openSUSE Security Announce
Threads by month
- ----- 2025 -----
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
November 2021
- 1 participants
- 64 discussions
openSUSE-SU-2021:3672-1: moderate: Security update for tomcat
by opensuse-security@opensuse.org 16 Nov '21
by opensuse-security@opensuse.org 16 Nov '21
16 Nov '21
openSUSE Security Update: Security update for tomcat
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3672-1
Rating: moderate
References: #1188278 #1188279 #1190558
Cross-References: CVE-2021-30640 CVE-2021-33037 CVE-2021-41079
CVSS scores:
CVE-2021-30640 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
CVE-2021-30640 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
CVE-2021-33037 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-33037 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-41079 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for tomcat fixes the following issues:
- CVE-2021-30640: Escape parameters in JNDI Realm queries (bsc#1188279).
- CVE-2021-33037: Process T-E header from both HTTP 1.0 and HTTP 1.1.
clients (bsc#1188278).
- CVE-2021-41079: Fixed a denial of service caused by an unexpected TLS
packet (bsc#1190558).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3672=1
Package List:
- openSUSE Leap 15.3 (noarch):
tomcat-9.0.36-13.1
tomcat-admin-webapps-9.0.36-13.1
tomcat-docs-webapp-9.0.36-13.1
tomcat-el-3_0-api-9.0.36-13.1
tomcat-embed-9.0.36-13.1
tomcat-javadoc-9.0.36-13.1
tomcat-jsp-2_3-api-9.0.36-13.1
tomcat-jsvc-9.0.36-13.1
tomcat-lib-9.0.36-13.1
tomcat-servlet-4_0-api-9.0.36-13.1
tomcat-webapps-9.0.36-13.1
References:
https://www.suse.com/security/cve/CVE-2021-30640.html
https://www.suse.com/security/cve/CVE-2021-33037.html
https://www.suse.com/security/cve/CVE-2021-41079.html
https://bugzilla.suse.com/1188278
https://bugzilla.suse.com/1188279
https://bugzilla.suse.com/1190558
1
0
openSUSE-SU-2021:3674-1: important: Security update for samba
by opensuse-security@opensuse.org 16 Nov '21
by opensuse-security@opensuse.org 16 Nov '21
16 Nov '21
openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3674-1
Rating: important
References: #1014440 #1192284
Cross-References: CVE-2016-2124 CVE-2020-25717
CVSS scores:
CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
user could become root on domain members (bsc#1192284).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3674=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libsamba-policy-python-devel-4.9.5+git.471.5edbe3dcae7-3.57.2
libsamba-policy0-4.9.5+git.471.5edbe3dcae7-3.57.2
libsamba-policy0-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
samba-libs-python-4.9.5+git.471.5edbe3dcae7-3.57.2
samba-libs-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
samba-python-4.9.5+git.471.5edbe3dcae7-3.57.2
samba-python-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
- openSUSE Leap 15.3 (x86_64):
libsamba-policy0-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
libsamba-policy0-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
samba-libs-python-32bit-4.9.5+git.471.5edbe3dcae7-3.57.2
samba-libs-python-32bit-debuginfo-4.9.5+git.471.5edbe3dcae7-3.57.2
References:
https://www.suse.com/security/cve/CVE-2016-2124.html
https://www.suse.com/security/cve/CVE-2020-25717.html
https://bugzilla.suse.com/1014440
https://bugzilla.suse.com/1192284
1
0
openSUSE-SU-2021:3665-1: Security update for drbd-utils
by opensuse-security@opensuse.org 16 Nov '21
by opensuse-security@opensuse.org 16 Nov '21
16 Nov '21
openSUSE Security Update: Security update for drbd-utils
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3665-1
Rating: low
References: #1029961 #1185132 #1189363 SLE-21057
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes and contains one
feature can now be installed.
Description:
This update for drbd-utils fixes the following issues:
- make all binaries position independent (basc#1185132).
- Upgrade to 9.0.18 (bsc#1189363)
* build: remove rpm related targets
* drbdsetup,v84: fix minor compile warnings
* systemd: resource specific activation
* systemd: drbd-reactor promoter templates
* doc: fix maximum ping timeout
* doc: add man pages for the systemd templates
* drbdadm,v9: fix dstate for diskless volumes
* build/release: use lbvers.py
* drbd-attr: don't leak fd to drbdsetup
* doc: various fixes and additions
* drbdsetup,events2,v9: add backing_device
* build,Debian: rm dh-systemd dependency
* drbdsetup,events2,v9: fix --poll regression
* drbdmeta: fix bug with ALs with small final extents
* build,Debian: rm mail recommends
* drbdsetup,events2,v9: allow --poll without --now
* drbdsetup,invalidate: allow bitmap based resync after verify
* drbdadm,sh-ll-dev: change output to "none" if diskless
* drbdadm,v9: allow set-gi in single node clusters
* drbsetup,events2,v9: diff(erential) output
* drbsetup,events2,v9: add --full output
* v9: allow resource rename, also in drbdmon
* drbdadm,v9: allow c-max-rate to be disabled
* New drbd-attr Pacemaker RA
* events2: handle mixed initial state and multicast events
* events2: fix regression to always print resync done
- Prepare '/usr' merge. (bsc#1029961)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3665=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
drbd-utils-9.18.0-4.7.2
drbd-utils-debuginfo-9.18.0-4.7.2
drbd-utils-debugsource-9.18.0-4.7.2
References:
https://bugzilla.suse.com/1029961
https://bugzilla.suse.com/1185132
https://bugzilla.suse.com/1189363
1
0
openSUSE-SU-2021:3662-1: important: Security update for samba
by opensuse-security@opensuse.org 15 Nov '21
by opensuse-security@opensuse.org 15 Nov '21
15 Nov '21
openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3662-1
Rating: important
References: #1192601
Cross-References: CVE-2020-25717
CVSS scores:
CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for samba fixes the following issues:
- Fix regression introduced by CVE-2020-25717 patches, winbindd does not
start when 'allow trusted domains' is off; (bso#14899);
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3662=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ctdb-4.13.13+git.531.903f5c0ccdc-3.17.1
ctdb-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
ctdb-pcp-pmda-4.13.13+git.531.903f5c0ccdc-3.17.1
ctdb-pcp-pmda-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
ctdb-tests-4.13.13+git.531.903f5c0ccdc-3.17.1
ctdb-tests-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-binding0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr0-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr1-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy-python3-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy0-python3-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy0-python3-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap2-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient0-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ad-dc-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ad-dc-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-client-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-client-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-core-devel-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-debugsource-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-dsdb-modules-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-dsdb-modules-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-gpupdate-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ldb-ldap-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ldb-ldap-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-python3-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-python3-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-python3-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-test-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-test-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-winbind-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-winbind-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
- openSUSE Leap 15.3 (aarch64 x86_64):
samba-ceph-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ceph-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
- openSUSE Leap 15.3 (aarch64_ilp32):
libdcerpc-binding0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-binding0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr1-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr1-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi-devel-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy0-python3-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy0-python3-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap2-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap2-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient0-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient0-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ad-dc-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ad-dc-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-client-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-client-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-python3-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-python3-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-winbind-64bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-winbind-64bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
- openSUSE Leap 15.3 (noarch):
samba-doc-4.13.13+git.531.903f5c0ccdc-3.17.1
- openSUSE Leap 15.3 (x86_64):
libdcerpc-binding0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-binding0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc-samr0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libdcerpc0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-krb5pac0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-nbt0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr-standard0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr1-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libndr1-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi-devel-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libnetapi0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-credentials0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-errors0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-passdb0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy0-python3-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-policy0-python3-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamba-util0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsamdb0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbclient0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbconf0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap2-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libsmbldap2-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libtevent-util0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient0-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
libwbclient0-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ad-dc-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-ad-dc-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-client-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-client-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-python3-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-libs-python3-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-winbind-32bit-4.13.13+git.531.903f5c0ccdc-3.17.1
samba-winbind-32bit-debuginfo-4.13.13+git.531.903f5c0ccdc-3.17.1
References:
https://www.suse.com/security/cve/CVE-2020-25717.html
https://bugzilla.suse.com/1192601
1
0
openSUSE-SU-2021:1477-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 15 Nov '21
by opensuse-security@opensuse.org 15 Nov '21
15 Nov '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1477-1
Rating: important
References: #1065729 #1085030 #1100416 #1129735 #1152489
#1154353 #1156395 #1157177 #1167773 #1172073
#1173604 #1176940 #1184673 #1185762 #1186109
#1187167 #1188563 #1188876 #1188983 #1188985
#1189841 #1190006 #1190067 #1190349 #1190351
#1190479 #1190620 #1190642 #1190795 #1190941
#1191229 #1191238 #1191241 #1191315 #1191317
#1191343 #1191349 #1191384 #1191449 #1191450
#1191451 #1191452 #1191455 #1191456 #1191628
#1191731 #1191800 #1191934 #1191958 #1192036
#1192040 #1192041 #1192107 #1192145 #1192267
#1192549
Cross-References: CVE-2018-13405 CVE-2021-33033 CVE-2021-34556
CVE-2021-3542 CVE-2021-35477 CVE-2021-3655
CVE-2021-3715 CVE-2021-3760 CVE-2021-3772
CVE-2021-3896 CVE-2021-41864 CVE-2021-42008
CVE-2021-42252 CVE-2021-42739 CVE-2021-43056
CVSS scores:
CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 41 fixes
is now available.
Description:
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed
local users to create files with an unintended group ownership, in a
scenario where a directory is SGID to a certain group and is writable by
a user who is not a member of that group. Here, the non-member can
trigger creation of a plain file whose group ownership is that group.
The intended behavior was that the non-member can trigger creation of a
directory (but not a plain file) whose group ownership is that group.
The non-member can escalate privileges by making the plain file
executable and SGID (bnc#1100416 bnc#1129735).
- CVE-2021-33033: The Linux kernel had a use-after-free in cipso_v4_genopt
in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for
the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to
writing an arbitrary value (bnc#1186109 bnc#1188876).
- CVE-2021-34556: An unprivileged BPF program can obtain sensitive
information from kernel memory via a Speculative Store Bypass
side-channel attack because the protection mechanism neglects the
possibility of uninitialized memory locations on the BPF stack
(bnc#1188983).
- CVE-2021-35477: An unprivileged BPF program can obtain sensitive
information from kernel memory via a Speculative Store Bypass
side-channel attack because a certain preempting store operation did not
necessarily occur before a store operation that has an
attacker-controlled value (bnc#1188985).
- CVE-2021-3655: Missing size validations on inbound SCTP packets may have
allowed the kernel to read uninitialized memory (bnc#1188563
bnc#1192267).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in
net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the
ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-3772: Invalid chunks may be used to remotely remove existing
associations (bsc#1190351).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c
allowed unprivileged users to trigger an eBPF multiplication integer
overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c
had a slab out-of-bounds write. Input from a process that has the
CAP_NET_ADMIN capability can lead to root access (bnc#1191315).
- CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in
drivers/soc/aspeed/aspeed-lpc-ctrl.c where local attackers were able to
access the Aspeed LPC control interface could overwrite memory in the
kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This
occurs because a certain comparison uses values that are not memory
sizes (bnc#1190479).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bnc#1184673 bnc#1192036).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bsc#1184673).
- CVE-2021-43056: It allowed a malicious KVM guest to crash the host, when
the host is running on Power8, due to an
arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the
handling of the SRR1 register values (bnc#1192107).
The following non-security bugs were fixed:
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes).
- Add cherry-picked commit id to the usb hso fix (git-fixes)
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity
(git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
(git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules
(git-fixes).
- bfq: Remove merged request already in bfq_requests_merged()
(bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of "meta" errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when
mounting (bsc#1192040).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats()
(bsc#1176940).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
(git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
(git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
(git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
(git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
(git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
(git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
(git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191800).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
(git-fixes).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
(git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
(git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nfs: dir_cookie is a pointer to the cookie in older kernels, not the
cookie itself. (bsc#1191628 bsc#1192549).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page
cache (bsc#1191628).
- nvme: add command id quirk for apple controllers (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- ocfs2: fix data corruption after conversion from inline format
(bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
(git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Update timeout value in comment (git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow
(git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before
devloss (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
(bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status
change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference
(bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
(bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host
sg_reset (bsc#1192145).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair
(bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
(bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
(bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
(bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
(bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
(bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req
(bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
(bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190941).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum
workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting
(bsc#1065729).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
(bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
(bsc#1152489).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: ensure that the inode uid/gid match values match the icdinode ones
(bsc#1190006).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
(bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller
(git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command
(git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1477=1
Package List:
- openSUSE Leap 15.2 (noarch):
kernel-devel-5.3.18-lp152.102.1
kernel-docs-5.3.18-lp152.102.1
kernel-docs-html-5.3.18-lp152.102.1
kernel-macros-5.3.18-lp152.102.1
kernel-source-5.3.18-lp152.102.1
kernel-source-vanilla-5.3.18-lp152.102.1
- openSUSE Leap 15.2 (x86_64):
kernel-debug-5.3.18-lp152.102.1
kernel-debug-debuginfo-5.3.18-lp152.102.1
kernel-debug-debugsource-5.3.18-lp152.102.1
kernel-debug-devel-5.3.18-lp152.102.1
kernel-debug-devel-debuginfo-5.3.18-lp152.102.1
kernel-default-5.3.18-lp152.102.1
kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1
kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1
kernel-default-debuginfo-5.3.18-lp152.102.1
kernel-default-debugsource-5.3.18-lp152.102.1
kernel-default-devel-5.3.18-lp152.102.1
kernel-default-devel-debuginfo-5.3.18-lp152.102.1
kernel-kvmsmall-5.3.18-lp152.102.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.102.1
kernel-kvmsmall-debugsource-5.3.18-lp152.102.1
kernel-kvmsmall-devel-5.3.18-lp152.102.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.102.1
kernel-obs-build-5.3.18-lp152.102.1
kernel-obs-build-debugsource-5.3.18-lp152.102.1
kernel-obs-qa-5.3.18-lp152.102.1
kernel-preempt-5.3.18-lp152.102.1
kernel-preempt-debuginfo-5.3.18-lp152.102.1
kernel-preempt-debugsource-5.3.18-lp152.102.1
kernel-preempt-devel-5.3.18-lp152.102.1
kernel-preempt-devel-debuginfo-5.3.18-lp152.102.1
kernel-syms-5.3.18-lp152.102.1
References:
https://www.suse.com/security/cve/CVE-2018-13405.html
https://www.suse.com/security/cve/CVE-2021-33033.html
https://www.suse.com/security/cve/CVE-2021-34556.html
https://www.suse.com/security/cve/CVE-2021-3542.html
https://www.suse.com/security/cve/CVE-2021-35477.html
https://www.suse.com/security/cve/CVE-2021-3655.html
https://www.suse.com/security/cve/CVE-2021-3715.html
https://www.suse.com/security/cve/CVE-2021-3760.html
https://www.suse.com/security/cve/CVE-2021-3772.html
https://www.suse.com/security/cve/CVE-2021-3896.html
https://www.suse.com/security/cve/CVE-2021-41864.html
https://www.suse.com/security/cve/CVE-2021-42008.html
https://www.suse.com/security/cve/CVE-2021-42252.html
https://www.suse.com/security/cve/CVE-2021-42739.html
https://www.suse.com/security/cve/CVE-2021-43056.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1100416
https://bugzilla.suse.com/1129735
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1157177
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1173604
https://bugzilla.suse.com/1176940
https://bugzilla.suse.com/1184673
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1186109
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1188563
https://bugzilla.suse.com/1188876
https://bugzilla.suse.com/1188983
https://bugzilla.suse.com/1188985
https://bugzilla.suse.com/1189841
https://bugzilla.suse.com/1190006
https://bugzilla.suse.com/1190067
https://bugzilla.suse.com/1190349
https://bugzilla.suse.com/1190351
https://bugzilla.suse.com/1190479
https://bugzilla.suse.com/1190620
https://bugzilla.suse.com/1190642
https://bugzilla.suse.com/1190795
https://bugzilla.suse.com/1190941
https://bugzilla.suse.com/1191229
https://bugzilla.suse.com/1191238
https://bugzilla.suse.com/1191241
https://bugzilla.suse.com/1191315
https://bugzilla.suse.com/1191317
https://bugzilla.suse.com/1191343
https://bugzilla.suse.com/1191349
https://bugzilla.suse.com/1191384
https://bugzilla.suse.com/1191449
https://bugzilla.suse.com/1191450
https://bugzilla.suse.com/1191451
https://bugzilla.suse.com/1191452
https://bugzilla.suse.com/1191455
https://bugzilla.suse.com/1191456
https://bugzilla.suse.com/1191628
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1191800
https://bugzilla.suse.com/1191934
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1192036
https://bugzilla.suse.com/1192040
https://bugzilla.suse.com/1192041
https://bugzilla.suse.com/1192107
https://bugzilla.suse.com/1192145
https://bugzilla.suse.com/1192267
https://bugzilla.suse.com/1192549
1
0
openSUSE-SU-2021:1475-1: moderate: Security update for binutils
by opensuse-security@opensuse.org 15 Nov '21
by opensuse-security@opensuse.org 15 Nov '21
15 Nov '21
openSUSE Security Update: Security update for binutils
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1475-1
Rating: moderate
References: #1179898 #1179899 #1179900 #1179901 #1179902
#1179903 #1180451 #1180454 #1180461 #1181452
#1182252 #1183511 #1183909 #1184519 #1184620
#1184794 #1188941 #1191473 #1192267 PM-2767
SLE-18637 SLE-19618 SLE-21561
Cross-References: CVE-2020-16590 CVE-2020-16591 CVE-2020-16592
CVE-2020-16593 CVE-2020-16598 CVE-2020-16599
CVE-2020-35448 CVE-2020-35493 CVE-2020-35496
CVE-2020-35507 CVE-2021-20197 CVE-2021-20284
CVE-2021-20294 CVE-2021-3487
CVSS scores:
CVE-2020-16590 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16590 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-16591 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16591 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16592 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16592 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16593 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16593 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16598 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16599 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-16599 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2020-35448 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2020-35493 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35493 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35507 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35507 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-20197 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-20197 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-20284 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-20284 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-20294 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20294 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-3487 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-3487 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 14 vulnerabilities, contains four
features and has 5 fixes is now available.
