (git-fixes). - fsl/fman: add API to get the device behind a fman port (bsc#1174550). - fsl/fman: check dereferencing null pointer (git-fixes). - fsl/fman: detect FMan erratum A050385 (bsc#1174550). - fsl/fman: do not touch liodn base regs reserved on non-PAMU SoCs (bsc#1174550). - fsl/fman: fix dereference null return value (git-fixes). - fsl/fman: fix eth hash table allocation (git-fixes). - fsl/fman: fix unreachable code (git-fixes). - fsl/fman: remove unused struct member (bsc#1174550). - fsl/fman: use 32-bit unsigned integer (git-fixes). - fuse: fix memleak in cuse_channel_open (bsc#1174926). - fuse: fix missing unlock_page in fuse_writepage() (bsc#1174904). - fuse: Fix parameter for FS_IOC_{GET,SET}FLAGS (bsc#1175062). - fuse: fix weird page warning (bsc#1175063). - fuse: flush dirty data/metadata before non-truncate setattr (bsc#1175064). - fuse: truncate pending writes on O_TRUNC (bsc#1175065). - fuse: verify attributes (bsc#1175066). - fuse: verify nlink (bsc#1175067). - genetlink: remove genl_bind (networking-stable-20_07_17). - go7007: add sanity checking for endpoints (git-fixes). - gpu: host1x: debug: Fix multiple channels emitting messages simultaneously (bsc#1111666). - hv_balloon: Balloon up according to request page number (git-fixes). - hv_balloon: Use a static page for the balloon_up send buffer (git-fixes). - hv_netvsc: Allow scatter-gather feature to be tunable (git-fixes). - hv_netvsc: do not use VF device if link is down (git-fixes). - hv_netvsc: Fix a warning of suspicious RCU usage (git-fixes). - hv_netvsc: Fix error handling in netvsc_attach() (git-fixes). - hv_netvsc: Fix extra rcu_read_unlock in netvsc_recv_callback() (git-fixes). - hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes). - hv_netvsc: Fix unwanted wakeup in netvsc_attach() (git-fixes). - hv_netvsc: flag software created hash value (git-fixes). - hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes). - i2c: rcar: in slave mode, clear NACK earlier (git-fixes). - i2c: rcar: slave: only send STOP event when we have been addressed (bsc#1111666). - i40e: Fix crash during removing i40e driver (git-fixes). - i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes). - ibmveth: Fix use of ibmveth in a bridge (bsc#1174387 ltc#187506). - ibmvnic: Fix IRQ mapping disposal in error path (bsc#1175112 ltc#187459). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - include/linux/poison.h: remove obsolete comment (git fixes (poison)). - Input: psmouse - add a newline when printing 'proto' by sysfs (git-fixes). - Input: sentelic - fix error return when fsp_reg_write fails (bsc#1111666). - integrity: remove redundant initialization of variable ret (git-fixes). - ip6_gre: fix null-ptr-deref in ip6gre_init_net() (git-fixes). - ip6_gre: fix use-after-free in ip6gre_tunnel_lookup() (networking-stable-20_06_28). - ip6_tunnel: allow not to count pkts on tstats by passing dev as NULL (bsc#1175515). - ip_tunnel: allow not to count pkts on tstats by setting skb's dev to NULL (bsc#1175515). - ip_tunnel: Emit events for post-register MTU changes (git-fixes). - ip_tunnel: fix use-after-free in ip_tunnel_lookup() (networking-stable-20_06_28). - ip_tunnel: restore binding to ifaces with a large mtu (git-fixes). - ipv4: fill fl4_icmp_{type,code} in ping_v4_sendmsg (networking-stable-20_07_17). - ipv4: Silence suspicious RCU usage warning (git-fixes). - ipv6: fix memory leaks on IPV6_ADDRFORM path (git-fixes). - ipvlan: fix device features (git-fixes). - ipvs: allow connection reuse for unconfirmed conntrack (git-fixes). - ipvs: fix refcount usage for conns in ops mode (git-fixes). - ipvs: fix the connection sync failed in some cases (bsc#1174699). - irqchip/gic: Atomically update affinity (bsc#1111666). - iwlegacy: Check the return value of pcie_capability_read_*() (bsc#1111666). - jbd2: add the missing unlock_buffer() in the error path of jbd2_write_superblock() (bsc#1175772). - kABI: genetlink: remove genl_bind (kabi). - kabi: hide new parameter of ip6_dst_lookup_flow() (bsc#1165629). - kabi: mask changes to struct ipv6_stub (bsc#1165629). - kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)). - kernel/relay.c: fix memleak on destroy relay channel (git-fixes). - kernfs: do not call fsnotify() with name without a parent (bsc#1175770). - KVM: arm64: Ensure 'params' is initialised when looking up sys register (bsc#1133021). - KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART (bsc#1133021). - KVM: arm/arm64: Fix young bit from mmu notifier (bsc#1133021). - KVM: arm/arm64: vgic: Do not rely on the wrong pending table (bsc#1133021). - KVM: arm/arm64: vgic-its: Fix restoration of unmapped collections (bsc#1133021). - KVM: arm: Fix DFSR setting for non-LPAE aarch32 guests (bsc#1133021). - KVM: arm: Make inject_abt32() inject an external abort instead (bsc#1133021). - kvm: Change offset in kvm_write_guest_offset_cached to unsigned (bsc#1133021). - KVM: Check for a bad hva before dropping into the ghc slow path (bsc#1133021). - KVM: PPC: Book3S PR: Remove uninitialized_var() usage (bsc#1065729). - l2tp: remove skb_dst_set() from l2tp_xmit_skb() (networking-stable-20_07_17). - leds: 88pm860x: fix use-after-free on unbind (git-fixes). - leds: core: Flush scheduled work for system suspend (git-fixes). - leds: da903x: fix use-after-free on unbind (git-fixes). - leds: lm3533: fix use-after-free on unbind (git-fixes). - leds: lm355x: avoid enum conversion warning (git-fixes). - leds: wm831x-status: fix use-after-free on unbind (git-fixes). - lib/dim: Fix -Wunused-const-variable warnings (bsc#1174852). - lib: dimlib: fix help text typos (bsc#1174852). - linux/dim: Add completions count to dim_sample (bsc#1174852). - linux/dim: Fix overflow in dim calculation (bsc#1174852). - linux/dim: Move implementation to .c files (bsc#1174852). - linux/dim: Move logic to dim.h (bsc#1174852). - linux/dim: Remove "net" prefix from internal DIM members (bsc#1174852). - linux/dim: Rename externally exposed macros (bsc#1174852). - linux/dim: Rename externally used net_dim members (bsc#1174852). - linux/dim: Rename net_dim_sample() to net_dim_update_sample() (bsc#1174852). - liquidio: Fix wrong return value in cn23xx_get_pf_num() (git-fixes). - llc: make sure applications use ARPHRD_ETHER (networking-stable-20_07_17). - mac80211: mesh: Free ie data when leaving mesh (git-fixes). - mac80211: mesh: Free pending skb when destroying a mpath (git-fixes). - MAINTAINERS: add entry for Dynamic Interrupt Moderation (bsc#1174852). - md-cluster: Fix potential error pointer dereference in resize_bitmaps() (git-fixes). - md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (git-fixes). - media: budget-core: Improve exception handling in budget_register() (git-fixes). - media: exynos4-is: Add missed check for pinctrl_lookup_state() (git-fixes). - media: firewire: Using uninitialized values in node_probe() (git-fixes). - media: omap3isp: Add missed v4l2_ctrl_handler_free() for preview_init_entities() (git-fixes). - media: vpss: clean up resources in init (git-fixes). - mfd: arizona: Ensure 32k clock is put on driver unbind and error (git-fixes). - mfd: dln2: Run event handler loop under spinlock (git-fixes). - mfd: rk808: Fix RK818 ID template (bsc#1175412). - mld: fix memory leak in ipv6_mc_destroy_dev() (networking-stable-20_06_28). - mm: filemap: clear idle flag for writes (bsc#1175769). - mm/migrate.c: add missing flush_dcache_page for non-mapped page migrate (git fixes (mm/migrate)). - mm/mmu_notifier: use hlist_add_head_rcu() (git fixes (mm/mmu_notifiers)). - mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/compaction)). - mm/rmap.c: do not reuse anon_vma if we just want a