openSUSE Security Announce
Threads by month
- ----- 2024 -----
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
May 2021
- 1 participants
- 78 discussions
openSUSE-SU-2021:0758-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 22 May '21
by opensuse-security@opensuse.org 22 May '21
22 May '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0758-1
Rating: important
References: #1047233 #1065729 #1113295 #1152472 #1152489
#1153274 #1154353 #1155518 #1156256 #1156395
#1159280 #1160634 #1167773 #1168777 #1169514
#1169709 #1171295 #1173485 #1177326 #1178163
#1178181 #1178330 #1179454 #1180197 #1180980
#1181383 #1181507 #1181674 #1181862 #1182011
#1182077 #1182485 #1182552 #1182574 #1182591
#1182595 #1182712 #1182713 #1182715 #1182716
#1182717 #1182770 #1182989 #1183015 #1183018
#1183022 #1183023 #1183048 #1183252 #1183277
#1183278 #1183279 #1183280 #1183281 #1183282
#1183283 #1183284 #1183285 #1183286 #1183287
#1183288 #1183366 #1183369 #1183386 #1183405
#1183412 #1183416 #1183427 #1183428 #1183445
#1183447 #1183501 #1183509 #1183530 #1183534
#1183540 #1183593 #1183596 #1183598 #1183637
#1183646 #1183662 #1183686 #1183692 #1183696
#1183750 #1183757 #1183775 #1183843 #1183859
#1183871 #1184074 #1184120 #1184167 #1184168
#1184170 #1184176 #1184192 #1184193 #1184194
#1184196 #1184198 #1184211 #1184217 #1184218
#1184219 #1184220 #1184224 #1184388 #1184391
#1184393 #1184509 #1184511 #1184512 #1184514
#1184583 #1184647
Cross-References: CVE-2019-18814 CVE-2019-19769 CVE-2020-25670
CVE-2020-25671 CVE-2020-25672 CVE-2020-25673
CVE-2020-27170 CVE-2020-27171 CVE-2020-27815
CVE-2020-35519 CVE-2020-36310 CVE-2020-36311
CVE-2020-36312 CVE-2021-27363 CVE-2021-27364
CVE-2021-27365 CVE-2021-28038 CVE-2021-28375
CVE-2021-28660 CVE-2021-28688 CVE-2021-28950
CVE-2021-28964 CVE-2021-28971 CVE-2021-28972
CVE-2021-29154 CVE-2021-29264 CVE-2021-29265
CVE-2021-29647 CVE-2021-30002 CVE-2021-3428
CVE-2021-3444 CVE-2021-3483
CVSS scores:
CVE-2019-18814 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-18814 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2019-19769 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2019-19769 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H
CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-27170 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2020-27171 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H
CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-35519 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36311 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36312 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27364 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28375 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28375 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29647 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 32 vulnerabilities and has 85 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3444: Fixed an issue with the bpf verifier which did not
properly handle mod32 destination register truncation when the source
register was known to be 0 leading to out of bounds read (bsc#1184170).
- CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent
(bsc#1173485).
- CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed
attackers to obtain sensitive information from kernel memory because of
a partially uninitialized data structure (bsc#1184192 ).
- CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have
allowed attackers to cause a denial of service due to race conditions
during an update of the local and shared status (bsc#1184167).
- CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver
which could have allowed attackers to cause a system crash due to a
calculation of negative fragment size (bsc#1184168).
- CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a
new device name to the driver from userspace, allowing userspace to
write data to the kernel stack frame directly (bsc#1184198).
- CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could
have caused a system crash because the PEBS status in a PEBS record was
mishandled (bsc#1184196 ).
- CVE-2021-28964: Fixed a race condition in get_old_root which could have
allowed attackers to cause a denial of service (bsc#1184193).
- CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).
- CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan
(bsc#1183593 ).
- CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not
prevent user applications from sending kernel RPC messages (bsc#1183596).
- CVE-2021-28038: Fixed an issue with the netback driver which was lacking
necessary treatment of errors such as failed memory allocations
(bsc#1183022).
- CVE-2021-27365: Fixed an issue where an unprivileged user can send a
Netlink message that is associated with iSCSI, and has a length up to
the maximum length of a Netlink message (bsc#1182715).
- CVE-2021-27364: Fixed an issue where an attacker could craft Netlink
messages (bsc#1182717).
- CVE-2021-27363: Fixed a kernel pointer leak which could have been used
to determine the address of the iscsi_transport structure (bsc#1182716).
- CVE-2020-35519: Fixed an out-of-bounds memory access was found in
x25_bind (bsc#1183696).
- CVE-2020-27815: Fixed an issue in JFS filesystem where could have
allowed an attacker to execute code (bsc#1179454).
- CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds
speculation on pointer arithmetic, leading to side-channel attacks that
defeat Spectre mitigations and obtain sensitive information from kernel
memory (bsc#1183775).
- CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre
mitigations and obtain sensitive information from kernel memory
(bsc#1183686).
- CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire
function (bsc#1159280 ).
- CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in
aa_audit_rule_init() (bsc#1156256).
- CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed
multiple bugs in NFC subsytem (bsc#1178181).
- CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering
destruction of a large SEV VM (bsc#1184511).
- CVE-2021-29154: Fixed incorrect computation of branch displacements,
allowing arbitrary code execution (bsc#1184391).
- CVE-2021-30002: Fixed a memory leak for large arguments in
video_usercopy (bsc#1184120).
- CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).
- CVE-2020-36310: Fixed infinite loop for certain nested page faults
(bsc#1184512).
- CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509
).
- CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop
continually was finding the same bad inode (bsc#1184194).
The following non-security bugs were fixed:
- 0007-block-add-docs-for-gendisk-request_queue-refcount-he.patch:
(bsc#1171295, git fixes (block drivers)).
- 0008-block-revert-back-to-synchronous-request_queue-remov.patch:
(bsc#1171295, git fixes (block drivers)).
- 0009-blktrace-fix-debugfs-use-after-free.patch: (bsc#1171295, git fixes
(block drivers)).
- ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).
- ACPICA: Always create namespace nodes using acpi_ns_create_node()
(git-fixes).
- ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).
- ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region
parameter handling (git-fixes).
- ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).
- ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).
- ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).
- ALSA: aloop: Fix initialization of controls (git-fixes).
- ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).
- ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).
- ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).
- ALSA: hda: generic: Fix the micmute led init state (git-fixes).
- ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).
- ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).
- ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board
(git-fixes).
- ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
(git-fixes).
- ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).
- ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256
(git-fixes).
- ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO
(git-fixes).
- ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).
- ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).
- ALSA: usb-audio: Allow modifying parameters with succeeding hw_params
calls (bsc#1182552).
- ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).
- ALSA: usb-audio: Apply the control quirk to Plantronics headsets
(bsc#1182552).
- ALSA: usb-audio: Disable USB autosuspend properly in
setup_disable_autosuspend() (bsc#1182552).
- ALSA: usb-audio: Do not abort even if the clock rate differs
(bsc#1182552).
- ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).
- ALSA: usb-audio: Fix "cannot get freq eq" errors on Dell AE515 sound bar
(bsc#1182552).
- ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe
(bsc#1182552).
- ALSA: usb-audio: Fix "RANGE setting not yet supported" errors
(git-fixes).
- ALSA: usb-audio: fix use after free in usb_audio_disconnect
(bsc#1182552).
- ALSA: usb-audio: Skip the clock selector inquiry for single connections
(git-fixes).
- ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).
- amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).
- apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).
- appletalk: Fix skb allocation size in loopback case (git-fixes).
- arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).
- ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).
- ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).
- ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).
- ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).
- ASoC: cs42l42: Fix channel width support (git-fixes).
- ASoC: cs42l42: Fix mixer volume control (git-fixes).
- ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).
- ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).
- ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).
- ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).
- ASoC: intel: atom: Remove 44100 sample-rate from the media and
deep-buffer DAI descriptions (git-fixes).