Description:
This update for binutils fixes the following issues:
Update to binutils 2.37:
* The GNU Binutils sources now requires a C99 compiler and library to
build.
* Support for Realm Management Extension (RME) for AArch64 has been added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets has
been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable special
treatment of __start_*/__stop_* references when
--gc-sections.
* A new linker options '-Bno-symbolic' has been added which will cancel
the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
specify how the numeric values of symbols are reported.
--sym-base=0|8|10|16 tells readelf to display the values in base 8, base
10 or base 16. A sym base of 0 represents the default action
of displaying values under 10000 in base 10 and values above that in
base 16.
* A new format has been added to the nm program. Specifying
'--format=just-symbols' (or just using -j) will tell the program to
only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
objcopy and strip. This stops the removal of unused section symbols
when the file is copied. Removing these symbols saves space, but
sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
supported by objcopy now make undefined symbols weak on targets that
support weak symbols.
* Readelf and objdump can now display and use the contents of .debug_sup
sections.
* Readelf and objdump will now follow links to separate debug info files
by default. This behaviour can be stopped via the use of the new '-wN'
or '--debug-dump=no-follow-links' options for readelf and the '-WN' or
'--dwarf=no-follow-links' options for objdump. Also the old behaviour
can be restored by the use of the '--enable-follow-debug-links=no'
configure time option.
The semantics of the =follow-links option have also been slightly
changed. When enabled, the option allows for the loading of symbol tables
and string tables from the separate files which can be used to enhance the
information displayed when dumping other sections, but it does not
automatically imply that information from the separate files should be
displayed.
If other debug section display options are also enabled (eg
'--debug-dump=info') then the contents of matching sections in both the
main file and the separate debuginfo file *will* be displayed. This is
because in most cases the debug section will only be present in one of the
files.
If however non-debug section display options are enabled (eg
'--sections') then the contents of matching parts of the separate
debuginfo file will *not* be displayed. This is because in most cases the
user probably only wanted to load the symbol information from the separate
debuginfo file. In order to change this behaviour a new command line
option --process-links can be used. This will allow di0pslay options to
applied to both the main file and any separate debuginfo files.
* Nm has a new command line option: '--quiet'. This suppresses "no
symbols" diagnostic.
Update to binutils 2.36:
New features in the Assembler:
- General:
* When setting the link order attribute of ELF sections, it is now
possible to use a numeric section index instead of symbol name.
* Added a .nop directive to generate a single no-op instruction in a
target neutral manner. This instruction does have an effect on DWARF
line number generation, if that is active.
* Removed --reduce-memory-overheads and --hash-size as gas now uses
hash tables that can be expand and shrink automatically.
- X86/x86_64:
* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker
instructions.
* Support non-absolute segment values for lcall and ljmp.
* Add {disp16} pseudo prefix to x86 assembler.
* Configure with --enable-x86-used-note by default for Linux/x86.
- ARM/AArch64:
* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82,
Neoverse V1, and Neoverse N2 cores.
* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace
Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder
Extension) and BRBE (Branch Record Buffer Extension) system registers.
* Add support for Armv8-R and Armv8.7-A ISA extensions.
* Add support for DSB memory nXS barrier, WFET and WFIT instruction for
Armv8.7.
* Add support for +csre feature for -march. Add CSR PDEC instruction
for CSRE feature in AArch64.
* Add support for +flagm feature for -march in Armv8.4 AArch64.
* Add support for +ls64 feature for -march in Armv8.7 AArch64. Add
atomic 64-byte load/store instructions for this feature.
* Add support for +pauth (Pointer Authentication) feature for
-march in AArch64.
New features in the Linker:
* Add --error-handling-script=<NAME> command line option to allow a
helper script to be invoked when an undefined symbol or a missing
library is encountered. This option can be suppressed via the
configure time switch: --enable-error-handling-script=no.
* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
x86-64-{baseline|v[234]} ISA level as needed.
* Add -z unique-symbol to avoid duplicated local symbol names.
* The creation of PE format DLLs now defaults to using a more secure set
of DLL characteristics.
* The linker now deduplicates the types in .ctf sections. The new
command-line option --ctf-share-types describes how to do this: its
default value, share-unconflicted, produces the most compact
output.
* The linker now omits the "variable section" from .ctf sections by
default, saving space. This is almost certainly what you want unless
you are working on a project that has its own analogue of symbol
tables that are not reflected in the ELF symtabs.
New features in other binary tools:
* The ar tool's previously unused l modifier is now used for specifying
dependencies of a static library. The arguments of this option (or
--record-libdeps long form option) will be stored verbatim in the
__.LIBDEP member of the archive, which the linker may read at link
time.
* Readelf can now display the contents of LTO symbol table sections when
asked to do so via the --lto-syms command line
option.
* Readelf now accepts the -C command line option to enable the
demangling of symbol names. In addition the --demangle=<style>,
--no-demangle, --recurse-limit and --no-recurse-limit options are also
now availale.
Other fixes:
- For compatibility on old code stream that expect 'brcl 0,label' to not
be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts
IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).
The following security fixes are addressed by the update:
- CVE-2021-20197: Fixed a race condition which allows users to own
arbitrary files (bsc#1181452).
- CVE-2021-20284: Fixed a heap-based buffer overflow in
_bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).
- CVE-2021-3487: Fixed a denial of service via excessive debug section
size causing excessive memory consumption in bfd's dwarf2.c
read_section() (bsc#1184620).
- CVE-2020-35448: Fixed a heap-based buffer over-read in
bfd_getl_signed_32() in libbfd.c (bsc#1184794).
- CVE-2020-16590: Fixed a double free vulnerability in
process_symbol_table() (bsc#1179898).
- CVE-2020-16591: Fixed an invalid read in process_symbol_table()
(bsc#1179899).
- CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup()
(bsc#1179900).
- CVE-2020-16593: Fixed a null pointer dereference in
scan_unit_for_symbols() (bsc#1179901).
- CVE-2020-16598: Fixed a null pointer dereference in
debug_get_real_type() (bsc#1179902).
- CVE-2020-16599: Fixed a null pointer dereference in
_bfd_elf_get_symbol_version_string() (bsc#1179903)
- CVE-2020-35493: Fixed heap-based buffer overflow in
bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file
(bsc#1180451).
- CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module
due to not checking return value of bfd_malloc (bsc#1180454).
- CVE-2020-35507: Fixed a null pointer dereference in
bfd_pef_parse_function_stubs() (bsc#1180461).
- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in
readelf (bnc#1184519)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1475=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
binutils-2.37-lp152.4.9.1
binutils-debuginfo-2.37-lp152.4.9.1
binutils-debugsource-2.37-lp152.4.9.1
binutils-devel-2.37-lp152.4.9.1
binutils-gold-2.37-lp152.4.9.1
binutils-gold-debuginfo-2.37-lp152.4.9.1
libctf-nobfd0-2.37-lp152.4.9.1
libctf-nobfd0-debuginfo-2.37-lp152.4.9.1
libctf0-2.37-lp152.4.9.1
libctf0-debuginfo-2.37-lp152.4.9.1
- openSUSE Leap 15.2 (noarch):
bpftrace-tools-0.11.4-lp152.2.7.1
- openSUSE Leap 15.2 (x86_64):
binutils-devel-32bit-2.37-lp152.4.9.1
bpftrace-0.11.4-lp152.2.7.1
cross-aarch64-binutils-2.37-lp152.4.9.1
cross-aarch64-binutils-debuginfo-2.37-lp152.4.9.1
cross-aarch64-binutils-debugsource-2.37-lp152.4.9.1
cross-arm-binutils-2.37-lp152.4.9.1
cross-arm-binutils-debuginfo-2.37-lp152.4.9.1
cross-arm-binutils-debugsource-2.37-lp152.4.9.1
cross-avr-binutils-2.37-lp152.4.9.1
cross-avr-binutils-debuginfo-2.37-lp152.4.9.1
cross-avr-binutils-debugsource-2.37-lp152.4.9.1
cross-epiphany-binutils-2.37-lp152.4.9.1
cross-epiphany-binutils-debuginfo-2.37-lp152.4.9.1
cross-epiphany-binutils-debugsource-2.37-lp152.4.9.1
cross-hppa-binutils-2.37-lp152.4.9.1
cross-hppa-binutils-debuginfo-2.37-lp152.4.9.1
cross-hppa-binutils-debugsource-2.37-lp152.4.9.1
cross-hppa64-binutils-2.37-lp152.4.9.1
cross-hppa64-binutils-debuginfo-2.37-lp152.4.9.1
cross-hppa64-binutils-debugsource-2.37-lp152.4.9.1
cross-i386-binutils-2.37-lp152.4.9.1
cross-i386-binutils-debuginfo-2.37-lp152.4.9.1
cross-i386-binutils-debugsource-2.37-lp152.4.9.1
cross-ia64-binutils-2.37-lp152.4.9.1
cross-ia64-binutils-debuginfo-2.37-lp152.4.9.1
cross-ia64-binutils-debugsource-2.37-lp152.4.9.1
cross-m68k-binutils-2.37-lp152.4.9.1
cross-m68k-binutils-debuginfo-2.37-lp152.4.9.1
cross-m68k-binutils-debugsource-2.37-lp152.4.9.1
cross-mips-binutils-2.37-lp152.4.9.1
cross-mips-binutils-debuginfo-2.37-lp152.4.9.1
cross-mips-binutils-debugsource-2.37-lp152.4.9.1
cross-ppc-binutils-2.37-lp152.4.9.1
cross-ppc-binutils-debuginfo-2.37-lp152.4.9.1
cross-ppc-binutils-debugsource-2.37-lp152.4.9.1
cross-ppc64-binutils-2.37-lp152.4.9.1
cross-ppc64-binutils-debuginfo-2.37-lp152.4.9.1
cross-ppc64-binutils-debugsource-2.37-lp152.4.9.1
cross-ppc64le-binutils-2.37-lp152.4.9.1
cross-ppc64le-binutils-debuginfo-2.37-lp152.4.9.1
cross-ppc64le-binutils-debugsource-2.37-lp152.4.9.1
cross-riscv64-binutils-2.37-lp152.4.9.1
cross-riscv64-binutils-debuginfo-2.37-lp152.4.9.1
cross-riscv64-binutils-debugsource-2.37-lp152.4.9.1
cross-rx-binutils-2.37-lp152.4.9.1
cross-rx-binutils-debuginfo-2.37-lp152.4.9.1
cross-rx-binutils-debugsource-2.37-lp152.4.9.1
cross-s390-binutils-2.37-lp152.4.9.1
cross-s390-binutils-debuginfo-2.37-lp152.4.9.1
cross-s390-binutils-debugsource-2.37-lp152.4.9.1
cross-s390x-binutils-2.37-lp152.4.9.1
cross-s390x-binutils-debuginfo-2.37-lp152.4.9.1
cross-s390x-binutils-debugsource-2.37-lp152.4.9.1
cross-sparc-binutils-2.37-lp152.4.9.1
cross-sparc-binutils-debuginfo-2.37-lp152.4.9.1
cross-sparc-binutils-debugsource-2.37-lp152.4.9.1
cross-sparc64-binutils-2.37-lp152.4.9.1
cross-sparc64-binutils-debuginfo-2.37-lp152.4.9.1
cross-sparc64-binutils-debugsource-2.37-lp152.4.9.1
cross-spu-binutils-2.37-lp152.4.9.1
cross-spu-binutils-debuginfo-2.37-lp152.4.9.1
cross-spu-binutils-debugsource-2.37-lp152.4.9.1
cross-xtensa-binutils-2.37-lp152.4.9.1
cross-xtensa-binutils-debuginfo-2.37-lp152.4.9.1
cross-xtensa-binutils-debugsource-2.37-lp152.4.9.1
References:
https://www.suse.com/security/cve/CVE-2020-16590.html
https://www.suse.com/security/cve/CVE-2020-16591.html
https://www.suse.com/security/cve/CVE-2020-16592.html
https://www.suse.com/security/cve/CVE-2020-16593.html
https://www.suse.com/security/cve/CVE-2020-16598.html
https://www.suse.com/security/cve/CVE-2020-16599.html
https://www.suse.com/security/cve/CVE-2020-35448.html
https://www.suse.com/security/cve/CVE-2020-35493.html
https://www.suse.com/security/cve/CVE-2020-35496.html
https://www.suse.com/security/cve/CVE-2020-35507.html
https://www.suse.com/security/cve/CVE-2021-20197.html
https://www.suse.com/security/cve/CVE-2021-20284.html
https://www.suse.com/security/cve/CVE-2021-20294.html
https://www.suse.com/security/cve/CVE-2021-3487.html
https://bugzilla.suse.com/1179898
https://bugzilla.suse.com/1179899
https://bugzilla.suse.com/1179900
https://bugzilla.suse.com/1179901
https://bugzilla.suse.com/1179902
https://bugzilla.suse.com/1179903
https://bugzilla.suse.com/1180451
https://bugzilla.suse.com/1180454
https://bugzilla.suse.com/1180461
https://bugzilla.suse.com/1181452
https://bugzilla.suse.com/1182252
https://bugzilla.suse.com/1183511
https://bugzilla.suse.com/1183909
https://bugzilla.suse.com/1184519
https://bugzilla.suse.com/1184620
https://bugzilla.suse.com/1184794
https://bugzilla.suse.com/1188941
https://bugzilla.suse.com/1191473
https://bugzilla.suse.com/1192267
1
0
15 Nov '21
openSUSE Security Update: Security update for tinyxml
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1474-1
Rating: low
References: #1191576
Cross-References: CVE-2021-42260
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tinyxml fixes the following issues:
- CVE-2021-42260: Fixed an infinite loop for inputs containing the
sequence 0xEF0x00 (bsc#1191576)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1474=1
Package List:
- openSUSE Leap 15.2 (x86_64):
libtinyxml0-2.6.2-lp152.4.3.1
libtinyxml0-debuginfo-2.6.2-lp152.4.3.1
tinyxml-debugsource-2.6.2-lp152.4.3.1
tinyxml-devel-2.6.2-lp152.4.3.1
tinyxml-docs-2.6.2-lp152.4.3.1
References:
https://www.suse.com/security/cve/CVE-2021-42260.html
https://bugzilla.suse.com/1191576
1
0
openSUSE-SU-2021:1471-1: important: Security update for samba
by opensuse-security@opensuse.org 15 Nov '21
by opensuse-security@opensuse.org 15 Nov '21
15 Nov '21
openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1471-1
Rating: important
References: #1014440 #1192214 #1192284
Cross-References: CVE-2016-2124 CVE-2020-25717 CVE-2021-23192
CVSS scores:
CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
user could become root on domain members (bsc#1192284).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
against the first auth_state (bsc#1192214).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1471=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
ctdb-4.11.14+git.308.666c63d4eea-lp152.3.28.1
ctdb-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
ctdb-pcp-pmda-4.11.14+git.308.666c63d4eea-lp152.3.28.1
ctdb-pcp-pmda-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
ctdb-tests-4.11.14+git.308.666c63d4eea-lp152.3.28.1
ctdb-tests-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-binding0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-binding0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-samr-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-samr0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-samr0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-krb5pac-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-krb5pac0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-krb5pac0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-nbt-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-nbt0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-nbt0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-standard-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-standard0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-standard0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libnetapi-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libnetapi0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libnetapi0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-credentials-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-credentials0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-credentials0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-errors-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-errors0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-errors0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-hostconfig-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-hostconfig0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-hostconfig0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-passdb-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-passdb0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-passdb0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-policy-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-policy-python3-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-policy0-python3-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-policy0-python3-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-util-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-util0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-util0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamdb-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamdb0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamdb0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbclient-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbclient0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbclient0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbconf-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbconf0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbconf0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbldap-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbldap2-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbldap2-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libtevent-util-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libtevent-util0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libtevent-util0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libwbclient-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libwbclient0-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libwbclient0-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-ad-dc-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-ad-dc-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-client-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-client-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-core-devel-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-debugsource-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-dsdb-modules-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-dsdb-modules-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-python3-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-python3-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-python3-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-python3-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-test-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-test-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-winbind-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-winbind-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
- openSUSE Leap 15.2 (x86_64):
libdcerpc-binding0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-binding0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-samr0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc-samr0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libdcerpc0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-krb5pac0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-krb5pac0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-nbt0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-nbt0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-standard0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr-standard0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libndr0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libnetapi-devel-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libnetapi0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libnetapi0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-credentials0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-credentials0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-errors0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-errors0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-hostconfig0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-passdb0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-passdb0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-policy0-python3-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-policy0-python3-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-util0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamba-util0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamdb0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsamdb0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbclient0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbclient0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbconf0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbconf0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbldap2-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libsmbldap2-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libtevent-util0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libtevent-util0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libwbclient0-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