copy (git fixes (mm/rmap)). - mm/shmem.c: cast the type of unmap_start to u64 (git fixes (mm/shmem)). - mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)). - mm/vunmap: add cond_resched() in vunmap_pmd_range (bsc#1175654 ltc#184617). - mtd: spi-nor: Fix an error code in spi_nor_read_raw() (bsc#1175413). - mtd: spi-nor: fix kernel-doc for spi_nor::info (bsc#1175414). - mtd: spi-nor: fix kernel-doc for spi_nor::reg_proto (bsc#1175415). - mtd: spi-nor: fix silent truncation in spi_nor_read_raw() (bsc#1175416). - mwifiex: Prevent memory corruption handling keys (git-fixes). - net: Added pointer check for dst->ops->neigh_lookup in dst_neigh_lookup_skb (git-fixes). - net: bridge: enfore alignment for ethernet address (networking-stable-20_06_28). - net: core: reduce recursion limit value (networking-stable-20_06_28). - net: Do not clear the sock TX queue in sk_set_socket() (networking-stable-20_06_28). - net: dsa: b53: check for timeout (git-fixes). - net: ena: Add first_interrupt field to napi struct (bsc#1174852). - net: ena: add reserved PCI device ID (bsc#1174852). - net: ena: add support for reporting of packet drops (bsc#1174852). - net: ena: add support for the rx offset feature (bsc#1174852). - net: ena: add support for traffic mirroring (bsc#1174852). - net: ena: add unmask interrupts statistics to ethtool (bsc#1174852). - net: ena: allow setting the hash function without changing the key (bsc#1174852). - net: ena: avoid unnecessary admin command when RSS function set fails (bsc#1174852). - net: ena: avoid unnecessary rearming of interrupt vector when busy-polling (bsc#1174852). - net: ena: change default RSS hash function to Toeplitz (bsc#1174852). - net: ena: change num_queues to num_io_queues for clarity and consistency (bsc#1174852). - net: ena: changes to RSS hash key allocation (bsc#1174852). - net: ena: Change WARN_ON expression in ena_del_napi_in_range() (bsc#1174852). - net: ena: clean up indentation issue (bsc#1174852). - net: ena: cosmetic: change ena_com_stats_admin stats to u64 (bsc#1174852). - net: ena: cosmetic: code reorderings (bsc#1174852). - net: ena: cosmetic: extract code to ena_indirection_table_set() (bsc#1174852). - net: ena: cosmetic: fix line break issues (bsc#1174852). - net: ena: cosmetic: fix spacing issues (bsc#1174852). - net: ena: cosmetic: fix spelling and grammar mistakes in comments (bsc#1174852). - net: ena: cosmetic: minor code changes (bsc#1174852). - net: ena: cosmetic: remove unnecessary code (bsc#1174852). - net: ena: cosmetic: remove unnecessary spaces and tabs in ena_com.h macros (bsc#1174852). - net: ena: cosmetic: rename ena_update_tx/rx_rings_intr_moderation() (bsc#1174852). - net: ena: cosmetic: satisfy gcc warning (bsc#1174852). - net: ena: cosmetic: set queue sizes to u32 for consistency (bsc#1174852). - net: ena: drop superfluous prototype (bsc#1174852). - net: ena: enable support of rss hash key and function changes (bsc#1174852). - net: ena: enable the interrupt_moderation in driver_supported_features (bsc#1174852). - net: ena: ethtool: clean up minor indentation issue (bsc#1174852). - net: ena: ethtool: get_channels: use combined only (bsc#1174852). - net: ena: ethtool: remove redundant non-zero check on rc (bsc#1174852). - net: ena: ethtool: support set_channels callback (bsc#1174852). - net/ena: Fix build warning in ena_xdp_set() (bsc#1174852). - net: ena: fix ena_com_comp_status_to_errno() return value (bsc#1174852). - net: ena: fix error returning in ena_com_get_hash_function() (bsc#1174852). - net: ena: fix incorrect setting of the number of msix vectors (bsc#1174852). - net: ena: fix incorrect update of intr_delay_resolution (bsc#1174852). - net: ena: fix request of incorrect number of IRQ vectors (bsc#1174852). - net: ena: fix update of interrupt moderation register (bsc#1174852). - net: ena: Fix using plain integer as NULL pointer in ena_init_napi_in_range (bsc#1174852). - net: ena: implement XDP drop support (bsc#1174852). - net: ena: Implement XDP_TX action (bsc#1174852). - net: ena: make ethtool -l show correct max number of queues (bsc#1174852). - net: ena: Make missed_tx stat incremental (bsc#1083548). - net: ena: Make some functions static (bsc#1174852). - net: ena: move llq configuration from ena_probe to ena_device_init() (bsc#1174852). - net: ena: multiple queue creation related cleanups (bsc#1174852). - net: ena: Prevent reset after device destruction (bsc#1083548). - net: ena: reduce driver load time (bsc#1174852). - net: ena: remove all old adaptive rx interrupt moderation code from ena_com (bsc#1174852). - net: ena: remove code duplication in ena_com_update_nonadaptive_moderation_interval _*() (bsc#1174852). - net: ena: remove code that does nothing (bsc#1174852). - net: ena: remove ena_restore_ethtool_params() and relevant fields (bsc#1174852). - net: ena: remove old adaptive interrupt moderation code from ena_netdev (bsc#1174852). - net: ena: remove redundant print of number of queues (bsc#1174852). - net: ena: remove set but not used variable 'hash_key' (bsc#1174852). - net: ena: remove set but not used variable 'rx_ring' (bsc#1174852). - net: ena: rename ena_com_free_desc to make API more uniform (bsc#1174852). - net: ena: Select DIMLIB for ENA_ETHERNET (bsc#1174852). - net: ena: simplify ena_com_update_intr_delay_resolution() (bsc#1174852). - net: ena: support new LLQ acceleration mode (bsc#1174852). - net: ena: switch to dim algorithm for rx adaptive interrupt moderation (bsc#1174852). - net: ena: use explicit variable size for clarity (bsc#1174852). - net: ena: use SHUTDOWN as reset reason when closing interface (bsc#1174852). - net: ena: xdp: update napi budget for DROP and ABORTED (bsc#1174852). - net: ena: xdp: XDP_TX: fix memory leak (bsc#1174852). - net: ethernet: aquantia: Fix wrong return value (git-fixes). - net: ethernet: broadcom: have drivers select DIMLIB as needed (bsc#1174852). - net: ethernet: stmmac: Disable hardware multicast filter (git-fixes). - net: fec: correct the error path for regulator disable in probe (git-fixes). - netfilter: x_tables: add counters allocation wrapper (git-fixes). - netfilter: x_tables: cap allocations at 512 mbyte (git-fixes). - netfilter: x_tables: limit allocation requests for blob rule heads (git-fixes). - net: Fix a documentation bug wrt. ip_unprivileged_port_start (git-fixes). (SLES tuning guide refers to ip-sysctl.txt.) - net: fix memleak in register_netdevice() (networking-stable-20_06_28). - net: Fix the arp error in some cases (networking-stable-20_06_28). - net: gre: recompute gre csum for sctp over gre tunnels (git-fixes). - net: increment xmit_recursion level in dev_direct_xmit() (networking-stable-20_06_28). - net: ip6_gre: Request headroom in __gre6_xmit() (git-fixes). - net: lan78xx: add missing endpoint sanity check (git-fixes). - net: lan78xx: fix transfer-buffer memory leak (git-fixes). - net: make symbol 'flush_works' static (git-fixes). - net/mlx5: Delete extra dump stack that gives nothing (git-fixes). - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes). - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes). - net: netsec: Fix signedness bug in netsec_probe() (bsc#1175417). - net: netsec: initialize tx ring on ndo_open (bsc#1175418). - net: phy: Check harder for errors in get_phy_id() (bsc#1111666). - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes). - net: Set fput_needed iff FDPUT_FPUT is set (git-fixes). - net: socionext: Fix a signedness bug in ave_probe() (bsc#1175419). - net: socionext: replace napi_alloc_frag with the netdev variant on init (bsc#1175420). - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes). - net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes). - net: stmmac: Fix RX packet size > 8191 (git-fixes). - net: udp: Fix wrong clean up for IS_UDPLITE macro (git-fixes). - net: update net_dim documentation after rename (bsc#1174852). - net: usb: ax88179_178a: fix packet alignment padding (networking-stable-20_06_28). - net: usb: qmi_wwan: add support for Quectel EG95 LTE modem (networking-stable-20_07_17). - netvsc: unshare skb in VF rx handler (git-fixes). - nfc: nci: add missed destroy_workqueue in nci_register_device (git-fixes). - NTB: Fix an error in get link status (git-fixes). - ntb_netdev: fix sleep time mismatch (git-fixes). - NTB: ntb_transport: Use scnprintf() for avoiding potential buffer overflow (git-fixes). - nvme: explicitly update mpath disk capacity on revalidation (git-fixes). - nvme: fix possible deadlock when I/O is blocked (git-fixes). - nvme-multipath: do not fall back to __nvme_find_path() for non-optimized paths (bsc#1172108). - nvme-multipath: fix logic for non-optimized paths (bsc#1172108). - nvme-multipath: round-robin: eliminate "fallback" variable (bsc#1172108). - nvme: multipath: round-robin: fix single non-optimized path case (bsc#1172108). - obsolete_kmp: provide newer version than the obsoleted one (boo#1170232). - ocfs2: add trimfs dlm lock resource (bsc#1175228). - ocfs2: add trimfs lock to avoid duplicated trims in cluster (bsc#1175228). - ocfs2: avoid inode removal while nfsd is accessing it (bsc#1172963). - ocfs2: change slot number type s16 to u16 (bsc#1175786). - ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963). - ocfs2: fix remounting needed after setfacl command (bsc#1173954). - ocfs2: fix the application IO timeout when fstrim is running (bsc#1175228). - ocfs2: fix value of OCFS2_INVALID_SLOT (bsc#1175767). - ocfs2: load global_inode_alloc (bsc#1172963). - omapfb: dss: Fix max fclk divider for omap36xx (bsc#1113956) - openvswitch: Prevent kernel-infoleak in ovs_ct_put_key() (git-fixes). - PCI/ASPM: Add missing newline in sysfs 'policy' (git-fixes). - PCI: dwc: Move interrupt acking into the proper callback (bsc#1175666). - PCI: Fix pci_cfg_wait queue locking problem (git-fixes). - PCI: hotplug: ACPI: Fix context refcounting in acpiphp_grab_context() (git-fixes). - PCI: hv: Fix a timing issue which causes kdump to fail occasionally (bsc#1172871, bsc#1172872, git-fixes). - PCI: Release IVRS table in AMD ACS quirk (git-fixes). - PCI: switchtec: Add missing __iomem and __user tags to fix sparse warnings (git-fixes). - PCI: switchtec: Add missing __iomem tag to fix sparse warnings (git-fixes). - phy: sun4i-usb: fix dereference of pointer phy0 before it is null checked (git-fixes). - pinctrl: single: fix function name in documentation (git-fixes). - pinctrl-single: fix pcs_parse_pinconf() return value (git-fixes). - platform/x86: intel-hid: Fix return value check in check_acpi_dev() (git-fixes). - platform/x86: intel-vbtn: Fix return value check in check_acpi_dev() (git-fixes). - PM / CPU: replace raw_notifier with atomic_notifier (git fixes (kernel/pm)). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (bsc#1175668). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails. - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (bsc#1175668). - PM: sleep: core: Fix the handling of pending runtime resume requests (git-fixes). - powerpc/64s: Do not init FSCR_DSCR in __init_FSCR() (bsc#1065729). - powerpc/64s: Fix early_init_mmu section mismatch (bsc#1065729). - powerpc: Allow 4224 bytes of stack expansion for the signal frame (bsc#1065729). - powerpc/book3s64/pkeys: Use PVR check instead of cpu feature (bsc#1065729). - powerpc/boot: Fix CONFIG_PPC_MPC52XX references (bsc#1065729). - powerpc/eeh: Fix pseries_eeh_configure_bridge() (bsc#1174689). - powerpc/nvdimm: Use HCALL error as the return value (bsc#1175284). - powerpc/nvdimm: use H_SCM_QUERY hcall on H_OVERLAP error (bsc#1175284). - powerpc/perf: Fix missing is_sier_aviable() during build (bsc#1065729). - powerpc/pseries: Do not initiate shutdown when system is running on UPS (bsc#1175440 ltc#187574). - powerpc/pseries/hotplug-cpu: Remove double free in error path (bsc#1065729). - powerpc/pseries/hotplug-cpu: wait indefinitely for vCPU death (bsc#1085030 ltC#165630). - powerpc/pseries: PCIE PHB reset (bsc#1174689). - powerpc/pseries: remove cede offline state for CPUs (bsc#1065729). - powerpc/rtas: do not online CPUs for partition suspend (bsc#1065729). - powerpc/vdso: Fix vdso cpu truncation (bsc#1065729). - power: supply: check if calc_soc succeeded in pm860x_init_battery (git-fixes). - pseries: Fix 64 bit logical memory block panic (bsc#1065729). - pwm: bcm-iproc: handle clk_get_rate() return (git-fixes). - rds: Prevent kernel-infoleak in rds_notify_queue_get() (git-fixes). - regulator: gpio: Honor regulator-boot-on property (git-fixes). - Revert "ALSA: hda: call runtime_allow() for all hda controllers" (bsc#1111666). - Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" (bsc#1113956) * refresh for context changes - Revert "ocfs2: avoid inode removal while nfsd is accessing it" This reverts commit 9e096c72476eda333a9998ff464580c00ff59c83. - Revert "ocfs2: fix panic on nfs server over ocfs2 (bsc#1172963)." This reverts commit 0bf6e248f93736b3f17f399b4a8f64ffa30d371e. - Revert "ocfs2: load global_inode_alloc (bsc#1172963)." This reverts commit fc476497b53f967dc615b9cbad9427ba3107b5c4. - Revert "scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe" (bsc#1171688 bsc#1174003). - Revert "scsi: qla2xxx: Fix crash on qla2x00_mailbox_command" (bsc#1171688 bsc#1174003). - Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#1065600). - rocker: fix incorrect error handling in dma_rings_init (networking-stable-20_06_28). - rpm/check-for-config-changes: Ignore CONFIG_CC_VERSION_TEXT - rpm/check-for-config-changes: Ignore CONFIG_LD_VERSION - rpm/kernel-source.spec.in: Add obsolete_rebuilds (boo#1172073). - rtlwifi: rtl8192cu: Remove uninitialized_var() usage (git-fixes). - s390, dcssblk: kaddr and pfn can be NULL to ->direct_access() (bsc#1174873). - sched: consistently handle layer3 header accesses in the presence of VLANs (networking-stable-20_07_17). - scsi: dh: Add Fujitsu device to devinfo and dh lists (bsc#1174026). - scsi: Fix trivial spelling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Add more BUILD_BUG_ON() statements (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Address a set of sparse warnings (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case into lower case (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Change two hardcoded constants into offsetof() / sizeof() expressions (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check if FW supports MQ before enabling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in header files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix endianness annotations in source files (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix failure message in qlt_disable_vha() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix issue with adapter's stopping state (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix login timeout (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix MPI failure AEN (8200) handling (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix spelling of a variable name (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix the code that reads from mailbox registers (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix warning after FC target reset (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush all sessions on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Flush I/O on zone disable (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to FCP_PRIO_CFG_SIZE (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Indicate correct supported speeds for Mezz card (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Initialize 'n' before using it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Introduce a function for computing the debug message prefix (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Keep initiator ports after RSCN (bsc#1171688 bsc#1174003). - scsi: qla2xxx: make 1-bit bit-fields unsigned int (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qlafx00_process_aen() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Make qla_set_ini_mode() return void (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Reduce noisy debug message (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove an unused function (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove a superfluous cast (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove return value from qla_nvme_ls() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (bsc#1171688 bsc#1174003). - scsi: qla2xxx: SAN congestion management implementation (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Simplify the functions for dumping firmware (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Split qla2x00_configure_local_loop() (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use make_handle() instead of open-coding it (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use register names instead of register offsets (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for ha->fw_dumped (bsc#1171688 bsc#1174003). - scsi: qla2xxx: Use true, false for need_mpi_reset (bsc#1171688 bsc#1174003). - scsi: smartpqi: add bay identifier (bsc#1172418). - scsi: smartpqi: add gigabyte controller (bsc#1172418). - scsi: smartpqi: add id support for SmartRAID 3152-8i (bsc#1172418). - scsi: smartpqi: add inquiry timeouts (bsc#1172418). - scsi: smartpqi: add module param for exposure order (bsc#1172418). - scsi: smartpqi: add module param to hide vsep (bsc#1172418). - scsi: smartpqi: add new pci ids (bsc#1172418). - scsi: smartpqi: add pci ids for fiberhome controller (bsc#1172418). - scsi: smartpqi: add RAID bypass counter (bsc#1172418). - scsi: smartpqi: add sysfs entries (bsc#1172418). - scsi: smartpqi: Align driver syntax with oob (bsc#1172418). - scsi: smartpqi: avoid crashing kernel for controller issues (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version (bsc#1172418). - scsi: smartpqi: bump version to 1.2.16-010 (bsc#1172418). - scsi: smartpqi: change TMF timeout from 60 to 30 seconds (bsc#1172418). - scsi: smartpqi: correct hang when deleting 32 lds (bsc#1172418). - scsi: smartpqi: correct REGNEWD return status (bsc#1172418). - scsi: smartpqi: correct syntax issue (bsc#1172418). - scsi: smartpqi: fix call trace in device discovery (bsc#1172418). - scsi: smartpqi: fix controller lockup observed during force reboot (bsc#1172418). - scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (bsc#1172418). - scsi: smartpqi: fix problem with unique ID for physical device (bsc#1172418). - scsi: smartpqi: identify physical devices without issuing INQUIRY (bsc#1172418). - scsi: smartpqi: properly set both the DMA mask and the coherent DMA mask (bsc#1172418). - scsi: smartpqi: remove unused manifest constants (bsc#1172418). - scsi: smartpqi: Reporting unhandled SCSI errors (bsc#1172418). - scsi: smartpqi: support device deletion via sysfs (bsc#1172418). - scsi: smartpqi: update copyright (bsc#1172418). - scsi: smartpqi: update logical volume size after expansion (bsc#1172418). - scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow (bsc#1172418). - scsi: storvsc: Correctly set number of hardware queues for IDE disk (git-fixes). - scsi: target/iblock: fix WRITE SAME zeroing (bsc#1169790). - sctp: Do not advertise IPv4 addresses if ipv6only is set on the socket (networking-stable-20_06_28). - selftests/livepatch: fix mem leaks in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: more verification in test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: rework test-klp-shadow-vars (bsc#1071995). - selftests/livepatch: simplify test-klp-callbacks busy target tests (bsc#1071995). - serial: 8250: change lock order in serial8250_do_startup() (git-fixes). - serial: pl011: Do not leak amba_ports entry on driver register error (git-fixes). - serial: pl011: Fix oops on -EPROBE_DEFER (git-fixes). - Set VIRTIO_CONSOLE=y (bsc#1175667). - sign also s390x kernel images (bsc#1163524) - soc: fsl: qbman: allow registering a device link for the portal user (bsc#1174550). - soc: fsl: qbman_portals: add APIs to retrieve the probing status (bsc#1174550). - spi: davinci: Remove uninitialized_var() usage (git-fixes). - spi: lantiq: fix: Rx overflow error in full duplex mode (git-fixes). - spi: nxp-fspi: Ensure width is respected in spi-mem operations (bsc#1175421). - spi: spi-fsl-dspi: Fix 16-bit word order in 32-bit XSPI mode (bsc#1175422). - spi: spi-mem: export spi_mem_default_supports_op() (bsc#1175421). - spi: sun4i: update max transfer size reported (git-fixes). - staging: comedi: addi_apci_1032: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1500: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: addi_apci_1564: check INSN_CONFIG_DIGITAL_TRIG shift (git-fixes). - staging: comedi: ni_6527: fix INSN_CONFIG_DIGITAL_TRIG support (git-fixes). - staging: fsl-dpaa2: ethsw: Add missing netdevice check (bsc#1175423). - staging: rtl8192u: fix a dubious looking mask before a shift (git-fixes). - Staging: rtl8723bs: prevent buffer overflow in update_sta_support_rate() (git-fixes). - staging/speakup: fix get_word non-space look-ahead (git-fixes). - tcp_cubic: fix spurious HYSTART_DELAY exit upon drop in min RTT (networking-stable-20_06_28). - tcp: grow window for OOO packets only for SACK flows (networking-stable-20_06_28). - tcp: make sure listeners do not initialize congestion-control state (networking-stable-20_07_17). - tcp: md5: add missing memory barriers in tcp_md5_do_add()/tcp_md5_hash_key() (networking-stable-20_07_17). - tcp: md5: do not send silly options in SYNCOOKIES (networking-stable-20_07_17). - tcp: md5: refine tcp_md5_do_add()/tcp_md5_hash_key() barriers (networking-stable-20_07_17). - tracepoint: Mark __tracepoint_string's __used (git-fixes). - tracing: Use trace_sched_process_free() instead of exit() for pid tracing (git-fixes). - tty: serial: fsl_lpuart: add imx8qxp support (bsc#1175670). - tty: serial: fsl_lpuart: free IDs allocated by IDA (bsc#1175670). - Update patch reference for a tipc fix patch (bsc#1175515) - USB: cdc-acm: rework notification_buffer resizing (git-fixes). - usb: gadget: f_tcm: Fix some resource leaks in some error paths (git-fixes). - usb: host: ohci-exynos: Fix error handling in exynos_ohci_probe() (git-fixes). - USB: Ignore UAS for JMicron JMS567 ATA/ATAPI Bridge (git-fixes). - USB: iowarrior: fix up report size handling for some devices (git-fixes). - usbip: tools: fix module name in man page (git-fixes). - USB: rename USB quirk to USB_QUIRK_ENDPOINT_IGNORE (git-fixes). - USB: serial: cp210x: enable usb generic throttle/unthrottle (git-fixes). - USB: serial: cp210x: re-enable auto-RTS on open (git-fixes). - USB: serial: ftdi_sio: clean up receive processing (git-fixes). - USB: serial: ftdi_sio: fix break and sysrq handling (git-fixes). - USB: serial: ftdi_sio: make process-packet buffer unsigned (git-fixes). - USB: serial: iuu_phoenix: fix led-activity helpers (git-fixes). - USB: serial: qcserial: add EM7305 QDL product ID (git-fixes). - usb: xhci: define IDs for various ASMedia host controllers (git-fixes). - usb: xhci: Fix ASM2142/ASM3142 DMA addressing (git-fixes). - usb: xhci: Fix ASMedia ASM1142 DMA addressing (git-fixes). - usb: xhci-mtk: fix the failure of bandwidth allocation (git-fixes). - VFS: Check rename_lock in lookup_fast() (bsc#1174734). - video: fbdev: sm712fb: fix an issue about iounmap for a wrong address (git-fixes). - video: pxafb: Fix the function used to balance a 'dma_alloc_coherent()' call (git-fixes). - vlan: consolidate VLAN parsing code and limit max parsing depth (networking-stable-20_07_17). - vmxnet3: use correct tcp hdr length when packet is encapsulated (bsc#1175199). - watchdog: f71808e_wdt: clear watchdog timeout occurred flag (bsc#1111666). - watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options (bsc#1111666). - watchdog: f71808e_wdt: remove use of wrong watchdog_info option (bsc#1111666). - wl1251: fix always return 0 error (git-fixes). - x86/hyperv: Create and use Hyper-V page definitions (git-fixes). - x86/hyper-v: Fix overflow bug in fill_gva_list() (git-fixes). - x86/hyperv: Make hv_vcpu_is_preempted() visible (git-fixes). - xen/balloon: fix accounting in alloc_xenballooned_pages error path (bsc#1065600). - xen/balloon: make the balloon wait interruptible (bsc#1065600). - xfrm: check id proto in validate_tmpl() (git-fixes). - xfrm: clean up xfrm protocol checks (git-fixes). - xfrm_user: uncoditionally validate esn replay attribute struct (git-fixes). - xfs: fix inode allocation block res calculation precedence (git-fixes). - xfs: fix reflink quota reservation accounting error (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1325=1 Package List: - openSUSE Leap 15.1 (x86_64): kernel-debug-4.12.14-lp151.28.63.1 kernel-debug-base-4.12.14-lp151.28.63.1 kernel-debug-base-debuginfo-4.12.14-lp151.28.63.1 kernel-debug-debuginfo-4.12.14-lp151.28.63.1 kernel-debug-debugsource-4.12.14-lp151.28.63.1 kernel-debug-devel-4.12.14-lp151.28.63.1 kernel-debug-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-default-4.12.14-lp151.28.63.1 kernel-default-base-4.12.14-lp151.28.63.1 kernel-default-base-debuginfo-4.12.14-lp151.28.63.1 kernel-default-debuginfo-4.12.14-lp151.28.63.1 kernel-default-debugsource-4.12.14-lp151.28.63.1 kernel-default-devel-4.12.14-lp151.28.63.1 kernel-default-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-kvmsmall-4.12.14-lp151.28.63.1 kernel-kvmsmall-base-4.12.14-lp151.28.63.1 kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.63.1 kernel-kvmsmall-debuginfo-4.12.14-lp151.28.63.1 kernel-kvmsmall-debugsource-4.12.14-lp151.28.63.1 kernel-kvmsmall-devel-4.12.14-lp151.28.63.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.63.1 kernel-obs-build-4.12.14-lp151.28.63.1 kernel-obs-build-debugsource-4.12.14-lp151.28.63.1 kernel-obs-qa-4.12.14-lp151.28.63.1 kernel-syms-4.12.14-lp151.28.63.1 kernel-vanilla-4.12.14-lp151.28.63.1 kernel-vanilla-base-4.12.14-lp151.28.63.1 kernel-vanilla-base-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-debuginfo-4.12.14-lp151.28.63.1 kernel-vanilla-debugsource-4.12.14-lp151.28.63.1 kernel-vanilla-devel-4.12.14-lp151.28.63.1 kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.63.1 - openSUSE Leap 15.1 (noarch): kernel-devel-4.12.14-lp151.28.63.1 kernel-docs-4.12.14-lp151.28.63.1 kernel-docs-html-4.12.14-lp151.28.63.1 kernel-macros-4.12.14-lp151.28.63.1 kernel-source-4.12.14-lp151.28.63.1 kernel-source-vanilla-4.12.14-lp151.28.63.1 References: https://www.suse.com/security/cve/CVE-2018-3639.html https://www.suse.com/security/cve/CVE-2020-14314.html https://www.suse.com/security/cve/CVE-2020-14331.html https://www.suse.com/security/cve/CVE-2020-14356.html https://www.suse.com/security/cve/CVE-2020-1749.html https://www.suse.com/security/cve/CVE-2020-24394.html https://bugzilla.suse.com/1065600 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1071995 https://bugzilla.suse.com/1083548 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1085308 https://bugzilla.suse.com/1087082 https://bugzilla.suse.com/1111666 https://bugzilla.suse.com/1112178 https://bugzilla.suse.com/1113956 https://bugzilla.suse.com/1133021 https://bugzilla.suse.com/1144333 https://bugzilla.suse.com/1152148 https://bugzilla.suse.com/1163524 https://bugzilla.suse.com/1165629 https://bugzilla.suse.com/1166965 https://bugzilla.suse.com/1169790 https://bugzilla.suse.com/1170232 https://bugzilla.suse.com/1171688 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1172108 https://bugzilla.suse.com/1172418 https://bugzilla.suse.com/1172428 https://bugzilla.suse.com/1172783 https://bugzilla.suse.com/1172871 https://bugzilla.suse.com/1172872 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1172963 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1173798 https://bugzilla.suse.com/1173954 https://bugzilla.suse.com/1174003 https://bugzilla.suse.com/1174026 https://bugzilla.suse.com/1174205 https://bugzilla.suse.com/1174387 https://bugzilla.suse.com/1174484 https://bugzilla.suse.com/1174547 https://bugzilla.suse.com/1174550 https://bugzilla.suse.com/1174625 https://bugzilla.suse.com/1174689 https://bugzilla.suse.com/1174699 https://bugzilla.suse.com/1174734 https://bugzilla.suse.com/1174771 https://bugzilla.suse.com/1174852 https://bugzilla.suse.com/1174873 https://bugzilla.suse.com/1174904 https://bugzilla.suse.com/1174926 https://bugzilla.suse.com/1174968 https://bugzilla.suse.com/1175062 https://bugzilla.suse.com/1175063 https://bugzilla.suse.com/1175064 https://bugzilla.suse.com/1175065 https://bugzilla.suse.com/1175066 https://bugzilla.suse.com/1175067 https://bugzilla.suse.com/1175112 https://bugzilla.suse.com/1175127 https://bugzilla.suse.com/1175128 https://bugzilla.suse.com/1175149 https://bugzilla.suse.com/1175199 https://bugzilla.suse.com/1175213 https://bugzilla.suse.com/1175228 https://bugzilla.suse.com/1175232 https://bugzilla.suse.com/1175284 https://bugzilla.suse.com/1175393 https://bugzilla.suse.com/1175394 https://bugzilla.suse.com/1175396 https://bugzilla.suse.com/1175397 https://bugzilla.suse.com/1175398 https://bugzilla.suse.com/1175399 https://bugzilla.suse.com/1175400 https://bugzilla.suse.com/1175401 https://bugzilla.suse.com/1175402 https://bugzilla.suse.com/1175403 https://bugzilla.suse.com/1175404 https://bugzilla.suse.com/1175405 https://bugzilla.suse.com/1175406 https://bugzilla.suse.com/1175407 https://bugzilla.suse.com/1175408 https://bugzilla.suse.com/1175409 https://bugzilla.suse.com/1175410 https://bugzilla.suse.com/1175411 https://bugzilla.suse.com/1175412 https://bugzilla.suse.com/1175413 https://bugzilla.suse.com/1175414 https://bugzilla.suse.com/1175415 https://bugzilla.suse.com/1175416 https://bugzilla.suse.com/1175417 https://bugzilla.suse.com/1175418 https://bugzilla.suse.com/1175419 https://bugzilla.suse.com/1175420 https://bugzilla.suse.com/1175421 https://bugzilla.suse.com/1175422 https://bugzilla.suse.com/1175423 https://bugzilla.suse.com/1175440 https://bugzilla.suse.com/1175493 https://bugzilla.suse.com/1175515 https://bugzilla.suse.com/1175518 https://bugzilla.suse.com/1175526 https://bugzilla.suse.com/1175550 https://bugzilla.suse.com/1175654 https://bugzilla.suse.com/1175666 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1175668 https://bugzilla.suse.com/1175669 https://bugzilla.suse.com/1175670 https://bugzilla.suse.com/1175767 https://bugzilla.suse.com/1175768 https://bugzilla.suse.com/1175769 https://bugzilla.suse.com/1175770 https://bugzilla.suse.com/1175771 https://bugzilla.suse.com/1175772 https://bugzilla.suse.com/1175786 https://bugzilla.suse.com/1175873 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1324-1: important: Security update for opera
by opensuse-security＠opensuse.org 02 Sep '20