- ASoC: intel: atom: Stop advertising non working S24LE support
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R
tablet (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current
threshold (git-fixes).
- ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet
(git-fixes).
- ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).
- ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of
10 (git-fixes).
- ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of
10 (git-fixes).
- ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer
settings (git-fixes).
- ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).
- ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).
- ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on
probe (git-fixes).
- ASoC: simple-card-utils: Do not handle device clock (git-fixes).
- ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).
- ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips
(git-fixes).
- ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).
- ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr()
(git-fixes).
- ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).
- atl1c: fix error return code in atl1c_probe() (git-fixes).
- atl1e: fix error return code in atl1e_probe() (git-fixes).
- batman-adv: initialize "struct batadv_tvlv_tt_vlan_data"->reserved field
(git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).
- blktrace-annotate-required-lock-on-do_blk_trace_setu.patch:
(bsc#1171295).
- blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.patch:
(bsc#1171295).
- blktrace-break-out-of-blktrace-setup-on-concurrent-c.patch:
(bsc#1171295).
- block-clarify-context-for-refcount-increment-helpers.patch:
(bsc#1171295).
- block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).
- Bluetooth: Fix null pointer dereference in amp_read_loc_assoc_final_data
(git-fixes).
- Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl
(git-fixes).
- bnxt_en: reliably allocate IRQ table on reset to avoid crash
(jsc#SLE-8371 bsc#1153274).
- bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).
- bpf: Avoid warning when re-casting __bpf_call_base into
__bpf_call_base_args (bsc#1155518).
- bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).
- bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs
(bsc#1155518).
- bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).
- bpf_lru_list: Read double-checked variable once without lock
(bsc#1155518).
- bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).
- bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686
bsc#1183775).
- bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).
- brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet
(git-fixes).
- brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet
(git-fixes).
- brcmfmac: clear EAP/association status bits on linkdown events
(git-fixes).
- btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root
(bsc#1184217).
- btrfs: always pin deleted leaves when there are active tree mod log
users (bsc#1184224).
- btrfs: fix exhaustion of the system chunk array due to concurrent
allocations (bsc#1183386).
- btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).
- btrfs: fix race when cloning extent buffer during rewind of an old root
(bsc#1184193).
- btrfs: fix stale data exposure after cloning a hole with NO_HOLES
enabled (bsc#1184220).
- btrfs: fix subvolume/snapshot deletion not triggered on mount
(bsc#1184219).
- bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).
- bus: ti-sysc: Fix warning on unbind if reset is not deasserted
(git-fixes).
- can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).
- can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).
- can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).
- can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).
- can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
(git-fixes).
- can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode
(git-fixes).
- can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
(git-fixes).
- can: peak_usb: add forgotten supported devices (git-fixes).
- can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
(git-fixes).
- can: skb: can_skb_set_owner(): fix ref counting if socket was closed
before setting skb ownership (git-fixes).
- cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).
- certs: Fix blacklist flag type confusion (git-fixes).
- cifs: change noisy error message to FYI (bsc#1181507).
- cifs: check pointer before freeing (bsc#1183534).
- cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).
- cifs: do not send close in compound create+close requests (bsc#1181507).
- cifs: New optype for session operations (bsc#1181507).
- cifs: print MIDs in decimal notation (bsc#1181507).
- cifs: return proper error code in statfs(2) (bsc#1181507).
- cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).
- clk: fix invalid usage of list cursor in register (git-fixes).
- clk: fix invalid usage of list cursor in unregister (git-fixes).
- clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).
- completion: Drop init_completion define (git-fixes).
- configfs: fix a use-after-free in __configfs_open_file (git-fixes).
- config: net: freescale: change xgmac-mdio to built-in References:
bsc#1183015,bsc#1182595
- crypto: aesni - prevent misaligned buffers on the stack (git-fixes).
- crypto: arm64/sha - add missing module aliases (git-fixes).
- crypto: bcm - Rename struct device_private to bcm_device_private
(git-fixes).
- crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager
(git-fixes).
- crypto: tcrypt - avoid signed overflow in byte count (git-fixes).
- Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield.patch
(bsc#1183530)
- drivers/misc/vmw_vmci: restrict too big queue size in
qp_host_alloc_queue (git-fixes).
- drivers: video: fbcon: fix NULL dereference in fbcon_cursor()
(git-fixes).
- drm/amd/display: Guard against NULL pointer deref when get_i2c_info
fails (git-fixes).
- drm/amdgpu: Add check to prevent IH overflow (git-fixes).
- drm/amdgpu: check alignment on CPU page for bo map (git-fixes).
- drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings()
(git-fixes).
- drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie
(git-fixes).
- drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting
notes: * context changes
- drm/amd/powerplay: fix spelling mistake "smu_state_memroy_block" ->
(bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay *
context changes
- drm/compat: Clear bounce structures (git-fixes).
- drm/hisilicon: Fix use-after-free (git-fixes).
- drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).
- drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).
- drm/mediatek: Fix aal size config (bsc#1152489)
- drm: meson_drv add shutdown function (git-fixes).
- drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register
(git-fixes).
- drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs
(git-fixes).
- drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).
- drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489)
- drm/msm: fix shutdown hook in case GPU components failed to bind
(git-fixes).
- drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489)
- drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489)
- drm/msm/gem: Add obj->lock wrappers (bsc#1152489)
- drm/msm: Ratelimit invalid-fence message (git-fixes).
- drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).
- drm/nouveau: bail out of nouveau_channel_new if channel init fails
(bsc#1152489)
- drm/nouveau/kms: handle mDP connectors (git-fixes).
- drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472)
- drm/panfrost: Fix job timeout handling (bsc#1152472)
- drm/panfrost: Remove unused variables in panfrost_job_close()
(bsc#1152472)
- drm/radeon: fix AGP dependency (git-fixes).
- drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489)
- drm/sched: Cancel and flush all outstanding jobs before finish
(git-fixes).
- drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489)
- drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).
- drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472)
- efi: use 32-bit alignment for efi_guid_t literals (git-fixes).
- enetc: Fix reporting of h/w packet counters (git-fixes).
- epoll: check for events when removing a timed out thread from the wait
queue (git-fixes).
- ethernet: alx: fix order of calls on resume (git-fixes).
- exec: Move would_dump into flush_old_exec (git-fixes).
- exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).
- exfat: add the dummy mount options to be backward compatible with
staging/exfat (bsc#1182989).
- extcon: Add stubs for extcon_register_notifier_all() functions
(git-fixes).
- extcon: Fix error handling in extcon_dev_register (git-fixes).
- fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).
- firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
(git-fixes).
- flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).
- fsl/fman: check dereferencing null pointer (git-fixes).
- fsl/fman: fix dereference null return value (git-fixes).
- fsl/fman: fix eth hash table allocation (git-fixes).
- fsl/fman: fix unreachable code (git-fixes).
- fsl/fman: use 32-bit unsigned integer (git-fixes).
- fuse: fix bad inode (bsc#1184211).
- fuse: fix live lock in fuse_iget() (bsc#1184211).
- fuse: verify write return (git-fixes).
- gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).
- gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again
(bcs#1181862).
- gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).
- gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).
- gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).
- gianfar: Handle error code at MAC address change (git-fixes).
- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP
(git-fixes).
- Goodix Fingerprint device is not a modem (git-fixes).
- gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).
- gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).
- gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).
- HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on
Voyo Winpad A15 (git-fixes).
- HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube
Adapter (git-fixes).
- HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).
- hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable
(git-fixes).
- i2c: rcar: faster irq code to minimize HW race condition (git-fixes).
- i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).
- i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).
- i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).
- iavf: Fix incorrect adapter get in iavf_resume (git-fixes).
- iavf: use generic power management (git-fixes).