libwbclient0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-ad-dc-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-ad-dc-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-ceph-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-ceph-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-client-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-client-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-python3-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-libs-python3-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-winbind-32bit-4.11.14+git.308.666c63d4eea-lp152.3.28.1
samba-winbind-32bit-debuginfo-4.11.14+git.308.666c63d4eea-lp152.3.28.1
- openSUSE Leap 15.2 (noarch):
samba-doc-4.11.14+git.308.666c63d4eea-lp152.3.28.1
References:
https://www.suse.com/security/cve/CVE-2016-2124.html
https://www.suse.com/security/cve/CVE-2020-25717.html
https://www.suse.com/security/cve/CVE-2021-23192.html
https://bugzilla.suse.com/1014440
https://bugzilla.suse.com/1192214
https://bugzilla.suse.com/1192284
1
0
openSUSE-SU-2021:1468-1: moderate: Security update for rubygem-activerecord-5_1
by opensuse-security@opensuse.org 12 Nov '21
by opensuse-security@opensuse.org 12 Nov '21
12 Nov '21
openSUSE Security Update: Security update for rubygem-activerecord-5_1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1468-1
Rating: moderate
References: #1182169
Cross-References: CVE-2021-22880
CVSS scores:
CVE-2021-22880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-22880 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-activerecord-5_1 fixes the following issues:
- CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type
(bsc#1182169).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1468=1
Package List:
- openSUSE Leap 15.2 (x86_64):
ruby2.5-rubygem-activerecord-5_1-5.1.4-lp152.4.3.1
References:
https://www.suse.com/security/cve/CVE-2021-22880.html
https://bugzilla.suse.com/1182169
1
0
openSUSE-SU-2021:3655-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 11 Nov '21
by opensuse-security@opensuse.org 11 Nov '21
11 Nov '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3655-1
Rating: important
References: #1065729 #1085030 #1152472 #1152489 #1156395
#1172073 #1173604 #1176447 #1176774 #1176914
#1178134 #1180100 #1181147 #1184673 #1185762
#1186063 #1186109 #1187167 #1188563 #1189841
#1190006 #1190067 #1190349 #1190351 #1190479
#1190620 #1190642 #1190795 #1190801 #1190941
#1191229 #1191240 #1191241 #1191315 #1191317
#1191349 #1191384 #1191449 #1191450 #1191451
#1191452 #1191455 #1191456 #1191628 #1191645
#1191663 #1191731 #1191800 #1191867 #1191934
#1191958 #1192040 #1192041 #1192074 #1192107
#1192145
Cross-References: CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
CVE-2021-3772 CVE-2021-3896 CVE-2021-41864
CVE-2021-42008 CVE-2021-42252 CVE-2021-42739
CVE-2021-43056
CVSS scores:
CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 43 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
NOTE: This update was retracted due to a NFS regression.
The following security bugs were fixed:
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
which may have allowed the kernel to read uninitialized memory
(bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the
ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
(bsc#1186063).
- CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
DOI definitions is mishandled (bsc#1186109).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in
net/sched/cls_route.c (bsc#1190349).
- CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
Vulnerability (bsc#1191645).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
have allowed local attackers to access the Aspeed LPC control interface
to overwrite memory in the kernel and potentially execute privileges
(bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
unprivileged users to trigger an eBPF multiplication integer overflow
with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
function in drivers/net/hamradio/6pack.c. Input from a process that had
the CAP_NET_ADMIN capability could have lead to root access
(bsc#1191315).
The following non-security bugs were fixed:
- ACPI: NFIT: Use fallback node id when numa info in NFIT table is
incorrect (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
(git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
laptop (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
13s Gen2 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
(git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
(bsc#1190801).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
(git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
(git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
the matching in-/output (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
(git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
(git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid batching
(git-fixes).
- ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
- ASoC: dapm: use component prefix when checking widget names (git-fixes).
- ASoC: fsl_spdif: register platform component before registering cpu dai
(git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
(git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
(git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1156395).
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
git-fixes).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
(git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
(git-fixes).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page
cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
(git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
(git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
(bsc#1181147).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules
(git-fixes).
- bfq: Remove merged request already in bfq_requests_merged()
(bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
(jsc#SLE-16649).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(git-fixes).
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of "meta" errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when
mounting (bsc#1192040).
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
bsc#1176914 ltc#186394 git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
(git-fixes).
- drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: *
context changes in intel_timeline_fini()
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
- drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
(git-fixes).
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/panfrost: Make sure MMU context lifetime is not bound to
(bsc#1152472)
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- e1000e: Drop patch to avoid regressions until real fix is available
(bsc#1191663).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1191449).
- gpio: pca953x: Improve bias setting (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
(git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
(git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
(git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
(bsc#1189841).")
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
(git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter
(jsc#SLE-15172).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
LRO combined (jsc#SLE-15172).
- net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
(bsc#1176774).
- net: batman-adv: fix error handling (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
(git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
(git-fixes).
- netfilter: Drop fragmented ndisc packets assembled in netfilter
(git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
garbage value (bsc#1176447).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format
(bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
(git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
(git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
(jsc#SLE-13847 git-fixes).
- powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
(jsc#SLE-9246 git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
(jsc#SLE-13847 git-fixes).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(bsc#1085030 git-fixes).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc: Do not use 'struct ppc_inst' to reference instruction location
(jsc#SLE-13847 git-fixes).
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
ltc#190257 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
ltc#194757).
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
(git-fixes).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
(bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before
devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status
change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference
(bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
(bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host
sg_reset (bsc#1192145).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware
(jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook
(jsc#SLE-18120).
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair
(jsc#SLE-18120).
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
(jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
(jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
timeout (jsc#SLE-18120).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair
(bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
(bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
(bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
(bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
(bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req
(bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
(bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
(bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum
workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting
(bsc#1065729).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
(bsc#1152489).
- x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
(bsc#1178134).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by
CVE-2018-13405 patch (bsc#1190006).
- xfs: ensure that the inode uid/gid match values match the icdinode ones
(bsc#1190006).
- xfs: fix I_DONTCACHE (bsc#1192074).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
(bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller
(git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command
(git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3655=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-59.30.1
cluster-md-kmp-default-debuginfo-5.3.18-59.30.1
dlm-kmp-default-5.3.18-59.30.1
dlm-kmp-default-debuginfo-5.3.18-59.30.1
gfs2-kmp-default-5.3.18-59.30.1
gfs2-kmp-default-debuginfo-5.3.18-59.30.1
kernel-default-5.3.18-59.30.1
kernel-default-base-5.3.18-59.30.1.18.17.1
kernel-default-base-rebuild-5.3.18-59.30.1.18.17.1
kernel-default-debuginfo-5.3.18-59.30.1
kernel-default-debugsource-5.3.18-59.30.1
kernel-default-devel-5.3.18-59.30.1
kernel-default-devel-debuginfo-5.3.18-59.30.1
kernel-default-extra-5.3.18-59.30.1
kernel-default-extra-debuginfo-5.3.18-59.30.1
kernel-default-livepatch-5.3.18-59.30.1
kernel-default-livepatch-devel-5.3.18-59.30.1
kernel-default-optional-5.3.18-59.30.1
kernel-default-optional-debuginfo-5.3.18-59.30.1
kernel-obs-build-5.3.18-59.30.1
kernel-obs-build-debugsource-5.3.18-59.30.1
kernel-obs-qa-5.3.18-59.30.1
kernel-syms-5.3.18-59.30.1
kselftests-kmp-default-5.3.18-59.30.1
kselftests-kmp-default-debuginfo-5.3.18-59.30.1
ocfs2-kmp-default-5.3.18-59.30.1
ocfs2-kmp-default-debuginfo-5.3.18-59.30.1
reiserfs-kmp-default-5.3.18-59.30.1
reiserfs-kmp-default-debuginfo-5.3.18-59.30.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-59.30.1
cluster-md-kmp-preempt-debuginfo-5.3.18-59.30.1
dlm-kmp-preempt-5.3.18-59.30.1
dlm-kmp-preempt-debuginfo-5.3.18-59.30.1
gfs2-kmp-preempt-5.3.18-59.30.1
gfs2-kmp-preempt-debuginfo-5.3.18-59.30.1
kernel-preempt-5.3.18-59.30.1
kernel-preempt-debuginfo-5.3.18-59.30.1
kernel-preempt-debugsource-5.3.18-59.30.1
kernel-preempt-devel-5.3.18-59.30.1
kernel-preempt-devel-debuginfo-5.3.18-59.30.1
kernel-preempt-extra-5.3.18-59.30.1
kernel-preempt-extra-debuginfo-5.3.18-59.30.1
kernel-preempt-livepatch-devel-5.3.18-59.30.1
kernel-preempt-optional-5.3.18-59.30.1
kernel-preempt-optional-debuginfo-5.3.18-59.30.1
kselftests-kmp-preempt-5.3.18-59.30.1
kselftests-kmp-preempt-debuginfo-5.3.18-59.30.1
ocfs2-kmp-preempt-5.3.18-59.30.1
ocfs2-kmp-preempt-debuginfo-5.3.18-59.30.1
reiserfs-kmp-preempt-5.3.18-59.30.1
reiserfs-kmp-preempt-debuginfo-5.3.18-59.30.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-59.30.1
kernel-debug-debuginfo-5.3.18-59.30.1
kernel-debug-debugsource-5.3.18-59.30.1
kernel-debug-devel-5.3.18-59.30.1
kernel-debug-devel-debuginfo-5.3.18-59.30.1
kernel-debug-livepatch-devel-5.3.18-59.30.1
kernel-kvmsmall-5.3.18-59.30.1
kernel-kvmsmall-debuginfo-5.3.18-59.30.1
kernel-kvmsmall-debugsource-5.3.18-59.30.1
kernel-kvmsmall-devel-5.3.18-59.30.1
kernel-kvmsmall-devel-debuginfo-5.3.18-59.30.1
kernel-kvmsmall-livepatch-devel-5.3.18-59.30.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-59.30.1
cluster-md-kmp-64kb-debuginfo-5.3.18-59.30.1
dlm-kmp-64kb-5.3.18-59.30.1
dlm-kmp-64kb-debuginfo-5.3.18-59.30.1
dtb-al-5.3.18-59.30.1
dtb-allwinner-5.3.18-59.30.1
dtb-altera-5.3.18-59.30.1
dtb-amd-5.3.18-59.30.1
dtb-amlogic-5.3.18-59.30.1
dtb-apm-5.3.18-59.30.1
dtb-arm-5.3.18-59.30.1
dtb-broadcom-5.3.18-59.30.1
dtb-cavium-5.3.18-59.30.1
dtb-exynos-5.3.18-59.30.1
dtb-freescale-5.3.18-59.30.1
dtb-hisilicon-5.3.18-59.30.1
dtb-lg-5.3.18-59.30.1
dtb-marvell-5.3.18-59.30.1
dtb-mediatek-5.3.18-59.30.1
dtb-nvidia-5.3.18-59.30.1
dtb-qcom-5.3.18-59.30.1
dtb-renesas-5.3.18-59.30.1
dtb-rockchip-5.3.18-59.30.1
dtb-socionext-5.3.18-59.30.1
dtb-sprd-5.3.18-59.30.1
dtb-xilinx-5.3.18-59.30.1
dtb-zte-5.3.18-59.30.1
gfs2-kmp-64kb-5.3.18-59.30.1
gfs2-kmp-64kb-debuginfo-5.3.18-59.30.1
kernel-64kb-5.3.18-59.30.1
kernel-64kb-debuginfo-5.3.18-59.30.1
kernel-64kb-debugsource-5.3.18-59.30.1
kernel-64kb-devel-5.3.18-59.30.1
kernel-64kb-devel-debuginfo-5.3.18-59.30.1
kernel-64kb-extra-5.3.18-59.30.1
kernel-64kb-extra-debuginfo-5.3.18-59.30.1
kernel-64kb-livepatch-devel-5.3.18-59.30.1
kernel-64kb-optional-5.3.18-59.30.1
kernel-64kb-optional-debuginfo-5.3.18-59.30.1
kselftests-kmp-64kb-5.3.18-59.30.1
kselftests-kmp-64kb-debuginfo-5.3.18-59.30.1
ocfs2-kmp-64kb-5.3.18-59.30.1
ocfs2-kmp-64kb-debuginfo-5.3.18-59.30.1
reiserfs-kmp-64kb-5.3.18-59.30.1
reiserfs-kmp-64kb-debuginfo-5.3.18-59.30.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-59.30.1
kernel-docs-5.3.18-59.30.1
kernel-docs-html-5.3.18-59.30.1
kernel-macros-5.3.18-59.30.1
kernel-source-5.3.18-59.30.1
kernel-source-vanilla-5.3.18-59.30.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-59.30.1
kernel-zfcpdump-debuginfo-5.3.18-59.30.1
kernel-zfcpdump-debugsource-5.3.18-59.30.1
References:
https://www.suse.com/security/cve/CVE-2021-33033.html
https://www.suse.com/security/cve/CVE-2021-34866.html
https://www.suse.com/security/cve/CVE-2021-3542.html
https://www.suse.com/security/cve/CVE-2021-3655.html
https://www.suse.com/security/cve/CVE-2021-3715.html
https://www.suse.com/security/cve/CVE-2021-3760.html
https://www.suse.com/security/cve/CVE-2021-3772.html
https://www.suse.com/security/cve/CVE-2021-3896.html
https://www.suse.com/security/cve/CVE-2021-41864.html
https://www.suse.com/security/cve/CVE-2021-42008.html
https://www.suse.com/security/cve/CVE-2021-42252.html
https://www.suse.com/security/cve/CVE-2021-42739.html
https://www.suse.com/security/cve/CVE-2021-43056.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1173604
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176774
https://bugzilla.suse.com/1176914
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1180100
https://bugzilla.suse.com/1181147
https://bugzilla.suse.com/1184673
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1186063
https://bugzilla.suse.com/1186109
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1188563
https://bugzilla.suse.com/1189841
https://bugzilla.suse.com/1190006
https://bugzilla.suse.com/1190067
https://bugzilla.suse.com/1190349
https://bugzilla.suse.com/1190351
https://bugzilla.suse.com/1190479
https://bugzilla.suse.com/1190620
https://bugzilla.suse.com/1190642
https://bugzilla.suse.com/1190795
https://bugzilla.suse.com/1190801
https://bugzilla.suse.com/1190941
https://bugzilla.suse.com/1191229
https://bugzilla.suse.com/1191240
https://bugzilla.suse.com/1191241
https://bugzilla.suse.com/1191315
https://bugzilla.suse.com/1191317
https://bugzilla.suse.com/1191349
https://bugzilla.suse.com/1191384
https://bugzilla.suse.com/1191449
https://bugzilla.suse.com/1191450
https://bugzilla.suse.com/1191451
https://bugzilla.suse.com/1191452
https://bugzilla.suse.com/1191455
https://bugzilla.suse.com/1191456
https://bugzilla.suse.com/1191628
https://bugzilla.suse.com/1191645
https://bugzilla.suse.com/1191663
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1191800
https://bugzilla.suse.com/1191867
https://bugzilla.suse.com/1191934
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1192040
https://bugzilla.suse.com/1192041
https://bugzilla.suse.com/1192074
https://bugzilla.suse.com/1192107
https://bugzilla.suse.com/1192145
1
0
openSUSE-SU-2021:3650-1: important: Security update for samba
by opensuse-security@opensuse.org 10 Nov '21
by opensuse-security@opensuse.org 10 Nov '21
10 Nov '21
openSUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3650-1
Rating: important
References: #1014440 #1192214 #1192284
Cross-References: CVE-2016-2124 CVE-2020-25717 CVE-2021-23192
CVSS scores:
CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for samba fixes the following issues:
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
user could become root on domain members (bsc#1192284).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
against the first auth_state (bsc#1192214).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3650=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libndr0-4.11.14+git.308.666c63d4eea-4.28.1
libndr0-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
- openSUSE Leap 15.3 (x86_64):
libndr0-32bit-4.11.14+git.308.666c63d4eea-4.28.1
libndr0-32bit-debuginfo-4.11.14+git.308.666c63d4eea-4.28.1
References:
https://www.suse.com/security/cve/CVE-2016-2124.html
https://www.suse.com/security/cve/CVE-2020-25717.html
https://www.suse.com/security/cve/CVE-2021-23192.html
https://bugzilla.suse.com/1014440
https://bugzilla.suse.com/1192214
https://bugzilla.suse.com/1192284
1
0
openSUSE-SU-2021:3647-1: important: Security update for samba and ldb
by opensuse-security@opensuse.org 10 Nov '21
by opensuse-security@opensuse.org 10 Nov '21
10 Nov '21
openSUSE Security Update: Security update for samba and ldb
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3647-1
Rating: important
References: #1014440 #1192214 #1192215 #1192246 #1192247
#1192283 #1192284 #1192505
Cross-References: CVE-2016-2124 CVE-2020-25717 CVE-2020-25718
CVE-2020-25719 CVE-2020-25721 CVE-2020-25722
CVE-2021-23192 CVE-2021-3738
CVSS scores:
CVE-2020-25717 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2020-25718 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-25719 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-25722 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-23192 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2021-3738 (SUSE): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 8 vulnerabilities is now available.