02 Sep '20

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1324-1 Rating: important References: Cross-References: CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 Affected Products: openSUSE Leap 15.2:NonFree ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetach(views::View const*) - DNA-87831 [Linux] Sidebar panel cannot be pinned - DNA-88057 [Win] Black rectangle flickers at the bottom of the page on startup - DNA-88157 Sidebar Messenger too low in FullScreen mode - DNA-88238 [macOS 10.15] Toolbar buttons not visible on inactive tab - The update to chromium 84.0.4147.125 fixes following issues: - CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-6555 - Update to version 70.0.3728.119 - DNA-88215 Introduce easy-setup-hint-ref feature flag - Update to version 70.0.3728.106 - DNA-88014 [Mac] Toolbar in fullscreen disabled after using fullscreen from videoplayer - Update to version 70.0.3728.95 - CHR-8026 Update chromium on desktop-stable-84-3728 to 84.0.4147.105 - DNA-86340 Wrong link to the help page - DNA-87394 [Big Sur] Some popovers have incorrectly themed arrow - DNA-87647 [Win] The [+] button flickers after creating a new tab - DNA-87794 Crash at aura::Window::SetVisible(bool) - DNA-87796 Search in tabs should closed on second click - DNA-87863 Parameter placing issue in all languages - The update to chromium 84.0.4147.105 fixes following issues: - CVE-2020-6537, CVE-2020-6538, CVE-2020-6532, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2:NonFree: zypper in -t patch openSUSE-2020-1324=1 Package List: - openSUSE Leap 15.2:NonFree (x86_64): opera-70.0.3728.133-lp152.2.15.1 References: https://www.suse.com/security/cve/CVE-2020-6532.html https://www.suse.com/security/cve/CVE-2020-6537.html https://www.suse.com/security/cve/CVE-2020-6538.html https://www.suse.com/security/cve/CVE-2020-6539.html https://www.suse.com/security/cve/CVE-2020-6540.html https://www.suse.com/security/cve/CVE-2020-6541.html https://www.suse.com/security/cve/CVE-2020-6542.html https://www.suse.com/security/cve/CVE-2020-6543.html https://www.suse.com/security/cve/CVE-2020-6544.html https://www.suse.com/security/cve/CVE-2020-6545.html https://www.suse.com/security/cve/CVE-2020-6546.html https://www.suse.com/security/cve/CVE-2020-6547.html https://www.suse.com/security/cve/CVE-2020-6548.html https://www.suse.com/security/cve/CVE-2020-6549.html https://www.suse.com/security/cve/CVE-2020-6550.html https://www.suse.com/security/cve/CVE-2020-6551.html https://www.suse.com/security/cve/CVE-2020-6552.html https://www.suse.com/security/cve/CVE-2020-6553.html https://www.suse.com/security/cve/CVE-2020-6554.html https://www.suse.com/security/cve/CVE-2020-6555.html -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1320-1: important: Security update for opera
by opensuse-security＠opensuse.org 02 Sep '20

02 Sep '20

openSUSE Security Update: Security update for opera ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1320-1 Rating: important References: Cross-References: CVE-2020-6532 CVE-2020-6537 CVE-2020-6538 CVE-2020-6539 CVE-2020-6540 CVE-2020-6541 CVE-2020-6542 CVE-2020-6543 CVE-2020-6544 CVE-2020-6545 CVE-2020-6546 CVE-2020-6547 CVE-2020-6548 CVE-2020-6549 CVE-2020-6550 CVE-2020-6551 CVE-2020-6552 CVE-2020-6553 CVE-2020-6554 CVE-2020-6555 Affected Products: openSUSE Leap 15.1:NonFree ______________________________________________________________________________ An update that fixes 20 vulnerabilities is now available. Description: This update for opera fixes the following issues: Update to version 70.0.3728.133 - CHR-8053 Update chromium on desktop-stable-84-3728 to 84.0.4147.125 - DNA-87289 Crash at views::NativeWidgetMacNSWindowHost:: OnNativeViewHostDetach(views::View const*) - DNA-87831 [Linux] Sidebar panel cannot be pinned - DNA-88057 [Win] Black rectangle flickers at the bottom of the page on startup - DNA-88157 Sidebar Messenger too low in FullScreen mode - DNA-88238 [macOS 10.15] Toolbar buttons not visible on inactive tab - The update to chromium 84.0.4147.125 fixes following issues: - CVE-2020-6542, CVE-2020-6543, CVE-2020-6544, CVE-2020-6545, CVE-2020-6546, CVE-2020-6547, CVE-2020-6548, CVE-2020-6549, CVE-2020-6550, CVE-2020-6551, CVE-2020-6552, CVE-2020-6553, CVE-2020-6554, CVE-2020-6555 - Update to version 70.0.3728.119 - DNA-88215 Introduce easy-setup-hint-ref feature flag - Update to version 70.0.3728.106 - DNA-88014 [Mac] Toolbar in fullscreen disabled after using fullscreen from videoplayer - Update to version 70.0.3728.95 - CHR-8026 Update chromium on desktop-stable-84-3728 to 84.0.4147.105 - DNA-86340 Wrong link to the help page - DNA-87394 [Big Sur] Some popovers have incorrectly themed arrow - DNA-87647 [Win] The [+] button flickers after creating a new tab - DNA-87794 Crash at aura::Window::SetVisible(bool) - DNA-87796 Search in tabs should closed on second click - DNA-87863 Parameter placing issue in all languages - The update to chromium 84.0.4147.105 fixes following issues: - CVE-2020-6537, CVE-2020-6538, CVE-2020-6532, CVE-2020-6539, CVE-2020-6540, CVE-2020-6541 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1:NonFree: zypper in -t patch openSUSE-2020-1320=1 Package List: - openSUSE Leap 15.1:NonFree (x86_64): opera-70.0.3728.133-lp151.2.27.1 References: https://www.suse.com/security/cve/CVE-2020-6532.html https://www.suse.com/security/cve/CVE-2020-6537.html https://www.suse.com/security/cve/CVE-2020-6538.html https://www.suse.com/security/cve/CVE-2020-6539.html https://www.suse.com/security/cve/CVE-2020-6540.html https://www.suse.com/security/cve/CVE-2020-6541.html https://www.suse.com/security/cve/CVE-2020-6542.html https://www.suse.com/security/cve/CVE-2020-6543.html https://www.suse.com/security/cve/CVE-2020-6544.html https://www.suse.com/security/cve/CVE-2020-6545.html https://www.suse.com/security/cve/CVE-2020-6546.html https://www.suse.com/security/cve/CVE-2020-6547.html https://www.suse.com/security/cve/CVE-2020-6548.html https://www.suse.com/security/cve/CVE-2020-6549.html https://www.suse.com/security/cve/CVE-2020-6550.html https://www.suse.com/security/cve/CVE-2020-6551.html https://www.suse.com/security/cve/CVE-2020-6552.html https://www.suse.com/security/cve/CVE-2020-6553.html https://www.suse.com/security/cve/CVE-2020-6554.html https://www.suse.com/security/cve/CVE-2020-6555.html -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1319-1: moderate: Security update for libqt5-qtbase
by opensuse-security＠opensuse.org 01 Sep '20