- ibmvnic: add comments for spinlock_t definitions (bsc#1183871
ltc#192139).
- ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).
- ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).
- ibmvnic: fix block comments (bsc#1183871 ltc#192139).
- ibmvnic: fix braces (bsc#1183871 ltc#192139).
- ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).
- ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning
(jsc#SLE-17268).
- ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871
ltc#192139).
- ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).
- ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871
ltc#192139).
- ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).
- ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871
ltc#192139).
- ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871
ltc#192139).
- ibmvnic: rework to ensure SCRQ entry reads are properly ordered
(bsc#1183871 ltc#192139).
- ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).
- ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions
(bsc#1183023 ltc#191791).
- ice: fix memory leak if register_netdev_fails (git-fixes).
- ice: fix memory leak in ice_vsi_setup (git-fixes).
- ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).
- ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).
- ice: renegotiate link after FW DCB on (jsc#SLE-8464).
- ice: report correct max number of TCs (jsc#SLE-7926).
- ice: update the number of available RSS queues (jsc#SLE-7926).
- igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).
- iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask
(git-fixes).
- iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel
(git-fixes).
- iio: adis16400: Fix an error code in adis16400_initial_setup()
(git-fixes).
- iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler
(git-fixes).
- iio: hid-sensor-humidity: Fix alignment issue of timestamp channel
(git-fixes).
- iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).
- iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).
- include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).
- Input: applespi - do not wait for responses to commands indefinitely
(git-fixes).
- Input: elantech - fix protocol errors for some trackpoints in SMBus mode
(git-fixes).
- Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).
- Input: raydium_ts_i2c - do not send zero length (git-fixes).
- Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox
Series X|S (git-fixes).
- iommu/amd: Fix sleeping in atomic in increase_address_space()
(bsc#1183277).
- iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).
- iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate()
(bsc#1183637).
- iommu/vt-d: Add get_domain_info() helper (bsc#1183279).
- iommu/vt-d: Avoid panic if iommu init fails in tboot system
(bsc#1183280).
- iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid()
(bsc#1183281).
- iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).
- iommu/vt-d: Fix general protection fault in aux_detach_device()
(bsc#1183283).
- iommu/vt-d: Fix ineffective devTLB invalidation for subdevices
(bsc#1183284).
- iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev()
(bsc#1183285).
- iommu/vt-d: Move intel_iommu info from struct intel_svm to struct
intel_svm_dev (bsc#1183286).
- ionic: linearize tso skb with too many frags (bsc#1167773).
- kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig
(bcs#1181862).
- kbuild: change *FLAGS_<basetarget>.o to take the path relative to
$(obj) (bcs#1181862).
- kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).
- kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc
(bsc#1181862).
- kbuild: Fail if gold linker is detected (bcs#1181862).
- kbuild: improve cc-option to clean up all temporary files (bsc#1178330).
- kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled
(bcs#1181862).
- kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).
- kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base
(bcs#1181862).
- kbuild: use -S instead of -E for precise cc-option test in Kconfig
(bsc#1178330).
- kconfig: introduce m32-flag and m64-flag (bcs#1181862).
- KVM: nVMX: Properly handle userspace interrupt window request
(bsc#1183427).
- KVM: SVM: Clear the CR4 register on reset (bsc#1183252).
- KVM: x86: Add helpers to perform CPUID-based guest vendor check
(bsc#1183445).
- KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as
a dependency of 0b40723a827 ("kvm: tracing: Fix unmatched kvm_entry and
kvm_exit events", bsc#1182770).
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off
(bsc#1183287).
- KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).
- KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs
(bsc#1183447).
- KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).
- KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries
(bsc#1183428).
- KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset
(bsc#1183288).
- libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).
- libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).
- libbpf: Fix INSTALL flag order (bsc#1155518).
- libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).
- lib/syscall: fix syscall registers retrieval on 32-bit platforms
(git-fixes).
- locking/mutex: Fix non debug version of mutex_lock_io_nested()
(git-fixes).
- loop-be-paranoid-on-exit-and-prevent-new-additions-r.patch:
(bsc#1171295).
- mac80211: choose first enabled channel for monitor (git-fixes).
- mac80211: fix double free in ibss_leave (git-fixes).
- mac80211: fix rate mask reset (git-fixes).
- mac80211: fix TXQ AC confusion (git-fixes).
- mdio: fix mdio-thunder.c dependency & build error (git-fixes).
- media: cros-ec-cec: do not bail on device_init_wakeup failure
(git-fixes).
- media: cx23885: add more quirks for reset DMA on some AMD IOMMU
(git-fixes).
- media: mceusb: Fix potential out-of-bounds shift (git-fixes).
- media: mceusb: sanity check for prescaler value (git-fixes).
- media: rc: compile rc-cec.c into rc-core (git-fixes).
- media: usbtv: Fix deadlock on suspend (git-fixes).
- media: uvcvideo: Allow entities with no pads (git-fixes).
- media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).
- media: v4l: vsp1: Fix bru null pointer access (git-fixes).
- media: v4l: vsp1: Fix uif null pointer access (git-fixes).
- media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).
- misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom
(git-fixes).
- misc: fastrpc: restrict user apps from sending kernel RPC messages
(git-fixes).
- misc/pvpanic: Export module FDT device table (git-fixes).
- misc: rtsx: init of rts522a add OCP power off when no card is present
(git-fixes).
- mISDN: fix crash in fritzpci (git-fixes).
- mmc: core: Fix partition switch time for eMMC (git-fixes).
- mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).
- mmc: mxs-mmc: Fix a resource leak in an error handling path in
'mxs_mmc_probe()' (git-fixes).
- mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).
- mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).
- mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
(git-fixes).
- mm, numa: fix bad pmd by atomically check for pmd_trans_huge when
marking page tables prot_numa (bsc#1168777).
- mount: fix mounting of detached mounts onto targets that reside on
shared mounts (git-fixes).
- mt76: dma: do not report truncated frames to mac80211 (git-fixes).
- mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).
- net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).
- net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).
- net: b44: fix error return code in b44_init_one() (git-fixes).
- net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).
- net: cdc-phonet: fix data-interface release on probe failure (git-fixes).
- net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).
- netdevsim: init u64 stats for 32bit hardware (git-fixes).
- net: dsa: rtl8366: Fix VLAN semantics (git-fixes).
- net: dsa: rtl8366: Fix VLAN set-up (git-fixes).
- net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).
- net: enic: Cure the enic api locking trainwreck (git-fixes).
- net: ethernet: aquantia: Fix wrong return value (git-fixes).
- net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop
(git-fixes).
- net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours
(bsc#1183871 ltc#192139).
- net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port
(git-fixes).
- net: ethernet: ti: cpsw: fix error return code in cpsw_probe()
(git-fixes).
- net: fec: Fix phy_device lookup for phy_reset_after_clk_enable()
(git-fixes).
- net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).
- net: fec: Fix reference count leak in fec series ops (git-fixes).
- net: gemini: Fix another missing clk_disable_unprepare() in probe
(git-fixes).
- net: gemini: Fix missing free_netdev() in error path of
gemini_ethernet_port_probe() (git-fixes).
- net: gianfar: Add of_node_put() before goto statement (git-fixes).
- net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device
(git-fixes).
- net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling
ether_setup (git-fixes).
- net: hns3: Remove the left over redundant check & assignment
(bsc#1154353).
- net: korina: cast KSEG0 address to pointer in kfree (git-fixes).
- net: korina: fix kfree of rx/tx descriptor array (git-fixes).
- net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).
- net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).
- net/mlx5: Disable devlink reload for multi port slave device
(jsc#SLE-8464).
- net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).
- net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).
- net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).
- net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).
- net: mvneta: fix double free of txq->buf (git-fixes).
- net: mvneta: make tx buffer array agnostic (git-fixes).
- net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).
- net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).
- net: qcom/emac: add missed clk_disable_unprepare in error path of
emac_clks_phase1_init (git-fixes).