Description:
This update for samba and ldb fixes the following issues:
- CVE-2020-25718: Fixed that an RODC can issue (forge) administrator
tickets to other servers (bsc#1192246).
- CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215).
- CVE-2016-2124: Fixed not to fallback to non spnego authentication if we
require kerberos (bsc#1014440).
- CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a
user could become root on domain members (bsc#1192284).
- CVE-2020-25719: Fixed AD DC Username based races when no PAC is given
(bsc#1192247).
- CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level
bug for AD DC validation issues) (bsc#1192283).
- CVE-2021-23192: Fixed dcerpc requests to don't check all fragments
against the first auth_state (bsc#1192214).
- CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values
(bsc#1192505).
Samba was updated to 4.13.13
* rodc_rwdc test flaps;(bso#14868).
* Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit'
S4U2Proxy Constrained Delegation bypass in Samba with embedded
Heimdal;(bso#14642).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* "in" operator on ldb.Message is case sensitive;(bso#14845).
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871).
* Allow special chars like "@" in samAccountName when generating the
salt;(bso#14874).
* Fix transit path validation;(bso#12998).
* Prepare to operate with MIT krb5 >= 1.20;(bso#14870).
* rpcclient NetFileEnum and net rpc file both cause lock order violation:
brlock.tdb, share_entries.tdb;(bso#14645).
* Python ldb.msg_diff() memory handling failure;(bso#14836).
* Release LDB 2.3.1 for Samba 4.14.9;(bso#14848).
Samba was updated to 4.13.12:
* Address a signifcant performance regression in database access in the AD
DC since Samba 4.12;(bso#14806).
* Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba
4.9 by using an explicit database handle cache; (bso#14807).
* An unuthenticated user can crash the AD DC KDC by omitting the server
name in a TGS-REQ;(bso#14817).
* Address flapping samba_tool_drs_showrepl test;(bso#14818).
* Address flapping dsdb_schema_attributes test;(bso#14819).
* An unuthenticated user can crash the AD DC KDC by omitting the server
name in a TGS-REQ;(bso#14817).
* Fix CTDB flag/status update race conditions(bso#14784).
Samba was updated to 4.13.11:
* smbd: panic on force-close share during offload write; (bso#14769).
* Fix returned attributes on fake quota file handle and avoid hitting the
VFS;(bso#14731).
* smbd: "deadtime" parameter doesn't work anymore;(bso#14783).
* net conf list crashes when run as normal user;(bso#14787).
* Work around special SMB2 READ response behavior of NetApp Ontap
7.3.7;(bso#14607).
* Start the SMB encryption as soon as possible;(bso#14793).
* Winbind should not start if the socket path for the privileged pipe is
too long;(bso#14792).
ldb was updated to 2.2.2:
+ CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets
to other servers; (bsc#1192246); (bso#14558)
+ CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848)
Release ldb 2.2.2
+ Corrected python behaviour for 'in' for LDAP attributes contained as
part of ldb.Message;(bso#14845).
+ Fix memory handling in ldb.msg_diff Corrected python
docstrings;(bso#14836)
+ Backport bronze bit fixes, tests, and selftest improvements; (bso#14881).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3647=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ctdb-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-pcp-pmda-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-pcp-pmda-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-tests-4.13.13+git.528.140935f8d6a-3.12.1
ctdb-tests-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
ldb-debugsource-2.2.2-3.3.1
ldb-tools-2.2.2-3.3.1
ldb-tools-debuginfo-2.2.2-3.3.1
libdcerpc-binding0-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-binding0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-devel-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr-devel-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libldb-devel-2.2.2-3.3.1
libldb2-2.2.2-3.3.1
libldb2-debuginfo-2.2.2-3.3.1
libndr-devel-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac-devel-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac0-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt-devel-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt0-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard-devel-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard0-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr1-4.13.13+git.528.140935f8d6a-3.12.1
libndr1-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi-devel-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi0-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials0-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors0-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig0-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb0-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy-python3-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy0-python3-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy0-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util0-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb0-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient0-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf0-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap-devel-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap2-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap2-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util-devel-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util0-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient-devel-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient0-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient0-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
python3-ldb-2.2.2-3.3.1
python3-ldb-debuginfo-2.2.2-3.3.1
python3-ldb-devel-2.2.2-3.3.1
samba-4.13.13+git.528.140935f8d6a-3.12.1
samba-ad-dc-4.13.13+git.528.140935f8d6a-3.12.1
samba-ad-dc-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-client-4.13.13+git.528.140935f8d6a-3.12.1
samba-client-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-core-devel-4.13.13+git.528.140935f8d6a-3.12.1
samba-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-debugsource-4.13.13+git.528.140935f8d6a-3.12.1
samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1
samba-dsdb-modules-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-gpupdate-4.13.13+git.528.140935f8d6a-3.12.1
samba-ldb-ldap-4.13.13+git.528.140935f8d6a-3.12.1
samba-ldb-ldap-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-python3-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-python3-4.13.13+git.528.140935f8d6a-3.12.1
samba-python3-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-test-4.13.13+git.528.140935f8d6a-3.12.1
samba-test-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-winbind-4.13.13+git.528.140935f8d6a-3.12.1
samba-winbind-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
- openSUSE Leap 15.3 (aarch64 x86_64):
samba-ceph-4.13.13+git.528.140935f8d6a-3.12.1
samba-ceph-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
- openSUSE Leap 15.3 (aarch64_ilp32):
libdcerpc-binding0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-binding0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr1-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr1-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi-devel-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy0-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy0-python3-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap2-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap2-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient0-64bit-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient0-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-ad-dc-64bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-ad-dc-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-client-64bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-client-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-64bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-python3-64bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-python3-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-winbind-64bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-winbind-64bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
- openSUSE Leap 15.3 (noarch):
samba-doc-4.13.13+git.528.140935f8d6a-3.12.1
- openSUSE Leap 15.3 (x86_64):
libdcerpc-binding0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-binding0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc-samr0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libdcerpc0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libldb2-32bit-2.2.2-3.3.1
libldb2-32bit-debuginfo-2.2.2-3.3.1
libndr-krb5pac0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr-krb5pac0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr-nbt0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr-standard0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libndr1-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libndr1-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi-devel-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libnetapi0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-credentials0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-errors0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-hostconfig0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-passdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy0-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-policy0-python3-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamba-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsamdb0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsmbclient0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsmbconf0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap2-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libsmbldap2-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libtevent-util0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient0-32bit-4.13.13+git.528.140935f8d6a-3.12.1
libwbclient0-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
python3-ldb-32bit-2.2.2-3.3.1
python3-ldb-32bit-debuginfo-2.2.2-3.3.1
samba-ad-dc-32bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-ad-dc-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-client-32bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-client-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-32bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-python3-32bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-libs-python3-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
samba-winbind-32bit-4.13.13+git.528.140935f8d6a-3.12.1
samba-winbind-32bit-debuginfo-4.13.13+git.528.140935f8d6a-3.12.1
References:
https://www.suse.com/security/cve/CVE-2016-2124.html
https://www.suse.com/security/cve/CVE-2020-25717.html
https://www.suse.com/security/cve/CVE-2020-25718.html
https://www.suse.com/security/cve/CVE-2020-25719.html
https://www.suse.com/security/cve/CVE-2020-25721.html
https://www.suse.com/security/cve/CVE-2020-25722.html
https://www.suse.com/security/cve/CVE-2021-23192.html
https://www.suse.com/security/cve/CVE-2021-3738.html
https://bugzilla.suse.com/1014440
https://bugzilla.suse.com/1192214
https://bugzilla.suse.com/1192215
https://bugzilla.suse.com/1192246
https://bugzilla.suse.com/1192247
https://bugzilla.suse.com/1192283
https://bugzilla.suse.com/1192284
https://bugzilla.suse.com/1192505
1
0
openSUSE-SU-2021:3643-1: moderate: Security update for binutils
by opensuse-security@opensuse.org 09 Nov '21
by opensuse-security@opensuse.org 09 Nov '21
09 Nov '21
openSUSE Security Update: Security update for binutils
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3643-1
Rating: moderate
References: #1183909 #1184519 #1188941 #1191473 #1192267
Cross-References: CVE-2021-20294
CVSS scores:
CVE-2021-20294 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20294 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves one vulnerability and has four fixes
is now available.
Description:
This update for binutils fixes the following issues:
- For compatibility on old code stream that expect 'brcl 0,label' to not
be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts
IBM zSeries HLASM support for now.
- Fixed that ppc64 optflags did not enable LTO (bsc#1188941).
- Fix empty man-pages from broken release tarball
- Fixed a memory corruption with rpath option (bsc#1191473).
- Fixed slow performance of stripping some binaries (bsc#1183909).