01 Sep '20

openSUSE Security Update: Security update for libqt5-qtbase ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1319-1 Rating: moderate References: #1172726 #1173758 Cross-References: CVE-2020-13962 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libqt5-qtbase fixes the following issues: - Fixed a possible crash in certificate parsing. - Fixed a DoS in QSslSocket (bsc#1172726, CVE-2020-13962). - Added support for PostgreSQL 12 (bsc#1173758). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1319=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): libQt5Bootstrap-devel-static-5.12.7-lp152.3.3.1 libQt5Concurrent-devel-5.12.7-lp152.3.3.1 libQt5Concurrent5-5.12.7-lp152.3.3.1 libQt5Concurrent5-debuginfo-5.12.7-lp152.3.3.1 libQt5Core-devel-5.12.7-lp152.3.3.1 libQt5Core5-5.12.7-lp152.3.3.1 libQt5Core5-debuginfo-5.12.7-lp152.3.3.1 libQt5DBus-devel-5.12.7-lp152.3.3.1 libQt5DBus-devel-debuginfo-5.12.7-lp152.3.3.1 libQt5DBus5-5.12.7-lp152.3.3.1 libQt5DBus5-debuginfo-5.12.7-lp152.3.3.1 libQt5Gui-devel-5.12.7-lp152.3.3.1 libQt5Gui5-5.12.7-lp152.3.3.1 libQt5Gui5-debuginfo-5.12.7-lp152.3.3.1 libQt5KmsSupport-devel-static-5.12.7-lp152.3.3.1 libQt5Network-devel-5.12.7-lp152.3.3.1 libQt5Network5-5.12.7-lp152.3.3.1 libQt5Network5-debuginfo-5.12.7-lp152.3.3.1 libQt5OpenGL-devel-5.12.7-lp152.3.3.1 libQt5OpenGL5-5.12.7-lp152.3.3.1 libQt5OpenGL5-debuginfo-5.12.7-lp152.3.3.1 libQt5OpenGLExtensions-devel-static-5.12.7-lp152.3.3.1 libQt5PlatformHeaders-devel-5.12.7-lp152.3.3.1 libQt5PlatformSupport-devel-static-5.12.7-lp152.3.3.1 libQt5PrintSupport-devel-5.12.7-lp152.3.3.1 libQt5PrintSupport5-5.12.7-lp152.3.3.1 libQt5PrintSupport5-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql-devel-5.12.7-lp152.3.3.1 libQt5Sql5-5.12.7-lp152.3.3.1 libQt5Sql5-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-mysql-5.12.7-lp152.3.3.1 libQt5Sql5-mysql-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-postgresql-5.12.7-lp152.3.3.1 libQt5Sql5-postgresql-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-sqlite-5.12.7-lp152.3.3.1 libQt5Sql5-sqlite-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-unixODBC-5.12.7-lp152.3.3.1 libQt5Sql5-unixODBC-debuginfo-5.12.7-lp152.3.3.1 libQt5Test-devel-5.12.7-lp152.3.3.1 libQt5Test5-5.12.7-lp152.3.3.1 libQt5Test5-debuginfo-5.12.7-lp152.3.3.1 libQt5Widgets-devel-5.12.7-lp152.3.3.1 libQt5Widgets5-5.12.7-lp152.3.3.1 libQt5Widgets5-debuginfo-5.12.7-lp152.3.3.1 libQt5Xml-devel-5.12.7-lp152.3.3.1 libQt5Xml5-5.12.7-lp152.3.3.1 libQt5Xml5-debuginfo-5.12.7-lp152.3.3.1 libqt5-qtbase-common-devel-5.12.7-lp152.3.3.1 libqt5-qtbase-common-devel-debuginfo-5.12.7-lp152.3.3.1 libqt5-qtbase-debugsource-5.12.7-lp152.3.3.1 libqt5-qtbase-devel-5.12.7-lp152.3.3.1 libqt5-qtbase-examples-5.12.7-lp152.3.3.1 libqt5-qtbase-examples-debuginfo-5.12.7-lp152.3.3.1 libqt5-qtbase-platformtheme-gtk3-5.12.7-lp152.3.3.1 libqt5-qtbase-platformtheme-gtk3-debuginfo-5.12.7-lp152.3.3.1 libqt5-qtbase-platformtheme-xdgdesktopportal-5.12.7-lp152.3.3.1 libqt5-qtbase-platformtheme-xdgdesktopportal-debuginfo-5.12.7-lp152.3.3.1 - openSUSE Leap 15.2 (noarch): libQt5Core-private-headers-devel-5.12.7-lp152.3.3.1 libQt5DBus-private-headers-devel-5.12.7-lp152.3.3.1 libQt5Gui-private-headers-devel-5.12.7-lp152.3.3.1 libQt5KmsSupport-private-headers-devel-5.12.7-lp152.3.3.1 libQt5Network-private-headers-devel-5.12.7-lp152.3.3.1 libQt5OpenGL-private-headers-devel-5.12.7-lp152.3.3.1 libQt5PlatformSupport-private-headers-devel-5.12.7-lp152.3.3.1 libQt5PrintSupport-private-headers-devel-5.12.7-lp152.3.3.1 libQt5Sql-private-headers-devel-5.12.7-lp152.3.3.1 libQt5Test-private-headers-devel-5.12.7-lp152.3.3.1 libQt5Widgets-private-headers-devel-5.12.7-lp152.3.3.1 libqt5-qtbase-private-headers-devel-5.12.7-lp152.3.3.1 - openSUSE Leap 15.2 (x86_64): libQt5Bootstrap-devel-static-32bit-5.12.7-lp152.3.3.1 libQt5Concurrent-devel-32bit-5.12.7-lp152.3.3.1 libQt5Concurrent5-32bit-5.12.7-lp152.3.3.1 libQt5Concurrent5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Core-devel-32bit-5.12.7-lp152.3.3.1 libQt5Core5-32bit-5.12.7-lp152.3.3.1 libQt5Core5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5DBus-devel-32bit-5.12.7-lp152.3.3.1 libQt5DBus-devel-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5DBus5-32bit-5.12.7-lp152.3.3.1 libQt5DBus5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Gui-devel-32bit-5.12.7-lp152.3.3.1 libQt5Gui5-32bit-5.12.7-lp152.3.3.1 libQt5Gui5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Network-devel-32bit-5.12.7-lp152.3.3.1 libQt5Network5-32bit-5.12.7-lp152.3.3.1 libQt5Network5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5OpenGL-devel-32bit-5.12.7-lp152.3.3.1 libQt5OpenGL5-32bit-5.12.7-lp152.3.3.1 libQt5OpenGL5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5OpenGLExtensions-devel-static-32bit-5.12.7-lp152.3.3.1 libQt5PlatformSupport-devel-static-32bit-5.12.7-lp152.3.3.1 libQt5PrintSupport-devel-32bit-5.12.7-lp152.3.3.1 libQt5PrintSupport5-32bit-5.12.7-lp152.3.3.1 libQt5PrintSupport5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql-devel-32bit-5.12.7-lp152.3.3.1 libQt5Sql5-32bit-5.12.7-lp152.3.3.1 libQt5Sql5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-mysql-32bit-5.12.7-lp152.3.3.1 libQt5Sql5-mysql-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-postgresql-32bit-5.12.7-lp152.3.3.1 libQt5Sql5-postgresql-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-sqlite-32bit-5.12.7-lp152.3.3.1 libQt5Sql5-sqlite-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Sql5-unixODBC-32bit-5.12.7-lp152.3.3.1 libQt5Sql5-unixODBC-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Test-devel-32bit-5.12.7-lp152.3.3.1 libQt5Test5-32bit-5.12.7-lp152.3.3.1 libQt5Test5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Widgets-devel-32bit-5.12.7-lp152.3.3.1 libQt5Widgets5-32bit-5.12.7-lp152.3.3.1 libQt5Widgets5-32bit-debuginfo-5.12.7-lp152.3.3.1 libQt5Xml-devel-32bit-5.12.7-lp152.3.3.1 libQt5Xml5-32bit-5.12.7-lp152.3.3.1 libQt5Xml5-32bit-debuginfo-5.12.7-lp152.3.3.1 libqt5-qtbase-examples-32bit-5.12.7-lp152.3.3.1 libqt5-qtbase-examples-32bit-debuginfo-5.12.7-lp152.3.3.1 References: https://www.suse.com/security/cve/CVE-2020-13962.html https://bugzilla.suse.com/1172726 https://bugzilla.suse.com/1173758 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1312-1: important: Security update for postgresql10
by opensuse-security＠opensuse.org 01 Sep '20

01 Sep '20

openSUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1312-1 Rating: important References: #1175193 #1175194 Cross-References: CVE-2020-14349 CVE-2020-14350 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - update to 10.14: * CVE-2020-14349, bsc#1175193: Set a secure search_path in logical replication walsenders and apply workers * CVE-2020-14350, bsc#1175194: Make contrib modules' installation scripts more secure. * https://www.postgresql.org/docs/10/release-10-14.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1312=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): postgresql10-10.14-lp151.2.18.1 postgresql10-contrib-10.14-lp151.2.18.1 postgresql10-contrib-debuginfo-10.14-lp151.2.18.1 postgresql10-debuginfo-10.14-lp151.2.18.1 postgresql10-debugsource-10.14-lp151.2.18.1 postgresql10-devel-10.14-lp151.2.18.1 postgresql10-devel-debuginfo-10.14-lp151.2.18.1 postgresql10-plperl-10.14-lp151.2.18.1 postgresql10-plperl-debuginfo-10.14-lp151.2.18.1 postgresql10-plpython-10.14-lp151.2.18.1 postgresql10-plpython-debuginfo-10.14-lp151.2.18.1 postgresql10-pltcl-10.14-lp151.2.18.1 postgresql10-pltcl-debuginfo-10.14-lp151.2.18.1 postgresql10-server-10.14-lp151.2.18.1 postgresql10-server-debuginfo-10.14-lp151.2.18.1 postgresql10-test-10.14-lp151.2.18.1 - openSUSE Leap 15.1 (noarch): postgresql10-docs-10.14-lp151.2.18.1 References: https://www.suse.com/security/cve/CVE-2020-14349.html https://www.suse.com/security/cve/CVE-2020-14350.html https://bugzilla.suse.com/1175193 https://bugzilla.suse.com/1175194 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1313-1: important: Security update for ldb, samba
by opensuse-security＠opensuse.org 01 Sep '20