- net: qualcomm: rmnet: Fix incorrect receive packet handling during
cleanup (git-fixes).
- net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)
- netsec: restore phy power state after controller reset (bsc#1183757).
- net: spider_net: Fix the size used in a 'dma_free_coherent()' call
(git-fixes).
- net: stmmac: Fix incorrect location to set real_num_rx|tx_queues
(git-fixes).
- net: stmmac: removed enabling eee in EEE set callback (git-fixes).
- net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).
- net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call
(git-fixes).
- net: usb: ax88179_178a: fix missing stop entry in driver_info
(git-fixes).
- net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).
- net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).
- net: wan/lmc: unregister device when no matching device is found
(git-fixes).
- nfp: flower: fix pre_tun mask id allocation (bsc#1154353).
- nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT
(bsc#1182077).
- nvme-fabrics: fix kato initialization (bsc#1182591).
- nvme-fabrics: only reserve a single tag (bsc#1182077).
- nvme-fc: fix racing controller reset and create association
(bsc#1183048).
- nvme-hwmon: Return error code when registration fails (bsc#1177326).
- nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).
- nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).
- nvmet-rdma: Fix list_del corruption on queue establishment failure
(bsc#1183501).
- objtool: Fix ".cold" section suffix check for newer versions of GCC
(bsc#1169514).
- objtool: Fix error handling for STD/CLD warnings (bsc#1169514).
- objtool: Fix retpoline detection in asm code (bsc#1169514).
- ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).
- ovl: fix out of date comment and unreachable code (bsc#1184176).
- ovl: fix regression with re-formatted lower squashfs (bsc#1184176).
- ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).
- ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).
- ovl: initialize error in ovl_copy_xattr (bsc#1184176).
- ovl: relax WARN_ON() when decoding lower directory file handle
(bsc#1184176).
- PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller
(git-fixes).
- PCI: Align checking of syscall user config accessors (git-fixes).
- PCI: Decline to resize resources if boot config must be preserved
(git-fixes).
- PCI: Fix pci_register_io_range() memory leak (git-fixes).
- PCI: mediatek: Add missing of_node_put() to fix reference leak
(git-fixes).
- PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).
- PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).
- pinctrl: rockchip: fix restore error in resume (git-fixes).
- Platform: OLPC: Fix probe error handling (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire
Switch 10E SW3-016 (git-fixes).
- platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag
(git-fixes).
- platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).
- platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices
(git-fixes).
- platform/x86: acer-wmi: Cleanup accelerometer device handling
(git-fixes).
- platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).
- platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2
(git-fixes).
- platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).
- platform/x86: thinkpad_acpi: Allow the FnLock LED to change state
(git-fixes).
- PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).
- PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter
(bsc#1183366).
- PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).
- PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).
- post.sh: Return an error when module update fails (bsc#1047233
bsc#1184388).
- powerpc/64s: Fix instruction encoding for lis in ppc_function_entry()
(bsc#1065729).
- powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692
ltc#191963).
- powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).
- powerpc/pseries/mobility: handle premature return from H_JOIN
(bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/mobility: use struct for shared state (bsc#1181674
ltc#189159 git-fixes bsc#1183662 ltc#191922).
- powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).
- powerpc/sstep: Check instruction validity against ISA version before
emulation (bsc#1156395).
- powerpc/sstep: Fix darn emulation (bsc#1156395).
- powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).
- powerpc/sstep: Fix load-store and update emulation (bsc#1156395).
- printk: fix deadlock when kernel panic (bsc#1183018).
- proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).
- pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare()
(git-fixes).
- qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).
- qxl: Fix uninitialised struct field head.surface_id (git-fixes).
- random: fix the RNDRESEEDCRNG ioctl (git-fixes).
- RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).
- RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).
- RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).
- RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes
(bsc#1169709)
- regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).
- Revert "net: bonding: fix error return code of bond_neigh_init()"
(bsc#1154353).
- rpadlpar: fix potential drc_name corruption in store functions
(bsc#1183416 ltc#191079).
- rpm/check-for-config-changes: add -mrecord-mcount ignore Added by
3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.
- rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.
- rpm/check-for-config-changes: comment on the list To explain what it
actually is.
- rpm/check-for-config-changes: declare sed args as an array So that we
can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array
which can be easily extended.
- rpm/check-for-config-changes: define ignores more strictly * search for
whole words, so make wildcards explicit * use ' for quoting * prepend
CONFIG_ dynamically, so it need not be in the list
- rpm/check-for-config-changes: sort the ignores They are growing so to
make them searchable by humans.
- rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package
(bsc#1184514) The devel package requires the kernel binary package
itself for building modules externally.
- rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).
- rsi: Move card interrupt handling to RX thread (git-fixes).
- rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).
- s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).
- s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).
- s390/qeth: fix notification for pending buffers during teardown
(git-fixes).
- s390/qeth: improve completion of pending TX buffers (git-fixes).
- s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).
- s390/vtime: fix increased steal time accounting (bsc#1183859).
- samples, bpf: Add missing munmap in xdpsock (bsc#1155518).
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647
ltc#191231).
- scsi: lpfc: Change wording of invalid pci reset log message
(bsc#1182574).
- scsi: lpfc: Correct function header comments related to ndlp reference
counting (bsc#1182574).
- scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).
- scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).
- scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery
(bsc#1182574).
- scsi: lpfc: Fix FLOGI failure due to accessing a freed node
(bsc#1182574).
- scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe
(bsc#1182574).
- scsi: lpfc: Fix lpfc_els_retry() possible null pointer dereference
(bsc#1182574).
- scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).
- scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb()
(bsc#1182574).
- scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).
- scsi: lpfc: Fix pt2pt connection does not recover after LOGO
(bsc#1182574).
- scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).
- scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).
- scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).
- scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path
(bsc#1182574).
- scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf
(bsc#1182574).
- scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).
- scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).
- scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).
- scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes
(bsc#1182574).
- scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).
- scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).
- scsi: target: pscsi: Clean up after failure in pscsi_map_sg()
(bsc#1183843).
- selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in
test_verifier (bsc#1155518).
- selftests/bpf: No need to drop the packet when there is no geneve opt
(bsc#1155518).
- selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed
(bsc#1155518).
- selinux: fix error initialization in inode_doinit_with_dentry()
(git-fixes).
- selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).
- selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling
(git-fixes).
- smb3: add dynamic trace point to trace when credits obtained
(bsc#1181507).
- smb3: fix crediting for compounding when only one request in flight
(bsc#1181507).
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).
- soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).
- software node: Fix node registration (git-fixes).
- spi: stm32: make spurious and overrun interrupts visible (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1183750).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).
- stop_machine: mark helpers __always_inline (git-fixes).
- thermal/core: Add NULL pointer check before using cooling device stats
(git-fixes).
- udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).
- Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)
- USB: cdc-acm: downgrade message to debug (git-fixes).
- USB: cdc-acm: fix double free on probe failure (git-fixes).
- USB: cdc-acm: fix use-after-free after probe failure (git-fixes).
- USB: cdc-acm: untangle a circular dependency between callback and
softint (git-fixes).
- USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).
- USB: dwc2: Prevent core suspend when port connection flag is 0
(git-fixes).
- USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).
- USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).
- USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).
- USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).
- USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).
- USB: gadget: f_uac1: stop playback on function disable (git-fixes).
- USB: gadget: f_uac2: always increase endpoint max_packet_size by one
audio slot (git-fixes).
- USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).
- USB: gadget: u_ether: Fix a configfs return code (git-fixes).
- USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).
- USBip: fix stub_dev to check for stream socket (git-fixes).
- USBip: fix stub_dev usbip_sockfd_store() races leading to gpf
(git-fixes).
- USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).
- USBip: fix vhci_hcd to check for stream socket (git-fixes).