Security issue fixed:
- CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in
readelf (bnc#1184519)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3643=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
binutils-2.37-7.26.1
binutils-debuginfo-2.37-7.26.1
binutils-debugsource-2.37-7.26.1
binutils-devel-2.37-7.26.1
binutils-gold-2.37-7.26.1
binutils-gold-debuginfo-2.37-7.26.1
cross-arm-binutils-2.37-7.26.1
cross-arm-binutils-debuginfo-2.37-7.26.1
cross-arm-binutils-debugsource-2.37-7.26.1
cross-avr-binutils-2.37-7.26.1
cross-avr-binutils-debuginfo-2.37-7.26.1
cross-avr-binutils-debugsource-2.37-7.26.1
cross-epiphany-binutils-2.37-7.26.1
cross-epiphany-binutils-debuginfo-2.37-7.26.1
cross-epiphany-binutils-debugsource-2.37-7.26.1
cross-hppa-binutils-2.37-7.26.1
cross-hppa-binutils-debuginfo-2.37-7.26.1
cross-hppa-binutils-debugsource-2.37-7.26.1
cross-hppa64-binutils-2.37-7.26.1
cross-hppa64-binutils-debuginfo-2.37-7.26.1
cross-hppa64-binutils-debugsource-2.37-7.26.1
cross-i386-binutils-2.37-7.26.1
cross-i386-binutils-debuginfo-2.37-7.26.1
cross-i386-binutils-debugsource-2.37-7.26.1
cross-ia64-binutils-2.37-7.26.1
cross-ia64-binutils-debuginfo-2.37-7.26.1
cross-ia64-binutils-debugsource-2.37-7.26.1
cross-m68k-binutils-2.37-7.26.1
cross-m68k-binutils-debuginfo-2.37-7.26.1
cross-m68k-binutils-debugsource-2.37-7.26.1
cross-mips-binutils-2.37-7.26.1
cross-mips-binutils-debuginfo-2.37-7.26.1
cross-mips-binutils-debugsource-2.37-7.26.1
cross-ppc-binutils-2.37-7.26.1
cross-ppc-binutils-debuginfo-2.37-7.26.1
cross-ppc-binutils-debugsource-2.37-7.26.1
cross-ppc64-binutils-2.37-7.26.1
cross-ppc64-binutils-debuginfo-2.37-7.26.1
cross-ppc64-binutils-debugsource-2.37-7.26.1
cross-riscv64-binutils-2.37-7.26.1
cross-riscv64-binutils-debuginfo-2.37-7.26.1
cross-riscv64-binutils-debugsource-2.37-7.26.1
cross-rx-binutils-2.37-7.26.1
cross-rx-binutils-debuginfo-2.37-7.26.1
cross-rx-binutils-debugsource-2.37-7.26.1
cross-s390-binutils-2.37-7.26.1
cross-s390-binutils-debuginfo-2.37-7.26.1
cross-s390-binutils-debugsource-2.37-7.26.1
cross-sparc-binutils-2.37-7.26.1
cross-sparc-binutils-debuginfo-2.37-7.26.1
cross-sparc-binutils-debugsource-2.37-7.26.1
cross-sparc64-binutils-2.37-7.26.1
cross-sparc64-binutils-debuginfo-2.37-7.26.1
cross-sparc64-binutils-debugsource-2.37-7.26.1
cross-spu-binutils-2.37-7.26.1
cross-spu-binutils-debuginfo-2.37-7.26.1
cross-spu-binutils-debugsource-2.37-7.26.1
libctf-nobfd0-2.37-7.26.1
libctf-nobfd0-debuginfo-2.37-7.26.1
libctf0-2.37-7.26.1
libctf0-debuginfo-2.37-7.26.1
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
cross-s390x-binutils-2.37-7.26.1
cross-s390x-binutils-debuginfo-2.37-7.26.1
cross-s390x-binutils-debugsource-2.37-7.26.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x):
cross-x86_64-binutils-2.37-7.26.1
cross-x86_64-binutils-debuginfo-2.37-7.26.1
cross-x86_64-binutils-debugsource-2.37-7.26.1
- openSUSE Leap 15.3 (aarch64 s390x x86_64):
cross-ppc64le-binutils-2.37-7.26.1
cross-ppc64le-binutils-debuginfo-2.37-7.26.1
cross-ppc64le-binutils-debugsource-2.37-7.26.1
- openSUSE Leap 15.3 (ppc64le s390x x86_64):
cross-aarch64-binutils-2.37-7.26.1
cross-aarch64-binutils-debuginfo-2.37-7.26.1
cross-aarch64-binutils-debugsource-2.37-7.26.1
- openSUSE Leap 15.3 (x86_64):
binutils-devel-32bit-2.37-7.26.1
References:
https://www.suse.com/security/cve/CVE-2021-20294.html
https://bugzilla.suse.com/1183909
https://bugzilla.suse.com/1184519
https://bugzilla.suse.com/1188941
https://bugzilla.suse.com/1191473
https://bugzilla.suse.com/1192267
1
0
09 Nov '21
openSUSE Security Update: Security update for tinyxml
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3639-1
Rating: low
References: #1191576
Cross-References: CVE-2021-42260
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for tinyxml fixes the following issues:
- CVE-2021-42260: Fixed an infinite loop for inputs containing the
sequence 0xEF0x00 (bsc#1191576)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3639=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtinyxml0-2.6.2-3.3.1
libtinyxml0-debuginfo-2.6.2-3.3.1
tinyxml-debugsource-2.6.2-3.3.1
tinyxml-devel-2.6.2-3.3.1
tinyxml-docs-2.6.2-3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-42260.html
https://bugzilla.suse.com/1191576
1
0
openSUSE-SU-2021:3641-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 09 Nov '21
by opensuse-security@opensuse.org 09 Nov '21
09 Nov '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3641-1
Rating: important
References: #1065729 #1085030 #1152472 #1152489 #1156395
#1172073 #1173604 #1176447 #1176774 #1176914
#1178134 #1180100 #1181147 #1184673 #1185762
#1186063 #1186109 #1187167 #1188563 #1189841
#1190006 #1190067 #1190349 #1190351 #1190479
#1190620 #1190642 #1190795 #1190801 #1190941
#1191229 #1191240 #1191241 #1191315 #1191317
#1191349 #1191384 #1191449 #1191450 #1191451
#1191452 #1191455 #1191456 #1191628 #1191645
#1191663 #1191731 #1191800 #1191867 #1191934
#1191958 #1192040 #1192041 #1192074 #1192107
#1192145
Cross-References: CVE-2021-33033 CVE-2021-34866 CVE-2021-3542
CVE-2021-3655 CVE-2021-3715 CVE-2021-3760
CVE-2021-3772 CVE-2021-3896 CVE-2021-41864
CVE-2021-42008 CVE-2021-42252 CVE-2021-42739
CVE-2021-43056
CVSS scores:
CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 43 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).
- CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,
which may have allowed the kernel to read uninitialized memory
(bsc#1188563).
- CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on
Power8 (bnc#1192107).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the
ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bsc#1184673).
- CVE-2021-3542: Fixed heap buffer overflow in firedtv driver
(bsc#1186063).
- CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in
net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the
DOI definitions is mishandled (bsc#1186109).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in
net/sched/cls_route.c (bsc#1190349).
- CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation
Vulnerability (bsc#1191645).
- CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could
have allowed local attackers to access the Aspeed LPC control interface
to overwrite memory in the kernel and potentially execute privileges
(bnc#1190479).
- CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed
unprivileged users to trigger an eBPF multiplication integer overflow
with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data
function in drivers/net/hamradio/6pack.c. Input from a process that had
the CAP_NET_ADMIN capability could have lead to root access
(bsc#1191315).
The following non-security bugs were fixed:
- ACPI: NFIT: Use fallback node id when numa info in NFIT table is
incorrect (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254
(git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity
(git-fixes).
- ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560
laptop (git-fixes).
- ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo
13s Gen2 (git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
(git-fixes).
- ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i
15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda: intel: Allow repeatedly probing on codec configuration errors
(bsc#1190801).
- ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl
(git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER
(git-fixes).
- ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).
- ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for
the matching in-/output (git-fixes).
- ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).
- ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types
(git-fixes).
- ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types
(git-fixes).
- ASoC: SOF: loader: release_firmware() on load failure to avoid batching
(git-fixes).
- ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).
- ASoC: dapm: use component prefix when checking widget names (git-fixes).
- ASoC: fsl_spdif: register platform component before registering cpu dai
(git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- Configure mpi3mr as currently unsupported (jsc#SLE-18120)
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
(git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
(git-fixes).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1156395).
- KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936
git-fixes).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
(git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
(git-fixes).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page
cache (bsc#1191628).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes).
- PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails
(git-fixes).
- PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent
(git-fixes).
- PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes).
- PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes).
- RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147).
- RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure
(bsc#1181147).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules
(git-fixes).
- bfq: Remove merged request already in bfq_requests_merged()
(bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem()
(jsc#SLE-16649).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(git-fixes).
- bpf: Fix OOB read when printing XDP link fdinfo (git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of "meta" errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when
mounting (bsc#1192040).
- cfg80211: correct bridge/4addr mode check (git-fixes).
- cfg80211: fix management registrations locking (git-fixes).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614
bsc#1176914 ltc#186394 git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read
(git-fixes).
- drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: *
context changes in intel_timeline_fini()
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
- drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes).
- drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows
(git-fixes).
- drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472)
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- drm/panfrost: Make sure MMU context lifetime is not bound to
(bsc#1152472)
- drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes).
- e1000e: Drop patch to avoid regressions until real fix is available
(bsc#1191663).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1191449).
- gpio: pca953x: Improve bias setting (git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
- ice: fix getting UDP tunnel entry (jsc#SLE-12878).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
(git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
(git-fixes).
- iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15
(git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kABI workaround for HD-audio probe retry changes (bsc#1190801).
- kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167
bsc#1191240 ltc#194716).
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as
well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating
(bsc#1189841).")
- kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
(git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/mlx5: E-Switch, Fix double allocation of acl flow counter
(jsc#SLE-15172).
- net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172).
- net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and
LRO combined (jsc#SLE-15172).
- net/sched: ets: fix crash when flipping from 'strict' to 'quantum'
(bsc#1176774).
- net: batman-adv: fix error handling (git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- net: hns3: check queue id range before using (jsc#SLE-14777).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
(git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191800).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
(git-fixes).
- netfilter: Drop fragmented ndisc packets assembled in netfilter
(git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has
garbage value (bsc#1176447).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- nvme: add command id quirk for apple controllers (git-fixes).
- ocfs2: fix data corruption after conversion from inline format
(bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
(git-fixes).
- platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes
(git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes).
- powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847
git-fixes).
- powerpc/64s: Fix stf mitigation patching w/strict RWX & hash
(jsc#SLE-13847 git-fixes).
- powerpc/64s: Remove irq mask workaround in accumulate_stolen_time()
(jsc#SLE-9246 git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable
code in tests (jsc#SLE-13847 git-fixes).
- powerpc/lib/code-patching: Make instr_is_branch_to_addr() static
(jsc#SLE-13847 git-fixes).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
git-fixes).
- powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100
ltc#190257 git-fixes).
- powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2
(jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Set numa node before updating mask (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615
bsc#1180100 ltc#190257 git-fixes).
- powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847
git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(bsc#1085030 git-fixes).
- powerpc: Do not dereference code as 'struct ppc_inst' (uprobe,
code-patching, feature-fixups) (jsc#SLE-13847 git-fixes).
- powerpc: Do not use 'struct ppc_inst' to reference instruction location
(jsc#SLE-13847 git-fixes).
- powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100
ltc#190257 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: fix kmp install path
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867
ltc#194757).
- scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim
(git-fixes).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
(bsc#1192145).
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before
devloss (bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status
change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference
(bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
(bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host
sg_reset (bsc#1192145).
- scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120).
- scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120).
- scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120).
- scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120).
- scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120).
- scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120).
- scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120).
- scsi: mpi3mr: Add support for device add/remove event handling
(jsc#SLE-18120).
- scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120).
- scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120).
- scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120).
- scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120).
- scsi: mpi3mr: Add support for timestamp sync with firmware
(jsc#SLE-18120).
- scsi: mpi3mr: Additional event handling (jsc#SLE-18120).
- scsi: mpi3mr: Allow certain commands during pci-remove hook
(jsc#SLE-18120).
- scsi: mpi3mr: Base driver code (jsc#SLE-18120).
- scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120).
- scsi: mpi3mr: Create operational request and reply queue pair
(jsc#SLE-18120).
- scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes).
- scsi: mpi3mr: Fix missing unlock on error (git-fixes).
- scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives
(jsc#SLE-18120).
- scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120).
- scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120).
- scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120).
- scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(jsc#SLE-18120).
- scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI
(jsc#SLE-18120).
- scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O
timeout (jsc#SLE-18120).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair
(bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
(bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
(bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
(bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
(bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req
(bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
(bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
(bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: target: Fix the pgr/alua_support_store functions (git-fixes).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum
workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting
(bsc#1065729).
- usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
(bsc#1152489).
- x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0]
(bsc#1178134).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: Fixed non-directory creation in SGID directories introduced by
CVE-2018-13405 patch (bsc#1190006).
- xfs: ensure that the inode uid/gid match values match the icdinode ones
(bsc#1190006).
- xfs: fix I_DONTCACHE (bsc#1192074).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
(bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller
(git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command
(git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3641=1
Package List:
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-38.28.2
cluster-md-kmp-azure-debuginfo-5.3.18-38.28.2
dlm-kmp-azure-5.3.18-38.28.2
dlm-kmp-azure-debuginfo-5.3.18-38.28.2
gfs2-kmp-azure-5.3.18-38.28.2
gfs2-kmp-azure-debuginfo-5.3.18-38.28.2
kernel-azure-5.3.18-38.28.2
kernel-azure-debuginfo-5.3.18-38.28.2
kernel-azure-debugsource-5.3.18-38.28.2
kernel-azure-devel-5.3.18-38.28.2
kernel-azure-devel-debuginfo-5.3.18-38.28.2
kernel-azure-extra-5.3.18-38.28.2
kernel-azure-extra-debuginfo-5.3.18-38.28.2
kernel-azure-livepatch-devel-5.3.18-38.28.2
kernel-azure-optional-5.3.18-38.28.2
kernel-azure-optional-debuginfo-5.3.18-38.28.2
kernel-syms-azure-5.3.18-38.28.1
kselftests-kmp-azure-5.3.18-38.28.2
kselftests-kmp-azure-debuginfo-5.3.18-38.28.2
ocfs2-kmp-azure-5.3.18-38.28.2
ocfs2-kmp-azure-debuginfo-5.3.18-38.28.2
reiserfs-kmp-azure-5.3.18-38.28.2
reiserfs-kmp-azure-debuginfo-5.3.18-38.28.2
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-38.28.2
kernel-source-azure-5.3.18-38.28.2
References:
https://www.suse.com/security/cve/CVE-2021-33033.html
https://www.suse.com/security/cve/CVE-2021-34866.html
https://www.suse.com/security/cve/CVE-2021-3542.html
https://www.suse.com/security/cve/CVE-2021-3655.html
https://www.suse.com/security/cve/CVE-2021-3715.html
https://www.suse.com/security/cve/CVE-2021-3760.html
https://www.suse.com/security/cve/CVE-2021-3772.html
https://www.suse.com/security/cve/CVE-2021-3896.html
https://www.suse.com/security/cve/CVE-2021-41864.html
https://www.suse.com/security/cve/CVE-2021-42008.html
https://www.suse.com/security/cve/CVE-2021-42252.html
https://www.suse.com/security/cve/CVE-2021-42739.html
https://www.suse.com/security/cve/CVE-2021-43056.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1173604
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176774
https://bugzilla.suse.com/1176914
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1180100
https://bugzilla.suse.com/1181147
https://bugzilla.suse.com/1184673
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1186063
https://bugzilla.suse.com/1186109
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1188563
https://bugzilla.suse.com/1189841
https://bugzilla.suse.com/1190006
https://bugzilla.suse.com/1190067
https://bugzilla.suse.com/1190349
https://bugzilla.suse.com/1190351
https://bugzilla.suse.com/1190479
https://bugzilla.suse.com/1190620
https://bugzilla.suse.com/1190642
https://bugzilla.suse.com/1190795
https://bugzilla.suse.com/1190801
https://bugzilla.suse.com/1190941
https://bugzilla.suse.com/1191229
https://bugzilla.suse.com/1191240
https://bugzilla.suse.com/1191241
https://bugzilla.suse.com/1191315
https://bugzilla.suse.com/1191317
https://bugzilla.suse.com/1191349
https://bugzilla.suse.com/1191384
https://bugzilla.suse.com/1191449
https://bugzilla.suse.com/1191450
https://bugzilla.suse.com/1191451
https://bugzilla.suse.com/1191452
https://bugzilla.suse.com/1191455
https://bugzilla.suse.com/1191456
https://bugzilla.suse.com/1191628
https://bugzilla.suse.com/1191645
https://bugzilla.suse.com/1191663
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1191800
https://bugzilla.suse.com/1191867
https://bugzilla.suse.com/1191934
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1192040
https://bugzilla.suse.com/1192041
https://bugzilla.suse.com/1192074
https://bugzilla.suse.com/1192107
https://bugzilla.suse.com/1192145
1
0
openSUSE-SU-2021:3634-1: moderate: Security update for rubygem-activerecord-5_1
by opensuse-security@opensuse.org 09 Nov '21
by opensuse-security@opensuse.org 09 Nov '21
09 Nov '21
openSUSE Security Update: Security update for rubygem-activerecord-5_1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3634-1
Rating: moderate
References: #1182169
Cross-References: CVE-2021-22880
CVSS scores:
CVE-2021-22880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-22880 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-activerecord-5_1 fixes the following issues:
- CVE-2021-22880: Fixed possible DoS vector in PostgreSQL money type
(bsc#1182169).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3634=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-activerecord-5_1-5.1.4-5.3.3
References:
https://www.suse.com/security/cve/CVE-2021-22880.html
https://bugzilla.suse.com/1182169
1
0
openSUSE-SU-2021:1462-1: important: Security update for chromium
by opensuse-security@opensuse.org 08 Nov '21
by opensuse-security@opensuse.org 08 Nov '21
08 Nov '21
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1462-1
Rating: important
References: #1192184
Cross-References: CVE-2021-37997 CVE-2021-37998 CVE-2021-37999
CVE-2021-38000 CVE-2021-38001 CVE-2021-38002
CVE-2021-38003
Affected Products:
openSUSE Leap 15.2
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 7 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 95.0.4638.69 (boo#1192184):
* CVE-2021-37997: Use after free in Sign-In
* CVE-2021-37998: Use after free in Garbage Collection
* CVE-2021-37999: Insufficient data validation in New Tab Page
* CVE-2021-38000: Insufficient validation of untrusted input in Intents
* CVE-2021-38001: Type Confusion in V8
* CVE-2021-38002: Use after free in Web Transport
* CVE-2021-38003: Inappropriate implementation in V8
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1462=1
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2021-1462=1
Package List:
- openSUSE Leap 15.2 (x86_64):
chromedriver-95.0.4638.69-lp152.2.138.1
chromedriver-debuginfo-95.0.4638.69-lp152.2.138.1
chromium-95.0.4638.69-lp152.2.138.1
chromium-debuginfo-95.0.4638.69-lp152.2.138.1
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-95.0.4638.69-bp153.2.40.3
chromium-95.0.4638.69-bp153.2.40.3
References:
https://www.suse.com/security/cve/CVE-2021-37997.html
https://www.suse.com/security/cve/CVE-2021-37998.html
https://www.suse.com/security/cve/CVE-2021-37999.html
https://www.suse.com/security/cve/CVE-2021-38000.html
https://www.suse.com/security/cve/CVE-2021-38001.html
https://www.suse.com/security/cve/CVE-2021-38002.html
https://www.suse.com/security/cve/CVE-2021-38003.html
https://bugzilla.suse.com/1192184
1
0
openSUSE-SU-2021:1460-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 08 Nov '21
by opensuse-security@opensuse.org 08 Nov '21
08 Nov '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1460-1
Rating: important
References: #1065729 #1085030 #1100416 #1129735 #1152489
#1154353 #1156395 #1157177 #1167773 #1172073
#1173604 #1176940 #1184673 #1185762 #1186109
#1187167 #1188563 #1188876 #1188983 #1188985
#1189841 #1190006 #1190067 #1190349 #1190351
#1190479 #1190620 #1190642 #1190795 #1190941
#1191229 #1191238 #1191241 #1191315 #1191317
#1191343 #1191349 #1191384 #1191449 #1191450
#1191451 #1191452 #1191455 #1191456 #1191628
#1191731 #1191800 #1191934 #1191958 #1192036
#1192040 #1192041 #1192107 #1192145 #1192267
Cross-References: CVE-2018-13405 CVE-2021-33033 CVE-2021-34556
CVE-2021-3542 CVE-2021-35477 CVE-2021-3655
CVE-2021-3715 CVE-2021-3760 CVE-2021-3772
CVE-2021-3896 CVE-2021-41864 CVE-2021-42008
CVE-2021-42252 CVE-2021-42739 CVE-2021-43056
CVSS scores:
CVE-2018-13405 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2018-13405 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3772 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 40 fixes
is now available.