01 Sep '20

openSUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1313-1 Rating: important References: #1141320 #1162680 #1169095 #1169521 #1169850 #1169851 #1171437 #1172307 #1173159 #1173160 #1173161 #1173359 #1174120 Cross-References: CVE-2020-10700 CVE-2020-10704 CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has 7 fixes is now available. Description: This update for ldb, samba fixes the following issues: Changes in samba: - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227). - Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307); - Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437); - Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521); Changes in ldb: - Update to version 2.0.12 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159). + ldb_ldap: fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + lib/ldb: add unit test for ldb_ldap internal code. - Update to version 2.0.11 + lib ldb: lmdb init var before calling mdb_reader_check. + lib ldb: lmdb clear stale readers on write txn start; (bso#14330). + ldb tests: Confirm lmdb free list handling This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1313=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): ctdb-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-pcp-pmda-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-pcp-pmda-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-tests-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ctdb-tests-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 ldb-debugsource-2.0.12-lp152.2.6.1 ldb-tools-2.0.12-lp152.2.6.1 ldb-tools-debuginfo-2.0.12-lp152.2.6.1 libdcerpc-binding0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-binding0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libldb-devel-2.0.12-lp152.2.6.1 libldb2-2.0.12-lp152.2.6.1 libldb2-debuginfo-2.0.12-lp152.2.6.1 libndr-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy-python3-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 python3-ldb-2.0.12-lp152.2.6.1 python3-ldb-debuginfo-2.0.12-lp152.2.6.1 python3-ldb-devel-2.0.12-lp152.2.6.1 samba-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ad-dc-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ad-dc-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-core-devel-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-debugsource-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-dsdb-modules-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-dsdb-modules-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-python3-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-python3-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-test-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-test-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 - openSUSE Leap 15.2 (x86_64): libdcerpc-binding0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-binding0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc-samr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libdcerpc0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libldb2-32bit-2.0.12-lp152.2.6.1 libldb2-32bit-debuginfo-2.0.12-lp152.2.6.1 libndr-krb5pac0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-krb5pac0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-nbt0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr-standard0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libndr0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi-devel-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libnetapi0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-credentials0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-errors0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-hostconfig0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-passdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-policy0-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamba-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsamdb0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbconf0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libsmbldap2-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libtevent-util0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 libwbclient0-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 python3-ldb-32bit-2.0.12-lp152.2.6.1 python3-ldb-32bit-debuginfo-2.0.12-lp152.2.6.1 samba-ad-dc-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ad-dc-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ceph-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-ceph-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-client-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-libs-python3-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-32bit-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 samba-winbind-32bit-debuginfo-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 - openSUSE Leap 15.2 (noarch): samba-doc-4.11.11+git.180.2cf3b203f07-lp152.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-10700.html https://www.suse.com/security/cve/CVE-2020-10704.html https://www.suse.com/security/cve/CVE-2020-10730.html https://www.suse.com/security/cve/CVE-2020-10745.html https://www.suse.com/security/cve/CVE-2020-10760.html https://www.suse.com/security/cve/CVE-2020-14303.html https://bugzilla.suse.com/1141320 https://bugzilla.suse.com/1162680 https://bugzilla.suse.com/1169095 https://bugzilla.suse.com/1169521 https://bugzilla.suse.com/1169850 https://bugzilla.suse.com/1169851 https://bugzilla.suse.com/1171437 https://bugzilla.suse.com/1172307 https://bugzilla.suse.com/1173159 https://bugzilla.suse.com/1173160 https://bugzilla.suse.com/1173161 https://bugzilla.suse.com/1173359 https://bugzilla.suse.com/1174120 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1310-1: moderate: Security update for ark
by opensuse-security＠opensuse.org 01 Sep '20

01 Sep '20

openSUSE Security Update: Security update for ark ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1310-1 Rating: moderate References: #1175857 Cross-References: CVE-2020-24654 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ark fixes the following issues: - CVE-2020-24654: maliciously crafted TAR archive can install files outside the extraction directory (boo#1175857) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1310=1 - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1310=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-1310=1 Package List: - openSUSE Leap 15.2 (noarch): ark-lang-20.04.2-lp152.2.6.1 - openSUSE Leap 15.2 (x86_64): ark-20.04.2-lp152.2.6.1 ark-debuginfo-20.04.2-lp152.2.6.1 ark-debugsource-20.04.2-lp152.2.6.1 libkerfuffle20-20.04.2-lp152.2.6.1 libkerfuffle20-debuginfo-20.04.2-lp152.2.6.1 - openSUSE Leap 15.1 (x86_64): ark-18.12.3-lp151.2.7.1 ark-debuginfo-18.12.3-lp151.2.7.1 ark-debugsource-18.12.3-lp151.2.7.1 libkerfuffle18-18.12.3-lp151.2.7.1 libkerfuffle18-debuginfo-18.12.3-lp151.2.7.1 - openSUSE Leap 15.1 (noarch): ark-lang-18.12.3-lp151.2.7.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): ark-18.12.3-bp151.3.6.1 libkerfuffle18-18.12.3-bp151.3.6.1 - openSUSE Backports SLE-15-SP1 (noarch): ark-lang-18.12.3-bp151.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-24654.html https://bugzilla.suse.com/1175857 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0

[security-announce] openSUSE-SU-2020:1309-1: important: Security update for chromium
by opensuse-security＠opensuse.org 01 Sep '20

01 Sep '20

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1309-1 Rating: important References: #1175757 Cross-References: CVE-2020-6558 CVE-2020-6559 CVE-2020-6560 CVE-2020-6561 CVE-2020-6562 CVE-2020-6563 CVE-2020-6564 CVE-2020-6565 CVE-2020-6566 CVE-2020-6567 CVE-2020-6568 CVE-2020-6569 CVE-2020-6570 CVE-2020-6571 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium was updated to version 85.0.4183.83 (boo#1175757) fixing: - CVE-2020-6558: Insufficient policy enforcement in iOS - CVE-2020-6559: Use after free in presentation API - CVE-2020-6560: Insufficient policy enforcement in autofill - CVE-2020-6561: Inappropriate implementation in Content Security Policy - CVE-2020-6562: Insufficient policy enforcement in Blink - CVE-2020-6563: Insufficient policy enforcement in intent handling. - CVE-2020-6564: Incorrect security UI in permissions - CVE-2020-6565: Incorrect security UI in Omnibox. - CVE-2020-6566: Insufficient policy enforcement in media. - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. - CVE-2020-6568: Insufficient policy enforcement in intent handling. - CVE-2020-6569: Integer overflow in WebUSB. - CVE-2020-6570: Side-channel information leakage in WebRTC. - CVE-2020-6571: Incorrect security UI in Omnibox. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1309=1 Package List: - openSUSE Leap 15.1 (x86_64): chromedriver-85.0.4183.69-lp151.2.123.1 chromedriver-debuginfo-85.0.4183.69-lp151.2.123.1 chromium-85.0.4183.69-lp151.2.123.1 chromium-debuginfo-85.0.4183.69-lp151.2.123.1 chromium-debugsource-85.0.4183.69-lp151.2.123.1 References: https://www.suse.com/security/cve/CVE-2020-6558.html https://www.suse.com/security/cve/CVE-2020-6559.html https://www.suse.com/security/cve/CVE-2020-6560.html https://www.suse.com/security/cve/CVE-2020-6561.html https://www.suse.com/security/cve/CVE-2020-6562.html https://www.suse.com/security/cve/CVE-2020-6563.html https://www.suse.com/security/cve/CVE-2020-6564.html https://www.suse.com/security/cve/CVE-2020-6565.html https://www.suse.com/security/cve/CVE-2020-6566.html https://www.suse.com/security/cve/CVE-2020-6567.html https://www.suse.com/security/cve/CVE-2020-6568.html https://www.suse.com/security/cve/CVE-2020-6569.html https://www.suse.com/security/cve/CVE-2020-6570.html https://www.suse.com/security/cve/CVE-2020-6571.html https://bugzilla.suse.com/1175757 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe(a)opensuse.org For additional commands, e-mail: opensuse-security-announce+help(a)opensuse.org

1 0