- USBip: fix vudc to check for stream socket (git-fixes).
- USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).
- USBip: tools: fix build error for multiple definition (git-fixes).
- USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control()
(git-fixes).
- USB: musb: Fix suspend with devices connected for a64 (git-fixes).
- USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem
(git-fixes).
- USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM
(git-fixes).
- USB: replace hardcode maximum usb string length by definition
(git-fixes).
- USB: serial: ch341: add new Product ID (git-fixes).
- USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter
(git-fixes).
- USB: serial: cp210x: add some more GE USB IDs (git-fixes).
- USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).
- USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).
- USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).
- USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy-
(git-fixes).
- USB: usblp: fix a hang in poll() if disconnected (git-fixes).
- USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).
- USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).
- USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).
- use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).
- video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)
- video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).
- VMCI: Use set_page_dirty_lock() when unregistering guest memory
(git-fixes).
- vt/consolemap: do font sum unsigned (git-fixes).
- watchdog: mei_wdt: request stop on unregister (git-fixes).
- wireguard: device: do not generate ICMP for non-IP packets (git-fixes).
- wireguard: kconfig: use arm chacha even with no neon (git-fixes).
- wireguard: selftests: test multiple parallel streams (git-fixes).
- wlcore: Fix command execute failure 19 for wl12xx (git-fixes).
- x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).
- x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
(bsc#1152489).
- x86/ioapic: Ignore IRQ2 again (bsc#1152489).
- x86/mem_encrypt: Correct physical address calculation in
__set_clr_pte_enc() (bsc#1152489).
- xen/events: avoid handling the same event on two cpus at the same time
(git-fixes).
- xen/events: do not unmask an event channel when an eoi is pending
(git-fixes).
- xen/events: fix setting irq affinity (bsc#1184583).
- xen/events: reset affinity of 2-level event when tearing it down
(git-fixes).
- xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022
XSA-367).
- xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022
XSA-367).
- xfs: group quota should return EDQUOT when prj quota enabled
(bsc#1180980).
- xhci: Fix repeated xhci wake after suspend due to uncleared internal
wake state (git-fixes).
- xhci: Improve detection of device initiated wake signal (git-fixes).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-758=1
Package List:
- openSUSE Leap 15.2 (x86_64):
cluster-md-kmp-rt-5.3.18-lp152.3.8.1
cluster-md-kmp-rt-debuginfo-5.3.18-lp152.3.8.1
cluster-md-kmp-rt_debug-5.3.18-lp152.3.8.1
cluster-md-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1
dlm-kmp-rt-5.3.18-lp152.3.8.1
dlm-kmp-rt-debuginfo-5.3.18-lp152.3.8.1
dlm-kmp-rt_debug-5.3.18-lp152.3.8.1
dlm-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1
gfs2-kmp-rt-5.3.18-lp152.3.8.1
gfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1
gfs2-kmp-rt_debug-5.3.18-lp152.3.8.1
gfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1
kernel-rt-5.3.18-lp152.3.8.1
kernel-rt-debuginfo-5.3.18-lp152.3.8.1
kernel-rt-debugsource-5.3.18-lp152.3.8.1
kernel-rt-devel-5.3.18-lp152.3.8.1
kernel-rt-devel-debuginfo-5.3.18-lp152.3.8.1
kernel-rt-extra-5.3.18-lp152.3.8.1
kernel-rt-extra-debuginfo-5.3.18-lp152.3.8.1
kernel-rt_debug-5.3.18-lp152.3.8.1
kernel-rt_debug-debuginfo-5.3.18-lp152.3.8.1
kernel-rt_debug-debugsource-5.3.18-lp152.3.8.1
kernel-rt_debug-devel-5.3.18-lp152.3.8.1
kernel-rt_debug-devel-debuginfo-5.3.18-lp152.3.8.1
kernel-rt_debug-extra-5.3.18-lp152.3.8.1
kernel-rt_debug-extra-debuginfo-5.3.18-lp152.3.8.1
kernel-syms-rt-5.3.18-lp152.3.8.1
kselftests-kmp-rt-5.3.18-lp152.3.8.1
kselftests-kmp-rt-debuginfo-5.3.18-lp152.3.8.1
kselftests-kmp-rt_debug-5.3.18-lp152.3.8.1
kselftests-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1
ocfs2-kmp-rt-5.3.18-lp152.3.8.1
ocfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1
ocfs2-kmp-rt_debug-5.3.18-lp152.3.8.1
ocfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1
reiserfs-kmp-rt-5.3.18-lp152.3.8.1
reiserfs-kmp-rt-debuginfo-5.3.18-lp152.3.8.1
reiserfs-kmp-rt_debug-5.3.18-lp152.3.8.1
reiserfs-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1
- openSUSE Leap 15.2 (noarch):
kernel-devel-rt-5.3.18-lp152.3.8.1
kernel-source-rt-5.3.18-lp152.3.8.1
References:
https://www.suse.com/security/cve/CVE-2019-18814.html
https://www.suse.com/security/cve/CVE-2019-19769.html
https://www.suse.com/security/cve/CVE-2020-25670.html
https://www.suse.com/security/cve/CVE-2020-25671.html
https://www.suse.com/security/cve/CVE-2020-25672.html
https://www.suse.com/security/cve/CVE-2020-25673.html
https://www.suse.com/security/cve/CVE-2020-27170.html
https://www.suse.com/security/cve/CVE-2020-27171.html
https://www.suse.com/security/cve/CVE-2020-27815.html
https://www.suse.com/security/cve/CVE-2020-35519.html
https://www.suse.com/security/cve/CVE-2020-36310.html
https://www.suse.com/security/cve/CVE-2020-36311.html
https://www.suse.com/security/cve/CVE-2020-36312.html
https://www.suse.com/security/cve/CVE-2021-27363.html
https://www.suse.com/security/cve/CVE-2021-27364.html
https://www.suse.com/security/cve/CVE-2021-27365.html
https://www.suse.com/security/cve/CVE-2021-28038.html
https://www.suse.com/security/cve/CVE-2021-28375.html
https://www.suse.com/security/cve/CVE-2021-28660.html
https://www.suse.com/security/cve/CVE-2021-28688.html
https://www.suse.com/security/cve/CVE-2021-28950.html
https://www.suse.com/security/cve/CVE-2021-28964.html
https://www.suse.com/security/cve/CVE-2021-28971.html
https://www.suse.com/security/cve/CVE-2021-28972.html
https://www.suse.com/security/cve/CVE-2021-29154.html
https://www.suse.com/security/cve/CVE-2021-29264.html
https://www.suse.com/security/cve/CVE-2021-29265.html
https://www.suse.com/security/cve/CVE-2021-29647.html
https://www.suse.com/security/cve/CVE-2021-30002.html
https://www.suse.com/security/cve/CVE-2021-3428.html
https://www.suse.com/security/cve/CVE-2021-3444.html
https://www.suse.com/security/cve/CVE-2021-3483.html
https://bugzilla.suse.com/1047233
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1113295
https://bugzilla.suse.com/1152472
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1155518
https://bugzilla.suse.com/1156256
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1159280
https://bugzilla.suse.com/1160634