Description:
The openSUSE Leap 15.2 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed
local users to create files with an unintended group ownership, in a
scenario where a directory is SGID to a certain group and is writable by
a user who is not a member of that group. Here, the non-member can
trigger creation of a plain file whose group ownership is that group.
The intended behavior was that the non-member can trigger creation of a
directory (but not a plain file) whose group ownership is that group.
The non-member can escalate privileges by making the plain file
executable and SGID (bnc#1100416 bnc#1129735).
- CVE-2021-33033: The Linux kernel had a use-after-free in cipso_v4_genopt
in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for
the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to
writing an arbitrary value (bnc#1186109 bnc#1188876).
- CVE-2021-34556: An unprivileged BPF program can obtain sensitive
information from kernel memory via a Speculative Store Bypass
side-channel attack because the protection mechanism neglects the
possibility of uninitialized memory locations on the BPF stack
(bnc#1188983).
- CVE-2021-35477: An unprivileged BPF program can obtain sensitive
information from kernel memory via a Speculative Store Bypass
side-channel attack because a certain preempting store operation did not
necessarily occur before a store operation that has an
attacker-controlled value (bnc#1188985).
- CVE-2021-3655: Missing size validations on inbound SCTP packets may have
allowed the kernel to read uninitialized memory (bnc#1188563
bnc#1192267).
- CVE-2021-3715: Fixed a use-after-free in route4_change() in
net/sched/cls_route.c (bsc#1190349).
- CVE-2021-3760: Fixed a use-after-free vulnerability with the
ndev->rf_conn_info object (bsc#1190067).
- CVE-2021-3772: Invalid chunks may be used to remotely remove existing
associations (bsc#1190351).
- CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in
drivers/isdn/capi/kcapi.c (bsc#1191958).
- CVE-2021-41864: prealloc_elems_and_freelist in kernel/bpf/stackmap.c
allowed unprivileged users to trigger an eBPF multiplication integer
overflow with a resultant out-of-bounds write (bnc#1191317).
- CVE-2021-42008: The decode_data function in drivers/net/hamradio/6pack.c
had a slab out-of-bounds write. Input from a process that has the
CAP_NET_ADMIN capability can lead to root access (bnc#1191315).
- CVE-2021-42252: An issue was discovered in aspeed_lpc_ctrl_mmap in
drivers/soc/aspeed/aspeed-lpc-ctrl.c where local attackers were able to
access the Aspeed LPC control interface could overwrite memory in the
kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This
occurs because a certain comparison uses values that are not memory
sizes (bnc#1190479).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bnc#1184673 bnc#1192036).
- CVE-2021-42739: The firewire subsystem had a buffer overflow related to
drivers/media/firewire/firedtv-avc.c and
drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled
bounds checking (bsc#1184673).
- CVE-2021-43056: It allowed a malicious KVM guest to crash the host, when
the host is running on Power8, due to an
arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the
handling of the SRR1 register values (bnc#1192107).
The following non-security bugs were fixed:
- acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes).
- ACPI: bgrt: Fix CFI violation (git-fixes).
- ACPI: fix NULL pointer dereference (git-fixes).
- ACPI: Use DEVICE_ATTR_<RW|RO|WO> macros (git-fixes).
- Add cherry-picked commit id to the usb hso fix (git-fixes)
- Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).
- ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).
- ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).
- ALSA: hda/realtek: Complete partial device name to avoid ambiguity
(git-fixes).
- ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW
(git-fixes).
- ALSA: seq: Fix a potential UAF by wrong private_free call order
(git-fixes).
- ALSA: usb-audio: Add quirk for VF0770 (git-fixes).
- ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).
- ASoC: DAPM: Fix missing kctl change notifications (git-fixes).
- ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).
- ata: ahci_platform: fix null-ptr-deref in
ahci_platform_enable_regulators() (git-fixes).
- ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init()
(git-fixes).
- audit: fix possible null-pointer dereference in audit_filter_rules
(git-fixes).
- bfq: Remove merged request already in bfq_requests_merged()
(bsc#1191456).
- blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456).
- blktrace: Fix uaf in blk_trace access after removing by sysfs
(bsc#1191452).
- block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451).
- bnxt_en: Fix TX timeout when TX ring size is set to the smallest
(git-fixes).
- bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h
(git-fixes).
- bpf: Fix a typo of reuseport map in bpf.h (git-fixes).
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes).
- can: dev: can_restart: fix use after free bug (git-fixes).
- can: peak_pci: peak_pci_remove(): fix UAF (git-fixes).
- can: peak_usb: fix use after free bugs (git-fixes).
- can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE
state notification (git-fixes).
- can: rcar_can: fix suspend/resume (git-fixes).
- can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in
error path (git-fixes).
- can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes).
- cb710: avoid NULL pointer subtraction (git-fixes).
- ceph: fix handling of "meta" errors (bsc#1192041).
- ceph: skip existing superblocks that are blocklisted or shut down when
mounting (bsc#1192040).
- cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes).
- drm/amd/display: Pass PCI deviceid into DC (git-fixes).
- drm/amdgpu: fix gart.bo pin_count leak (git-fixes).
- drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes).
- drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling
(git-fixes).
- drm/msm: Fix null pointer dereference on pointer edp (git-fixes).
- drm/nouveau/debugfs: fix file release memory leak (git-fixes).
- drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes).
- e1000e: Fix packet loss on Tiger Lake and later (git-fixes).
- e100: fix buffer overrun in e100_get_regs (git-fixes).
- e100: fix length calculation in e100_get_regs_len (git-fixes).
- e100: handle eeprom as little endian (git-fixes).
- ext4: fix reserved space counter leakage (bsc#1191450).
- ext4: report correct st_size for encrypted symlinks (bsc#1191449).
- fscrypt: add fscrypt_symlink_getattr() for computing st_size
(bsc#1191449).
- fs, mm: fix race in unlinking swapfile (bsc#1191455).
- gpio: pca953x: Improve bias setting (git-fixes).
- gve: Avoid freeing NULL pointer (git-fixes).
- gve: Correct available tx qpl check (git-fixes).
- gve: fix gve_get_stats() (git-fixes).
- gve: Properly handle errors in gve_assign_qpl (bsc#1176940).
- gve: report 64bit tx_bytes counter from gve_handle_report_stats()
(bsc#1176940).
- HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS
(git-fixes).
- HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).
- HID: u2fzero: ignore incomplete packets without data (git-fixes).
- HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).
- HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs
(git-fixes).
- hso: fix bailout in error case of probe (git-fixes).
- i2c: acpi: fix resource leak in reconfiguration device addition
(git-fixes).
- i40e: Fix ATR queue selection (git-fixes).
- i40e: fix endless loop under rtnl (git-fixes).
- i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes).
- iavf: fix double unlock of crit_lock (git-fixes).
- ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177).
- ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).
- iio: adc128s052: Fix the error handling path of 'adc128_probe()'
(git-fixes).
- iio: adc: aspeed: set driver data when adc probe (git-fixes).
- iio: dac: ti-dac5571: fix an error code in probe() (git-fixes).
- iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes).
- iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes).
- iio: ssp_sensors: add more range checking in ssp_parse_dataframe()
(git-fixes).
- iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes).
- Input: snvs_pwrkey - add clk handling (git-fixes).
- Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).
- ionic: do not remove netdev->dev_addr when syncing uc list (bsc#1167773).
- ipv6/netfilter: Discard first fragment not including all headers
(bsc#1191241).
- IPv6: reply ICMP error if the first fragment do not include all headers
(bsc#1191241).
- isdn: cpai: check ctr->cnr to avoid array index out of bound (git-fixes).
- isdn: mISDN: Fix sleeping function called from invalid context
(git-fixes).
- ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes).
- kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456).
- kernel-binary.spec: Do not sign kernel when no key provided
(bsc#1187167).
- KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest
SPRs are live (bsc#1156395).
- KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state
(bsc#1156395).
- KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).
- KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing
registers (bsc#1156395).
- KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).
- KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).
- lan78xx: select CRC32 (git-fixes).
- libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD
(git-fixes).
- mac80211: check return value of rhashtable_init (git-fixes).
- mac80211: Drop frames from invalid MAC address in ad-hoc mode
(git-fixes).
- mei: me: add Ice Lake-N device id (git-fixes).
- mlx5: count all link events (git-fixes).
- mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes).
- mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes).
- mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk
(git-fixes).
- mmc: vub300: fix control-message timeouts (git-fixes).
- net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353).
- net: batman-adv: fix error handling (git-fixes).
- net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size()
(git-fixes).
- net: can: ems_usb: fix use-after-free in ems_usb_disconnect()
(git-fixes).
- net: cdc_eem: fix tx fixup skb leak (git-fixes).
- net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes).
- netfilter: conntrack: collect all entries in one cycle (bsc#1173604).
- net: hns3: fix vf reset workqueue cannot exit (bsc#1154353).
- net: hso: add failure handler for add_net_device (git-fixes).
- net: hso: fix NULL-deref on disconnect regression (git-fixes).
- net: hso: fix null-ptr-deref during tty device unregistration
(git-fixes).
- net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241).
- net: lan78xx: fix division by zero in send path (git-fixes).
- net: mana: Fix error handling in mana_create_rxq() (git-fixes,
bsc#1191800).
- net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes).
- net/mlx4_en: Resolve bad operstate value (git-fixes).
- net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464).
- net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes).
- net: usb: Fix uninit-was-stored issue in asix_read_phy_addr()
(git-fixes).
- NFC: digital: fix possible memory leak in digital_in_send_sdd_req()
(git-fixes).
- NFC: digital: fix possible memory leak in digital_tg_listen_mdaa()
(git-fixes).
- nfc: fix error handling of nfc_proto_register() (git-fixes).
- nfc: port100: fix using -ERRNO as command type mask (git-fixes).
- NFS: Do uncached readdir when we're seeking a cookie in an empty page
cache (bsc#1191628).
- nvme: add command id quirk for apple controllers (git-fixes).
- nvme-fc: avoid race between time out and tear down (bsc#1185762).
- nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762).
- nvme-fc: update hardware queues before using them (bsc#1185762).
- nvme-pci: Fix abort command id (git-fixes).
- nvme-pci: fix error unwind in nvme_map_data (bsc#1191934).
- nvme-pci: refactor nvme_unmap_data (bsc#1191934).
- ocfs2: fix data corruption after conversion from inline format
(bsc#1190795).
- pata_legacy: fix a couple uninitialized variable bugs (git-fixes).
- PCI: Fix pci_host_bridge struct device release/free handling (git-fixes).
- phy: mdio: fix memory leak (git-fixes).
- platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call
(git-fixes).
- platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from
run_smbios_call (git-fixes).
- platform/x86: intel_scu_ipc: Update timeout value in comment (git-fixes).
- powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729).
- powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729).
- powerpc/bpf: Use bctrl for making function calls (bsc#1065729).
- powerpc/lib: Fix emulate_step() std test (bsc#1065729).
- powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498
git-fixes).
- powerpc/xive: Discard disabled interrupts in get_irqchip_state()
(bsc#1085030 git-fixes).
- pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init
(git-fixes).
- ptp_pch: Load module automatically if ID matches (git-fixes).
- ptp_pch: Restore dependency on PCI (git-fixes).
- qed: Fix missing error code in qed_slowpath_start() (git-fixes).
- qed: Handle management FW error (git-fixes).
- qed: rdma - do not wait for resources under hw error recovery flow
(git-fixes).
- regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes).
- rpm: use _rpmmacrodir (boo#1191384)
- scsi: lpfc: Allow fabric node recovery if recovery is in progress before
devloss (bsc#1192145).
- scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted
(bsc#1192145).
- scsi: lpfc: Correct sysfs reporting of loop support after SFP status
change (bsc#1192145).
- scsi: lpfc: Fix link down processing to address NULL pointer dereference
(bsc#1192145).
- scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling
(bsc#1191349).
- scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145).
- scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to
driver_resource_setup() (bsc#1192145).
- scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145).
- scsi: lpfc: Wait for successful restart of SLI3 adapter during host
sg_reset (bsc#1192145).
- scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941).
- scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941).
- scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941).
- scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941).
- scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941).
- scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941).
- scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS
(bsc#1190941).
- scsi: qla2xxx: Check for firmware capability before creating QPair
(bsc#1190941).
- scsi: qla2xxx: Display 16G only as supported speeds for 3830c card
(bsc#1190941).
- scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset
(bsc#1190941).
- scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941).
- scsi: qla2xxx: edif: Do secure PLOGI when auth app is present
(bsc#1190941).
- scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941).
- scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941).
- scsi: qla2xxx: edif: Fix stale session (bsc#1190941).
- scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941).
- scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941).
- scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941).
- scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941).
- scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941).
- scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941).
- scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file
(bsc#1190941).
- scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941).
- scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941).
- scsi: qla2xxx: Fix NVMe retry (bsc#1190941).
- scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941).
- scsi: qla2xxx: Fix port type info (bsc#1190941).
- scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941).
- scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941).
- scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue
(bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941).
- scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941).
- scsi: qla2xxx: Remove redundant initialization of pointer req
(bsc#1190941).
- scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941).
- scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941).
- scsi: qla2xxx: Suppress unnecessary log messages during login
(bsc#1190941).
- scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941).
- scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941).
- scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request
(bsc#1190941).
- sctp: check asoc peer.asconf_capable before processing asconf
(bsc#1190351).
- soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes).
- spi: spi-nxp-fspi: do not depend on a specific node name erratum
workaround (git-fixes).
- tpm: ibmvtpm: Avoid error message when process gets signal while waiting
(bsc#1065729).
- USB: cdc-acm: clean up probe error labels (git-fixes).
- USB: cdc-acm: fix minor-number release (git-fixes).
- usb: hso: fix error handling code of hso_create_net_device (git-fixes).
- usb: hso: remove the bailout parameter (git-fixes).
- usb: musb: dsps: Fix the probe error path (git-fixes).
- USB: serial: option: add prod. id for Quectel EG91 (git-fixes).