https://bugzilla.suse.com/1167773
https://bugzilla.suse.com/1168777
https://bugzilla.suse.com/1169514
https://bugzilla.suse.com/1169709
https://bugzilla.suse.com/1171295
https://bugzilla.suse.com/1173485
https://bugzilla.suse.com/1177326
https://bugzilla.suse.com/1178163
https://bugzilla.suse.com/1178181
https://bugzilla.suse.com/1178330
https://bugzilla.suse.com/1179454
https://bugzilla.suse.com/1180197
https://bugzilla.suse.com/1180980
https://bugzilla.suse.com/1181383
https://bugzilla.suse.com/1181507
https://bugzilla.suse.com/1181674
https://bugzilla.suse.com/1181862
https://bugzilla.suse.com/1182011
https://bugzilla.suse.com/1182077
https://bugzilla.suse.com/1182485
https://bugzilla.suse.com/1182552
https://bugzilla.suse.com/1182574
https://bugzilla.suse.com/1182591
https://bugzilla.suse.com/1182595
https://bugzilla.suse.com/1182712
https://bugzilla.suse.com/1182713
https://bugzilla.suse.com/1182715
https://bugzilla.suse.com/1182716
https://bugzilla.suse.com/1182717
https://bugzilla.suse.com/1182770
https://bugzilla.suse.com/1182989
https://bugzilla.suse.com/1183015
https://bugzilla.suse.com/1183018
https://bugzilla.suse.com/1183022
https://bugzilla.suse.com/1183023
https://bugzilla.suse.com/1183048
https://bugzilla.suse.com/1183252
https://bugzilla.suse.com/1183277
https://bugzilla.suse.com/1183278
https://bugzilla.suse.com/1183279
https://bugzilla.suse.com/1183280
https://bugzilla.suse.com/1183281
https://bugzilla.suse.com/1183282
https://bugzilla.suse.com/1183283
https://bugzilla.suse.com/1183284
https://bugzilla.suse.com/1183285
https://bugzilla.suse.com/1183286
https://bugzilla.suse.com/1183287
https://bugzilla.suse.com/1183288
https://bugzilla.suse.com/1183366
https://bugzilla.suse.com/1183369
https://bugzilla.suse.com/1183386
https://bugzilla.suse.com/1183405
https://bugzilla.suse.com/1183412
https://bugzilla.suse.com/1183416
https://bugzilla.suse.com/1183427
https://bugzilla.suse.com/1183428
https://bugzilla.suse.com/1183445
https://bugzilla.suse.com/1183447
https://bugzilla.suse.com/1183501
https://bugzilla.suse.com/1183509
https://bugzilla.suse.com/1183530
https://bugzilla.suse.com/1183534
https://bugzilla.suse.com/1183540
https://bugzilla.suse.com/1183593
https://bugzilla.suse.com/1183596
https://bugzilla.suse.com/1183598
https://bugzilla.suse.com/1183637
https://bugzilla.suse.com/1183646
https://bugzilla.suse.com/1183662
https://bugzilla.suse.com/1183686
https://bugzilla.suse.com/1183692
https://bugzilla.suse.com/1183696
https://bugzilla.suse.com/1183750
https://bugzilla.suse.com/1183757
https://bugzilla.suse.com/1183775
https://bugzilla.suse.com/1183843
https://bugzilla.suse.com/1183859
https://bugzilla.suse.com/1183871
https://bugzilla.suse.com/1184074
https://bugzilla.suse.com/1184120
https://bugzilla.suse.com/1184167
https://bugzilla.suse.com/1184168
https://bugzilla.suse.com/1184170
https://bugzilla.suse.com/1184176
https://bugzilla.suse.com/1184192
https://bugzilla.suse.com/1184193
https://bugzilla.suse.com/1184194
https://bugzilla.suse.com/1184196
https://bugzilla.suse.com/1184198
https://bugzilla.suse.com/1184211
https://bugzilla.suse.com/1184217
https://bugzilla.suse.com/1184218
https://bugzilla.suse.com/1184219
https://bugzilla.suse.com/1184220
https://bugzilla.suse.com/1184224
https://bugzilla.suse.com/1184388
https://bugzilla.suse.com/1184391
https://bugzilla.suse.com/1184393
https://bugzilla.suse.com/1184509
https://bugzilla.suse.com/1184511
https://bugzilla.suse.com/1184512
https://bugzilla.suse.com/1184514
https://bugzilla.suse.com/1184583
https://bugzilla.suse.com/1184647
1
0
openSUSE-SU-2021:0757-1: critical: Security update for graphviz
by opensuse-security@opensuse.org 22 May '21
by opensuse-security@opensuse.org 22 May '21
22 May '21
openSUSE Security Update: Security update for graphviz
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0757-1
Rating: critical
References: #1185833
Cross-References: CVE-2020-18032
CVSS scores:
CVE-2020-18032 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-18032 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for graphviz fixes the following issues:
- CVE-2020-18032: Fixed possible remote code execution via buffer overflow
(bsc#1185833).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-757=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
graphviz-2.40.1-lp152.7.10.1
graphviz-addons-debuginfo-2.40.1-lp152.7.10.1
graphviz-addons-debugsource-2.40.1-lp152.7.10.1
graphviz-debuginfo-2.40.1-lp152.7.10.1
graphviz-debugsource-2.40.1-lp152.7.10.1
graphviz-devel-2.40.1-lp152.7.10.1
graphviz-doc-2.40.1-lp152.7.10.1
graphviz-gd-2.40.1-lp152.7.10.1
graphviz-gd-debuginfo-2.40.1-lp152.7.10.1
graphviz-gnome-2.40.1-lp152.7.10.1
graphviz-gnome-debuginfo-2.40.1-lp152.7.10.1
graphviz-guile-2.40.1-lp152.7.10.1
graphviz-guile-debuginfo-2.40.1-lp152.7.10.1
graphviz-gvedit-2.40.1-lp152.7.10.1
graphviz-gvedit-debuginfo-2.40.1-lp152.7.10.1
graphviz-java-2.40.1-lp152.7.10.1
graphviz-java-debuginfo-2.40.1-lp152.7.10.1
graphviz-lua-2.40.1-lp152.7.10.1
graphviz-lua-debuginfo-2.40.1-lp152.7.10.1
graphviz-perl-2.40.1-lp152.7.10.1
graphviz-perl-debuginfo-2.40.1-lp152.7.10.1
graphviz-php-2.40.1-lp152.7.10.1
graphviz-php-debuginfo-2.40.1-lp152.7.10.1
graphviz-plugins-core-2.40.1-lp152.7.10.1
graphviz-plugins-core-debuginfo-2.40.1-lp152.7.10.1
graphviz-python-2.40.1-lp152.7.10.1
graphviz-python-debuginfo-2.40.1-lp152.7.10.1
graphviz-ruby-2.40.1-lp152.7.10.1
graphviz-ruby-debuginfo-2.40.1-lp152.7.10.1
graphviz-smyrna-2.40.1-lp152.7.10.1
graphviz-smyrna-debuginfo-2.40.1-lp152.7.10.1
graphviz-tcl-2.40.1-lp152.7.10.1
graphviz-tcl-debuginfo-2.40.1-lp152.7.10.1
libgraphviz6-2.40.1-lp152.7.10.1
libgraphviz6-debuginfo-2.40.1-lp152.7.10.1
References:
https://www.suse.com/security/cve/CVE-2020-18032.html
https://bugzilla.suse.com/1185833
1
0
openSUSE-SU-2021:0764-1: important: Security update for libxml2
by opensuse-security@opensuse.org 22 May '21
by opensuse-security@opensuse.org 22 May '21
22 May '21
openSUSE Security Update: Security update for libxml2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0764-1
Rating: important
References: #1185408 #1185409 #1185410 #1185698
Cross-References: CVE-2021-3516 CVE-2021-3517 CVE-2021-3518
CVE-2021-3537
CVSS scores:
CVE-2021-3516 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3517 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3518 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3537 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3537 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for libxml2 fixes the following issues:
- CVE-2021-3537: NULL pointer dereference in
valid.c:xmlValidBuildAContentModel (bsc#1185698)
- CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess
(bsc#1185408).
- CVE-2021-3517: Fixed a heap based buffer overflow in
entities.c:xmlEncodeEntitiesInternal (bsc#1185410).
- CVE-2021-3516: Fixed a use after free in
entities.c:xmlEncodeEntitiesInternal (bsc#1185409).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-764=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
libxml2-2-2.9.7-lp152.10.12.1
libxml2-2-debuginfo-2.9.7-lp152.10.12.1
libxml2-debugsource-2.9.7-lp152.10.12.1
libxml2-devel-2.9.7-lp152.10.12.1
libxml2-tools-2.9.7-lp152.10.12.1
libxml2-tools-debuginfo-2.9.7-lp152.10.12.1
python-libxml2-python-debugsource-2.9.7-lp152.10.12.1
python2-libxml2-python-2.9.7-lp152.10.12.1
python2-libxml2-python-debuginfo-2.9.7-lp152.10.12.1
python3-libxml2-python-2.9.7-lp152.10.12.1
python3-libxml2-python-debuginfo-2.9.7-lp152.10.12.1
- openSUSE Leap 15.2 (x86_64):
libxml2-2-32bit-2.9.7-lp152.10.12.1
libxml2-2-32bit-debuginfo-2.9.7-lp152.10.12.1
libxml2-devel-32bit-2.9.7-lp152.10.12.1
- openSUSE Leap 15.2 (noarch):
libxml2-doc-2.9.7-lp152.10.12.1
References:
https://www.suse.com/security/cve/CVE-2021-3516.html
https://www.suse.com/security/cve/CVE-2021-3517.html
https://www.suse.com/security/cve/CVE-2021-3518.html
https://www.suse.com/security/cve/CVE-2021-3537.html
https://bugzilla.suse.com/1185408
https://bugzilla.suse.com/1185409
https://bugzilla.suse.com/1185410
https://bugzilla.suse.com/1185698
1
0
openSUSE-SU-2021:0763-1: important: Security update for fribidi
by opensuse-security@opensuse.org 22 May '21
by opensuse-security@opensuse.org 22 May '21
22 May '21
openSUSE Security Update: Security update for fribidi
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0763-1
Rating: important
References: #1156260
Cross-References: CVE-2019-18397
CVSS scores:
CVE-2019-18397 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-18397 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for fribidi fixes the following issues:
Security issues fixed:
- CVE-2019-18397: Avoid buffer overflow. (bsc#1156260)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-763=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
fribidi-1.0.5-lp152.2.3.1
fribidi-debuginfo-1.0.5-lp152.2.3.1
fribidi-debugsource-1.0.5-lp152.2.3.1
fribidi-devel-1.0.5-lp152.2.3.1
libfribidi0-1.0.5-lp152.2.3.1
libfribidi0-debuginfo-1.0.5-lp152.2.3.1
- openSUSE Leap 15.2 (x86_64):
libfribidi0-32bit-1.0.5-lp152.2.3.1
libfribidi0-32bit-debuginfo-1.0.5-lp152.2.3.1
References:
https://www.suse.com/security/cve/CVE-2019-18397.html
https://bugzilla.suse.com/1156260
1
0
openSUSE-SU-2021:0762-1: important: Security update for chromium
by opensuse-security@opensuse.org 22 May '21
by opensuse-security@opensuse.org 22 May '21
22 May '21
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0762-1
Rating: important
References: #1185496 #1185716 #1185908
Cross-References: CVE-2021-30506 CVE-2021-30507 CVE-2021-30508
CVE-2021-30509 CVE-2021-30510 CVE-2021-30511
CVE-2021-30512 CVE-2021-30513 CVE-2021-30514
CVE-2021-30515 CVE-2021-30516 CVE-2021-30517
CVE-2021-30518 CVE-2021-30519 CVE-2021-30520
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes 15 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
(This is a rerelease with aarch64 enabled.)
Chromium 90.0.4430.212 (boo#1185908)
* CVE-2021-30506: Incorrect security UI in Web App Installs
* CVE-2021-30507: Inappropriate implementation in Offline
* CVE-2021-30508: Heap buffer overflow in Media Feeds
* CVE-2021-30509: Out of bounds write in Tab Strip
* CVE-2021-30510: Race in Aura
* CVE-2021-30511: Out of bounds read in Tab Group
* CVE-2021-30512: Use after free in Notifications
* CVE-2021-30513: Type Confusion in V8
* CVE-2021-30514: Use after free in Autofill
* CVE-2021-30515: Use after free in File API
* CVE-2021-30516: Heap buffer overflow in History
* CVE-2021-30517: Type Confusion in V8
* CVE-2021-30518: Heap buffer overflow in Reader Mode
* CVE-2021-30519: Use after free in Payments
* CVE-2021-30520: Use after free in Tab Strip
- FTP support disabled at runtime by default since release 88. Chromium 91
will remove support for ftp altogether (boo#1185496)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-762=1
Package List:
- openSUSE Leap 15.2 (x86_64):
chromedriver-90.0.4430.212-lp152.2.95.1
chromedriver-debuginfo-90.0.4430.212-lp152.2.95.1
chromium-90.0.4430.212-lp152.2.95.1
chromium-debuginfo-90.0.4430.212-lp152.2.95.1
References:
https://www.suse.com/security/cve/CVE-2021-30506.html
https://www.suse.com/security/cve/CVE-2021-30507.html
https://www.suse.com/security/cve/CVE-2021-30508.html
https://www.suse.com/security/cve/CVE-2021-30509.html
https://www.suse.com/security/cve/CVE-2021-30510.html
https://www.suse.com/security/cve/CVE-2021-30511.html
https://www.suse.com/security/cve/CVE-2021-30512.html
https://www.suse.com/security/cve/CVE-2021-30513.html
https://www.suse.com/security/cve/CVE-2021-30514.html
https://www.suse.com/security/cve/CVE-2021-30515.html
https://www.suse.com/security/cve/CVE-2021-30516.html
https://www.suse.com/security/cve/CVE-2021-30517.html
https://www.suse.com/security/cve/CVE-2021-30518.html
https://www.suse.com/security/cve/CVE-2021-30519.html
https://www.suse.com/security/cve/CVE-2021-30520.html
https://bugzilla.suse.com/1185496
https://bugzilla.suse.com/1185716
https://bugzilla.suse.com/1185908
1
0
openSUSE-SU-2021:0755-1: important: Security update for cacti, cacti-spine
by opensuse-security@opensuse.org 20 May '21
by opensuse-security@opensuse.org 20 May '21
20 May '21
openSUSE Security Update: Security update for cacti, cacti-spine
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0755-1
Rating: important
References: #1180804
Cross-References: CVE-2020-35701
CVSS scores:
CVE-2020-35701 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cacti, cacti-spine fixes the following issues:
cacti-spine was updated to 1.2.17:
* Avoid triggering DDos detection in firewalls on large systems
* Use mysql reconnect option properly
* Fix possible creashes in various operations
* Fix remote data collectors pushing too much data to main when performing
diagnostics
* Make spine more responsive when remote connection is down
* Fix various MySQL issues
* Make spine immune to DST changes
cacti-spine 1.2.16:
* Some developer debug log messages falsely labeled as WARNINGS
* Remove the need of the dos2unix program
* Fix Spine experiencing MySQL socket error 2002 under load
* Under heavy load MySQL/MariaDB return 2006 and 2013 errors on query
* Add backtrace output to stderr for signals
* Add Data Source turnaround time to debug output
cacti-spine 1.2.15:
* Special characters may not always be ignored properly
cacti was updated to 1.2.17:
* Fix incorrect handling of fields led to potential XSS issues
* CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804)
* Fix various XSS issues with HTML Forms handling
* Fix handling of Daylight Saving Time changes
* Multiple fixes and extensions to plugins
* Fix multiple display, export, and input validation issues
* SNMPv3 Password field was not correctly limited
* Improved regular expression handling for searcu
* Improved support for RRDproxy
* Improved behavior on large systems
* MariaDB/MysQL: Support persistent connections and improve multiple
operations and options
* Add Theme 'Midwinter'
* Modify automation to test for data before creating graphs
* Add hooks for plugins to show customize graph source and customize
template url
* Allow CSRF security key to be refreshed at command line
* Allow remote pollers statistics to be cleared
* Allow user to be automatically logged out after admin defined period
* When replicating, ensure Cacti can detect and verify replica servers
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-755=1
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2021-755=1
Package List:
- openSUSE Leap 15.2 (x86_64):
cacti-spine-1.2.17-lp152.2.9.1
cacti-spine-debuginfo-1.2.17-lp152.2.9.1
cacti-spine-debugsource-1.2.17-lp152.2.9.1
- openSUSE Leap 15.2 (noarch):
cacti-1.2.17-lp152.2.12.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
cacti-spine-1.2.17-14.1
cacti-spine-debuginfo-1.2.17-14.1
cacti-spine-debugsource-1.2.17-14.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
cacti-1.2.17-20.1
References:
https://www.suse.com/security/cve/CVE-2020-35701.html
https://bugzilla.suse.com/1180804
1
0
openSUSE-SU-2021:0755-1: important: Security update for cacti, cacti-spine
by opensuse-security@opensuse.org 20 May '21
by opensuse-security@opensuse.org 20 May '21
20 May '21
openSUSE Security Update: Security update for cacti, cacti-spine
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0755-1
Rating: important
References: #1180804