- USB: serial: option: add Quectel EC200S-CN module support (git-fixes).
- USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes).
- USB: serial: qcserial: add EM9191 QDL support (git-fixes).
- USB: xhci: dbc: fix tty registration race (git-fixes).
- video: fbdev: gbefb: Only instantiate device when built for IP32
(git-fixes).
- virtio: write back F_VERSION_1 before validate (git-fixes).
- watchdog: orion: use 0 for unset heartbeat (git-fixes).
- x86/pat: Pass valid address to sanitize_phys() (bsc#1152489).
- x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions
(bsc#1152489).
- x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails
(bsc#1152489).
- xen: fix setting of max_pfn in shared_info (git-fixes).
- xen: reset legacy rtc flag for PV domU (git-fixes).
- xfs: ensure that the inode uid/gid match values match the icdinode ones
(bsc#1190006).
- xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes
(bsc#1190642).
- xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006).
- xfs: remove the icdinode di_uid/di_gid members (bsc#1190006).
- xhci: Enable trust tx length quirk for Fresco FL11 USB controller
(git-fixes).
- xhci: Fix command ring pointer corruption while aborting a command
(git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
- xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1460=1
Package List:
- openSUSE Leap 15.2 (noarch):
kernel-devel-5.3.18-lp152.98.1
kernel-docs-5.3.18-lp152.98.1
kernel-docs-html-5.3.18-lp152.98.1
kernel-macros-5.3.18-lp152.98.1
kernel-source-5.3.18-lp152.98.1
kernel-source-vanilla-5.3.18-lp152.98.1
- openSUSE Leap 15.2 (x86_64):
kernel-debug-5.3.18-lp152.98.1
kernel-debug-debuginfo-5.3.18-lp152.98.1
kernel-debug-debugsource-5.3.18-lp152.98.1
kernel-debug-devel-5.3.18-lp152.98.1
kernel-debug-devel-debuginfo-5.3.18-lp152.98.1
kernel-default-5.3.18-lp152.98.1
kernel-default-base-5.3.18-lp152.98.1.lp152.8.46.1
kernel-default-base-rebuild-5.3.18-lp152.98.1.lp152.8.46.1
kernel-default-debuginfo-5.3.18-lp152.98.1
kernel-default-debugsource-5.3.18-lp152.98.1
kernel-default-devel-5.3.18-lp152.98.1
kernel-default-devel-debuginfo-5.3.18-lp152.98.1
kernel-kvmsmall-5.3.18-lp152.98.1
kernel-kvmsmall-debuginfo-5.3.18-lp152.98.1
kernel-kvmsmall-debugsource-5.3.18-lp152.98.1
kernel-kvmsmall-devel-5.3.18-lp152.98.1
kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.98.1
kernel-obs-build-5.3.18-lp152.98.1
kernel-obs-build-debugsource-5.3.18-lp152.98.1
kernel-obs-qa-5.3.18-lp152.98.1
kernel-preempt-5.3.18-lp152.98.1
kernel-preempt-debuginfo-5.3.18-lp152.98.1
kernel-preempt-debugsource-5.3.18-lp152.98.1
kernel-preempt-devel-5.3.18-lp152.98.1
kernel-preempt-devel-debuginfo-5.3.18-lp152.98.1
kernel-syms-5.3.18-lp152.98.1
References:
https://www.suse.com/security/cve/CVE-2018-13405.html
https://www.suse.com/security/cve/CVE-2021-33033.html
https://www.suse.com/security/cve/CVE-2021-34556.html
https://www.suse.com/security/cve/CVE-2021-3542.html
https://www.suse.com/security/cve/CVE-2021-35477.html
https://www.suse.com/security/cve/CVE-2021-3655.html
https://www.suse.com/security/cve/CVE-2021-3715.html
https://www.suse.com/security/cve/CVE-2021-3760.html
https://www.suse.com/security/cve/CVE-2021-3772.html
https://www.suse.com/security/cve/CVE-2021-3896.html
https://www.suse.com/security/cve/CVE-2021-41864.html
https://www.suse.com/security/cve/CVE-2021-42008.html
https://www.suse.com/security/cve/CVE-2021-42252.html
https://www.suse.com/security/cve/CVE-2021-42739.html
https://www.suse.com/security/cve/CVE-2021-43056.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1085030
https://bugzilla.suse.com/1100416
https://bugzilla.suse.com/1129735
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1157177
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1172073
https://bugzilla.suse.com/1173604
https://bugzilla.suse.com/1176940
https://bugzilla.suse.com/1184673
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1186109
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1188563
https://bugzilla.suse.com/1188876
https://bugzilla.suse.com/1188983
https://bugzilla.suse.com/1188985
https://bugzilla.suse.com/1189841
https://bugzilla.suse.com/1190006
https://bugzilla.suse.com/1190067
https://bugzilla.suse.com/1190349
https://bugzilla.suse.com/1190351
https://bugzilla.suse.com/1190479
https://bugzilla.suse.com/1190620
https://bugzilla.suse.com/1190642
https://bugzilla.suse.com/1190795
https://bugzilla.suse.com/1190941
https://bugzilla.suse.com/1191229
https://bugzilla.suse.com/1191238
https://bugzilla.suse.com/1191241
https://bugzilla.suse.com/1191315
https://bugzilla.suse.com/1191317
https://bugzilla.suse.com/1191343
https://bugzilla.suse.com/1191349
https://bugzilla.suse.com/1191384
https://bugzilla.suse.com/1191449
https://bugzilla.suse.com/1191450
https://bugzilla.suse.com/1191451
https://bugzilla.suse.com/1191452
https://bugzilla.suse.com/1191455
https://bugzilla.suse.com/1191456
https://bugzilla.suse.com/1191628
https://bugzilla.suse.com/1191731
https://bugzilla.suse.com/1191800
https://bugzilla.suse.com/1191934
https://bugzilla.suse.com/1191958
https://bugzilla.suse.com/1192036
https://bugzilla.suse.com/1192040
https://bugzilla.suse.com/1192041
https://bugzilla.suse.com/1192107
https://bugzilla.suse.com/1192145
https://bugzilla.suse.com/1192267
1
0
openSUSE-SU-2021:1461-1: important: Security update for qemu
by opensuse-security@opensuse.org 08 Nov '21
by opensuse-security@opensuse.org 08 Nov '21
08 Nov '21
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1461-1
Rating: important
References: #1189234 #1189702 #1189938 #1190425
Cross-References: CVE-2021-3713 CVE-2021-3748
CVSS scores:
CVE-2021-3713 (SUSE): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-3748 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves two vulnerabilities and has two fixes
is now available.
Description:
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3713: Fix out-of-bounds write in UAS (USB Attached SCSI) device
emulation (bsc#1189702)
- CVE-2021-3748: Fix heap use-after-free in virtio_net_receive_rcu
(bsc#1189938)
Non-security issues fixed:
- Add transfer length item in block limits page of scsi vpd (bsc#1190425)
- Fix qemu crash while deleting xen-block (bsc#1189234)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1461=1
Package List:
- openSUSE Leap 15.2 (x86_64):
qemu-4.2.1-lp152.9.23.1
qemu-arm-4.2.1-lp152.9.23.1
qemu-arm-debuginfo-4.2.1-lp152.9.23.1
qemu-audio-alsa-4.2.1-lp152.9.23.1
qemu-audio-alsa-debuginfo-4.2.1-lp152.9.23.1
qemu-audio-pa-4.2.1-lp152.9.23.1
qemu-audio-pa-debuginfo-4.2.1-lp152.9.23.1
qemu-audio-sdl-4.2.1-lp152.9.23.1
qemu-audio-sdl-debuginfo-4.2.1-lp152.9.23.1
qemu-block-curl-4.2.1-lp152.9.23.1
qemu-block-curl-debuginfo-4.2.1-lp152.9.23.1
qemu-block-dmg-4.2.1-lp152.9.23.1
qemu-block-dmg-debuginfo-4.2.1-lp152.9.23.1
qemu-block-gluster-4.2.1-lp152.9.23.1
qemu-block-gluster-debuginfo-4.2.1-lp152.9.23.1
qemu-block-iscsi-4.2.1-lp152.9.23.1
qemu-block-iscsi-debuginfo-4.2.1-lp152.9.23.1
qemu-block-nfs-4.2.1-lp152.9.23.1
qemu-block-nfs-debuginfo-4.2.1-lp152.9.23.1
qemu-block-rbd-4.2.1-lp152.9.23.1
qemu-block-rbd-debuginfo-4.2.1-lp152.9.23.1
qemu-block-ssh-4.2.1-lp152.9.23.1
qemu-block-ssh-debuginfo-4.2.1-lp152.9.23.1
qemu-debuginfo-4.2.1-lp152.9.23.1
qemu-debugsource-4.2.1-lp152.9.23.1
qemu-extra-4.2.1-lp152.9.23.1
qemu-extra-debuginfo-4.2.1-lp152.9.23.1
qemu-guest-agent-4.2.1-lp152.9.23.1
qemu-guest-agent-debuginfo-4.2.1-lp152.9.23.1
qemu-ksm-4.2.1-lp152.9.23.1
qemu-kvm-4.2.1-lp152.9.23.1
qemu-lang-4.2.1-lp152.9.23.1
qemu-linux-user-4.2.1-lp152.9.23.1
qemu-linux-user-debuginfo-4.2.1-lp152.9.23.1
qemu-linux-user-debugsource-4.2.1-lp152.9.23.1
qemu-ppc-4.2.1-lp152.9.23.1
qemu-ppc-debuginfo-4.2.1-lp152.9.23.1
qemu-s390-4.2.1-lp152.9.23.1
qemu-s390-debuginfo-4.2.1-lp152.9.23.1
qemu-testsuite-4.2.1-lp152.9.23.1
qemu-tools-4.2.1-lp152.9.23.1
qemu-tools-debuginfo-4.2.1-lp152.9.23.1
qemu-ui-curses-4.2.1-lp152.9.23.1
qemu-ui-curses-debuginfo-4.2.1-lp152.9.23.1
qemu-ui-gtk-4.2.1-lp152.9.23.1
qemu-ui-gtk-debuginfo-4.2.1-lp152.9.23.1
qemu-ui-sdl-4.2.1-lp152.9.23.1
qemu-ui-sdl-debuginfo-4.2.1-lp152.9.23.1
qemu-ui-spice-app-4.2.1-lp152.9.23.1
qemu-ui-spice-app-debuginfo-4.2.1-lp152.9.23.1
qemu-vhost-user-gpu-4.2.1-lp152.9.23.1
qemu-vhost-user-gpu-debuginfo-4.2.1-lp152.9.23.1
qemu-x86-4.2.1-lp152.9.23.1
qemu-x86-debuginfo-4.2.1-lp152.9.23.1
- openSUSE Leap 15.2 (noarch):
qemu-ipxe-1.0.0+-lp152.9.23.1
qemu-microvm-4.2.1-lp152.9.23.1
qemu-seabios-1.12.1+-lp152.9.23.1
qemu-sgabios-8-lp152.9.23.1
qemu-vgabios-1.12.1+-lp152.9.23.1
References:
https://www.suse.com/security/cve/CVE-2021-3713.html
https://www.suse.com/security/cve/CVE-2021-3748.html
https://bugzilla.suse.com/1189234
https://bugzilla.suse.com/1189702
https://bugzilla.suse.com/1189938
https://bugzilla.suse.com/1190425
1
0
openSUSE-SU-2021:1458-1: important: Security update for transfig
by opensuse-security@opensuse.org 07 Nov '21
by opensuse-security@opensuse.org 07 Nov '21
07 Nov '21
openSUSE Security Update: Security update for transfig
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1458-1
Rating: important
References: #1189325 #1189343 #1189345 #1189346 #1190607
#1190611 #1190612 #1190615 #1190616 #1190617
#1190618 #1192019
Cross-References: CVE-2020-21529 CVE-2020-21530 CVE-2020-21531
CVE-2020-21532 CVE-2020-21533 CVE-2020-21534
CVE-2020-21535 CVE-2020-21680 CVE-2020-21681
CVE-2020-21682 CVE-2020-21683 CVE-2021-32280
CVSS scores:
CVE-2020-21529 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21530 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21531 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21532 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-21533 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-21534 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-21535 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21680 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-21681 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-21682 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-21683 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-32280 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes 12 vulnerabilities is now available.
Description:
This update for transfig fixes the following issues:
Update to fig2dev version 3.2.8 Patchlevel 8b (Aug 2021)
- bsc#1190618, CVE-2020-21529: stack buffer overflow in the bezier_spline
function in genepic.c.
- bsc#1190615, CVE-2020-21530: segmentation fault in the read_objects
function in read.c.
- bsc#1190617, CVE-2020-21531: global buffer overflow in the
conv_pattern_index function in gencgm.c.
- bsc#1190616, CVE-2020-21532: global buffer overflow in the setfigfont
function in genepic.c.
- bsc#1190612, CVE-2020-21533: stack buffer overflow in the
read_textobject function in read.c.
- bsc#1190611, CVE-2020-21534: global buffer overflow in the get_line
function in read.c.
- bsc#1190607, CVE-2020-21535: segmentation fault in the gencgm_start
function in gencgm.c.
- bsc#1192019, CVE-2021-32280: NULL pointer dereference in
compute_closed_spline() in trans_spline.c
This update was imported from the SUSE:SLE-15:Update update project. This
update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-1458=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x):
transfig-3.2.8b-bp152.3.6.2
References:
https://www.suse.com/security/cve/CVE-2020-21529.html
https://www.suse.com/security/cve/CVE-2020-21530.html
https://www.suse.com/security/cve/CVE-2020-21531.html
https://www.suse.com/security/cve/CVE-2020-21532.html
https://www.suse.com/security/cve/CVE-2020-21533.html
https://www.suse.com/security/cve/CVE-2020-21534.html
https://www.suse.com/security/cve/CVE-2020-21535.html
https://www.suse.com/security/cve/CVE-2020-21680.html
https://www.suse.com/security/cve/CVE-2020-21681.html
https://www.suse.com/security/cve/CVE-2020-21682.html
https://www.suse.com/security/cve/CVE-2020-21683.html
https://www.suse.com/security/cve/CVE-2021-32280.html
https://bugzilla.suse.com/1189325
https://bugzilla.suse.com/1189343
https://bugzilla.suse.com/1189345
https://bugzilla.suse.com/1189346
https://bugzilla.suse.com/1190607
https://bugzilla.suse.com/1190611
https://bugzilla.suse.com/1190612
https://bugzilla.suse.com/1190615
https://bugzilla.suse.com/1190616
https://bugzilla.suse.com/1190617
https://bugzilla.suse.com/1190618
https://bugzilla.suse.com/1192019
1
0
openSUSE-SU-2021:1454-1: important: Security update for webkit2gtk3
by opensuse-security@opensuse.org 06 Nov '21
by opensuse-security@opensuse.org 06 Nov '21
06 Nov '21
openSUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1454-1
Rating: important
References: #1191937
Cross-References: CVE-2021-42762
CVSS scores:
CVE-2021-42762 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- CVE-2021-42762: Updated seccomp rules with latest changes from flatpak
(bsc#1191937).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1454=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
libjavascriptcoregtk-4_0-18-2.32.4-lp152.2.22.1
libjavascriptcoregtk-4_0-18-debuginfo-2.32.4-lp152.2.22.1
libwebkit2gtk-4_0-37-2.32.4-lp152.2.22.1
libwebkit2gtk-4_0-37-debuginfo-2.32.4-lp152.2.22.1
typelib-1_0-JavaScriptCore-4_0-2.32.4-lp152.2.22.1
typelib-1_0-WebKit2-4_0-2.32.4-lp152.2.22.1
typelib-1_0-WebKit2WebExtension-4_0-2.32.4-lp152.2.22.1
webkit-jsc-4-2.32.4-lp152.2.22.1
webkit-jsc-4-debuginfo-2.32.4-lp152.2.22.1
webkit2gtk-4_0-injected-bundles-2.32.4-lp152.2.22.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.32.4-lp152.2.22.1
webkit2gtk3-debugsource-2.32.4-lp152.2.22.1
webkit2gtk3-devel-2.32.4-lp152.2.22.1
webkit2gtk3-minibrowser-2.32.4-lp152.2.22.1
webkit2gtk3-minibrowser-debuginfo-2.32.4-lp152.2.22.1
- openSUSE Leap 15.2 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.32.4-lp152.2.22.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.32.4-lp152.2.22.1
libwebkit2gtk-4_0-37-32bit-2.32.4-lp152.2.22.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.32.4-lp152.2.22.1
- openSUSE Leap 15.2 (noarch):
libwebkit2gtk3-lang-2.32.4-lp152.2.22.1
References:
https://www.suse.com/security/cve/CVE-2021-42762.html
https://bugzilla.suse.com/1191937
1
0
openSUSE-SU-2021:1455-1: important: Security update for java-1_8_0-openj9
by opensuse-security@opensuse.org 06 Nov '21
by opensuse-security@opensuse.org 06 Nov '21
06 Nov '21
openSUSE Security Update: Security update for java-1_8_0-openj9
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1455-1
Rating: important
References: #1185055 #1185056 #1188564 #1188565 #1188566
#1191901 #1191903 #1191904 #1191906 #1191909
#1191910 #1191911 #1191912 #1191913 #1191914
Cross-References: CVE-2021-2161 CVE-2021-2163 CVE-2021-2341
CVE-2021-2369 CVE-2021-2388 CVE-2021-35550
CVE-2021-35556 CVE-2021-35559 CVE-2021-35561
CVE-2021-35564 CVE-2021-35565 CVE-2021-35567
CVE-2021-35578 CVE-2021-35586 CVE-2021-35603
CVSS scores:
CVE-2021-2161 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-2161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVE-2021-2388 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-2388 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-35550 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-35550 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35561 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35561 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35565 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35567 (NVD) : 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVE-2021-35567 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVE-2021-35578 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35578 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-35603 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2021-35603 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u312 build 07 with OpenJ9 0.29.0 virtual machine
including Oracle July 2021 and October 2021 CPU changes
- CVE-2021-2161: Fixed incorrect handling of partially quoted arguments in
ProcessBuilder on Windows (bsc#1185056).
- CVE-2021-2163: Fixed incomplete enforcement of JAR signing disabled
algorithms (bsc#1185055).
- CVE-2021-2341: Fixed flaw inside the FtpClient (bsc#1188564).
- CVE-2021-2369: Fixed JAR file handling problem containing multiple
MANIFEST.MF files (bsc#1188565).
- CVE-2021-2388: Fixed flaw inside the Hotspot component performed range
check elimination (bsc#1188566).
- CVE-2021-35550: Fixed weak ciphers preferred over stronger ones for TLS
(bsc#1191901).
- CVE-2021-35556: Fixed excessive memory allocation in RTFParser
(bsc#1191910).
- CVE-2021-35559: Fixed excessive memory allocation in RTFReader
(bsc#1191911).
- CVE-2021-35561: Fixed excessive memory allocation in HashMap and HashSet
(bsc#1191912).
- CVE-2021-35564: Fixed certificates with end dates too far in the future
can corrupt keystore (bsc#1191913).
- CVE-2021-35565: Fixed loop in HttpsServer triggered during TLS session
close (bsc#1191909).
- CVE-2021-35567: Fixed incorrect principal selection when using Kerberos
Constrained Delegation (bsc#1191903).
- CVE-2021-35578: Fixed unexpected exception raised during TLS handshake
(bsc#1191904).
- CVE-2021-35586: Fixed excessive memory allocation in BMPImageReader
(bsc#1191914).
- CVE-2021-35603: Fixed non-constant comparison during TLS handshakes
(bsc#1191906).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1455=1
Package List:
- openSUSE Leap 15.2 (noarch):
java-1_8_0-openj9-javadoc-1.8.0.312-lp152.3.12.1
- openSUSE Leap 15.2 (x86_64):
java-1_8_0-openj9-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-accessibility-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-debuginfo-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-debugsource-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-demo-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-demo-debuginfo-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-devel-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-devel-debuginfo-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-headless-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-headless-debuginfo-1.8.0.312-lp152.3.12.1
java-1_8_0-openj9-src-1.8.0.312-lp152.3.12.1
References:
https://www.suse.com/security/cve/CVE-2021-2161.html
https://www.suse.com/security/cve/CVE-2021-2163.html
https://www.suse.com/security/cve/CVE-2021-2341.html
https://www.suse.com/security/cve/CVE-2021-2369.html
https://www.suse.com/security/cve/CVE-2021-2388.html
https://www.suse.com/security/cve/CVE-2021-35550.html
https://www.suse.com/security/cve/CVE-2021-35556.html
https://www.suse.com/security/cve/CVE-2021-35559.html
https://www.suse.com/security/cve/CVE-2021-35561.html
https://www.suse.com/security/cve/CVE-2021-35564.html
https://www.suse.com/security/cve/CVE-2021-35565.html
https://www.suse.com/security/cve/CVE-2021-35567.html
https://www.suse.com/security/cve/CVE-2021-35578.html
https://www.suse.com/security/cve/CVE-2021-35586.html
https://www.suse.com/security/cve/CVE-2021-35603.html
https://bugzilla.suse.com/1185055
https://bugzilla.suse.com/1185056
https://bugzilla.suse.com/1188564
https://bugzilla.suse.com/1188565
https://bugzilla.suse.com/1188566
https://bugzilla.suse.com/1191901
https://bugzilla.suse.com/1191903
https://bugzilla.suse.com/1191904
https://bugzilla.suse.com/1191906
https://bugzilla.suse.com/1191909
https://bugzilla.suse.com/1191910
https://bugzilla.suse.com/1191911
https://bugzilla.suse.com/1191912
https://bugzilla.suse.com/1191913
https://bugzilla.suse.com/1191914
1
0
openSUSE-SU-2021:1452-1: important: Security update for mailman
by opensuse-security@opensuse.org 05 Nov '21
by opensuse-security@opensuse.org 05 Nov '21
05 Nov '21
openSUSE Security Update: Security update for mailman
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1452-1
Rating: important
References: #1047218 #1191959 #1191960
Cross-References: CVE-2021-42096 CVE-2021-42097
CVSS scores:
CVE-2021-42096 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-42097 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for mailman fixes the following issues:
Update to 2.1.35 to fix 2 security issues:
- A potential for for a list member to carry out an off-line brute force
attack to obtain the list admin password has been reported by Andre
Protas, Richard Cloke and Andy Nuttall of Apple. This is fixed.
CVE-2021-42096 (boo#1191959, LP:#1947639)
- A CSRF attack via the user options page could allow takeover of a users
account. This is fixed. CVE-2021-42097 (boo#1191960, LP:#1947640)
- make package build reproducible (boo#1047218)
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-1452=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
mailman-2.1.35-bp152.7.6.1
References:
https://www.suse.com/security/cve/CVE-2021-42096.html
https://www.suse.com/security/cve/CVE-2021-42097.html
https://bugzilla.suse.com/1047218
https://bugzilla.suse.com/1191959
https://bugzilla.suse.com/1191960
1
0
openSUSE-SU-2021:1451-1: moderate: Security update for libvirt
by opensuse-security@opensuse.org 05 Nov '21
by opensuse-security@opensuse.org 05 Nov '21
05 Nov '21
openSUSE Security Update: Security update for libvirt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1451-1
Rating: moderate
References: #1177902 #1186398 #1188232 #1188843 #1190420
#1190693 #1190695
Cross-References: CVE-2021-3667
CVSS scores:
CVE-2021-3667 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update for libvirt fixes the following issues:
- CVE-2021-3667: Fixed a DoS vulnerability in the libvirt
virStoragePoolLookupByTargetPath API. (bsc#1188843)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1451=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
libvirt-6.0.0-lp152.9.15.1
libvirt-admin-6.0.0-lp152.9.15.1
libvirt-admin-debuginfo-6.0.0-lp152.9.15.1
libvirt-client-6.0.0-lp152.9.15.1
libvirt-client-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-6.0.0-lp152.9.15.1
libvirt-daemon-config-network-6.0.0-lp152.9.15.1
libvirt-daemon-config-nwfilter-6.0.0-lp152.9.15.1
libvirt-daemon-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-interface-6.0.0-lp152.9.15.1
libvirt-daemon-driver-interface-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-lxc-6.0.0-lp152.9.15.1
libvirt-daemon-driver-lxc-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-network-6.0.0-lp152.9.15.1
libvirt-daemon-driver-network-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-nodedev-6.0.0-lp152.9.15.1
libvirt-daemon-driver-nodedev-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-nwfilter-6.0.0-lp152.9.15.1
libvirt-daemon-driver-nwfilter-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-qemu-6.0.0-lp152.9.15.1
libvirt-daemon-driver-qemu-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-secret-6.0.0-lp152.9.15.1
libvirt-daemon-driver-secret-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-core-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-core-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-disk-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-disk-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-gluster-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-gluster-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-iscsi-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-iscsi-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-logical-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-logical-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-mpath-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-mpath-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-scsi-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-scsi-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-hooks-6.0.0-lp152.9.15.1
libvirt-daemon-lxc-6.0.0-lp152.9.15.1
libvirt-daemon-qemu-6.0.0-lp152.9.15.1
libvirt-debugsource-6.0.0-lp152.9.15.1
libvirt-devel-6.0.0-lp152.9.15.1
libvirt-libs-6.0.0-lp152.9.15.1
libvirt-libs-debuginfo-6.0.0-lp152.9.15.1
libvirt-lock-sanlock-6.0.0-lp152.9.15.1
libvirt-lock-sanlock-debuginfo-6.0.0-lp152.9.15.1
libvirt-nss-6.0.0-lp152.9.15.1
libvirt-nss-debuginfo-6.0.0-lp152.9.15.1
wireshark-plugin-libvirt-6.0.0-lp152.9.15.1
wireshark-plugin-libvirt-debuginfo-6.0.0-lp152.9.15.1
- openSUSE Leap 15.2 (noarch):
libvirt-bash-completion-6.0.0-lp152.9.15.1
libvirt-doc-6.0.0-lp152.9.15.1
- openSUSE Leap 15.2 (x86_64):
libvirt-client-32bit-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-libxl-6.0.0-lp152.9.15.1
libvirt-daemon-driver-libxl-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-rbd-6.0.0-lp152.9.15.1
libvirt-daemon-driver-storage-rbd-debuginfo-6.0.0-lp152.9.15.1
libvirt-daemon-xen-6.0.0-lp152.9.15.1
libvirt-devel-32bit-6.0.0-lp152.9.15.1
References:
https://www.suse.com/security/cve/CVE-2021-3667.html
https://bugzilla.suse.com/1177902
https://bugzilla.suse.com/1186398
https://bugzilla.suse.com/1188232
https://bugzilla.suse.com/1188843
https://bugzilla.suse.com/1190420
https://bugzilla.suse.com/1190693
https://bugzilla.suse.com/1190695
1
0
openSUSE-SU-2021:3619-1: moderate: Security update for libvirt
by opensuse-security@opensuse.org 05 Nov '21
by opensuse-security@opensuse.org 05 Nov '21
05 Nov '21
openSUSE Security Update: Security update for libvirt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:3619-1
Rating: moderate
References: #1177902 #1183247 #1186398 #1190420 #1190493
#1190693 #1190695 #1190917
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for libvirt fixes the following issues:
- lxc: controller: Fix container launch on cgroup v1. (bsc#1183247)
- supportconfig: Use systemctl command 'is-active' instead of 'is-enabled'
when checking if libvirtd is active.
- qemu: Do not report error in the logs when processing monitor IO.
(bsc#1190917)
- spec: Fix an issue when package update hangs (bsc#1177902, bsc#1190693)
- spec: Don't add '--timeout' argument to '/etc/sysconfig/libvirtd' when
running in traditional mode without socket activation. (bsc#1190695)
- libxl: Improve reporting of 'die_id' in capabilities. (bsc#1190493)
- libxl: Fix driver reload. (bsc#1190420)
- qemu: Set label on virtual host network device when hotplugging.
(bsc#1186398)
- supportconfig: When checking for installed hypervisor drivers, use the
libvirtr-daemon-driver-<hypervisor> package instead of
libvirt-daemon-<hypervisor>. The latter are not required packages for a
functioning hypervisor driver.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3619=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libvirt-7.1.0-6.8.1
libvirt-admin-7.1.0-6.8.1
libvirt-admin-debuginfo-7.1.0-6.8.1
libvirt-client-7.1.0-6.8.1
libvirt-client-debuginfo-7.1.0-6.8.1
libvirt-daemon-7.1.0-6.8.1
libvirt-daemon-config-network-7.1.0-6.8.1
libvirt-daemon-config-nwfilter-7.1.0-6.8.1
libvirt-daemon-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-interface-7.1.0-6.8.1
libvirt-daemon-driver-interface-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-lxc-7.1.0-6.8.1
libvirt-daemon-driver-lxc-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-network-7.1.0-6.8.1
libvirt-daemon-driver-network-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-nodedev-7.1.0-6.8.1
libvirt-daemon-driver-nodedev-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-nwfilter-7.1.0-6.8.1
libvirt-daemon-driver-nwfilter-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-qemu-7.1.0-6.8.1
libvirt-daemon-driver-qemu-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-secret-7.1.0-6.8.1
libvirt-daemon-driver-secret-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-7.1.0-6.8.1
libvirt-daemon-driver-storage-core-7.1.0-6.8.1
libvirt-daemon-driver-storage-core-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-disk-7.1.0-6.8.1
libvirt-daemon-driver-storage-disk-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-gluster-7.1.0-6.8.1
libvirt-daemon-driver-storage-gluster-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-iscsi-7.1.0-6.8.1
libvirt-daemon-driver-storage-iscsi-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-iscsi-direct-7.1.0-6.8.1
libvirt-daemon-driver-storage-iscsi-direct-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-logical-7.1.0-6.8.1
libvirt-daemon-driver-storage-logical-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-mpath-7.1.0-6.8.1
libvirt-daemon-driver-storage-mpath-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-storage-scsi-7.1.0-6.8.1
libvirt-daemon-driver-storage-scsi-debuginfo-7.1.0-6.8.1
libvirt-daemon-hooks-7.1.0-6.8.1
libvirt-daemon-lxc-7.1.0-6.8.1
libvirt-daemon-qemu-7.1.0-6.8.1
libvirt-debugsource-7.1.0-6.8.1
libvirt-devel-7.1.0-6.8.1
libvirt-libs-7.1.0-6.8.1
libvirt-libs-debuginfo-7.1.0-6.8.1
libvirt-lock-sanlock-7.1.0-6.8.1
libvirt-lock-sanlock-debuginfo-7.1.0-6.8.1
libvirt-nss-7.1.0-6.8.1
libvirt-nss-debuginfo-7.1.0-6.8.1
wireshark-plugin-libvirt-7.1.0-6.8.1
wireshark-plugin-libvirt-debuginfo-7.1.0-6.8.1
- openSUSE Leap 15.3 (aarch64 x86_64):
libvirt-daemon-driver-storage-rbd-7.1.0-6.8.1
libvirt-daemon-driver-storage-rbd-debuginfo-7.1.0-6.8.1
- openSUSE Leap 15.3 (noarch):
libvirt-bash-completion-7.1.0-6.8.1
libvirt-doc-7.1.0-6.8.1
- openSUSE Leap 15.3 (x86_64):
libvirt-client-32bit-debuginfo-7.1.0-6.8.1
libvirt-daemon-driver-libxl-7.1.0-6.8.1
libvirt-daemon-driver-libxl-debuginfo-7.1.0-6.8.1
libvirt-daemon-xen-7.1.0-6.8.1
libvirt-devel-32bit-7.1.0-6.8.1
References:
https://bugzilla.suse.com/1177902
https://bugzilla.suse.com/1183247
https://bugzilla.suse.com/1186398
https://bugzilla.suse.com/1190420
https://bugzilla.suse.com/1190493
https://bugzilla.suse.com/1190693
https://bugzilla.suse.com/1190695
https://bugzilla.suse.com/1190917
1
0