Cross-References: CVE-2020-35701
CVSS scores:
CVE-2020-35701 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cacti, cacti-spine fixes the following issues:
cacti-spine was updated to 1.2.17:
* Avoid triggering DDos detection in firewalls on large systems
* Use mysql reconnect option properly
* Fix possible creashes in various operations
* Fix remote data collectors pushing too much data to main when performing
diagnostics
* Make spine more responsive when remote connection is down
* Fix various MySQL issues
* Make spine immune to DST changes
cacti-spine 1.2.16:
* Some developer debug log messages falsely labeled as WARNINGS
* Remove the need of the dos2unix program
* Fix Spine experiencing MySQL socket error 2002 under load
* Under heavy load MySQL/MariaDB return 2006 and 2013 errors on query
* Add backtrace output to stderr for signals
* Add Data Source turnaround time to debug output
cacti-spine 1.2.15:
* Special characters may not always be ignored properly
cacti was updated to 1.2.17:
* Fix incorrect handling of fields led to potential XSS issues
* CVE-2020-35701: Fix SQL Injection vulnerability (boo#1180804)
* Fix various XSS issues with HTML Forms handling
* Fix handling of Daylight Saving Time changes
* Multiple fixes and extensions to plugins
* Fix multiple display, export, and input validation issues
* SNMPv3 Password field was not correctly limited
* Improved regular expression handling for searcu
* Improved support for RRDproxy
* Improved behavior on large systems
* MariaDB/MysQL: Support persistent connections and improve multiple
operations and options
* Add Theme 'Midwinter'
* Modify automation to test for data before creating graphs
* Add hooks for plugins to show customize graph source and customize
template url
* Allow CSRF security key to be refreshed at command line
* Allow remote pollers statistics to be cleared
* Allow user to be automatically logged out after admin defined period
* When replicating, ensure Cacti can detect and verify replica servers
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2021-755=1
Package List:
- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):
cacti-spine-1.2.17-14.1
cacti-spine-debuginfo-1.2.17-14.1
cacti-spine-debugsource-1.2.17-14.1
- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
cacti-1.2.17-20.1
References:
https://www.suse.com/security/cve/CVE-2020-35701.html
https://bugzilla.suse.com/1180804
1
0
openSUSE-SU-2021:0753-1: critical: Security update for exim
by opensuse-security@opensuse.org 20 May '21
by opensuse-security@opensuse.org 20 May '21
20 May '21
openSUSE Security Update: Security update for exim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0753-1
Rating: critical
References: #1079832 #1136587 #1142207 #1154183 #1160726
#1171490 #1171877 #1173693 #1185631
Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944
CVE-2018-6789 CVE-2019-10149 CVE-2019-13917
CVE-2019-15846 CVE-2019-16928 CVE-2020-12783
CVE-2020-28007 CVE-2020-28008 CVE-2020-28009
CVE-2020-28010 CVE-2020-28011 CVE-2020-28012
CVE-2020-28013 CVE-2020-28014 CVE-2020-28015
CVE-2020-28016 CVE-2020-28017 CVE-2020-28018
CVE-2020-28019 CVE-2020-28020 CVE-2020-28021
CVE-2020-28022 CVE-2020-28023 CVE-2020-28024
CVE-2020-28025 CVE-2020-28026 CVE-2020-8015
CVSS scores:
CVE-2017-1000369 (NVD) : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2017-16943 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2017-16944 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-6789 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-10149 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-13917 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-15846 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-16928 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-12783 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-28007 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28009 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28010 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28012 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28013 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28014 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2020-28015 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28018 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-8015 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes 30 vulnerabilities is now available.
Description:
This update for exim fixes the following issues:
exim was updated to 4.94.2:
security update (boo#1185631)
* CVE-2020-28007: Link attack in Exim's log directory
* CVE-2020-28008: Assorted attacks in Exim's spool directory
* CVE-2020-28014: Arbitrary PID file creation
* CVE-2020-28011: Heap buffer overflow in queue_run()
* CVE-2020-28010: Heap out-of-bounds write in main()
* CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
* CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
* CVE-2020-28015: New-line injection into spool header file (local)
* CVE-2020-28012: Missing close-on-exec flag for privileged pipe
* CVE-2020-28009: Integer overflow in get_stdinput()
* CVE-2020-28017: Integer overflow in receive_add_recipient()
* CVE-2020-28020: Integer overflow in receive_msg()
* CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
* CVE-2020-28021: New-line injection into spool header file (remote)
* CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
* CVE-2020-28026: Line truncation and injection in spool_read_header()
* CVE-2020-28019: Failure to reset function pointer after BDAT error
* CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
* CVE-2020-28018: Use-after-free in tls-openssl.c
* CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
update to exim-4.94.1
* Fix security issue in BDAT state confusion. Ensure we reset known-good
where we know we need to not be reading BDAT data, as a general case
fix, and move the places where we switch to BDAT mode until after
various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys.
* Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
* Fix security issue with too many recipients on a message (to remove a
known security problem if someone does set recipients_max to unlimited,
or if local additions add to the recipient list). Fixes CVE-2020-RCPTL
reported by Qualys.
* Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in
parse_fix_phrase()
* Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
providing a particularly obnoxious sender full name.
* Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better.
- bring back missing exim_db.8 manual page (fixes boo#1173693)
- bring in changes from current +fixes (lots of taint check fixes)
* Bug 1329: Fix format of Maildir-format filenames to match other mail-
related applications. Previously an "H" was used where available info
says that "M" should be, so change to match.
* Bug 2587: Fix pam expansion condition. Tainted values are commonly
used as arguments, so an implementation trying to copy these into a
local buffer was taking a taint-enforcement trap. Fix by using
dynamically created buffers.
* Bug 2586: Fix listcount expansion operator. Using tainted arguments
is reasonable, eg. to count headers. Fix by using dynamically created
buffers rather than a local. Do similar fixes for ACL actions "dcc",
"log_reject_target", "malware" and "spam"; the arguments are expanded
so could be handling tainted values.
* Bug 2590: Fix -bi (newaliases). A previous code rearrangement had
broken the (no-op) support for this sendmail command. Restore it to
doing nothing, silently, and returning good status.
update to exim 4.94
* some transports now refuse to use tainted data in constructing their
delivery location this WILL BREAK configurations which are not updated
accordingly. In particular: any Transport use of $local_user which has
been relying upon check_local_user far away in the Router to make it
safe, should be updated to replace $local_user with $local_part_data.
* Attempting to remove, in router or transport, a header name that ends
with an asterisk (which is a standards-legal name) will now result in
all headers named starting with the string before the asterisk being
removed.
- switch pretrans to use lua (fixes boo#1171877)
- bring changes from current in +fixes branch
(patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
* fixes CVE-2020-12783 (boo#1171490)
* Regard command-line recipients as tainted.
* Bug 2489: Fix crash in the "pam" expansion condition.
* Use tainted buffers for the transport smtp context.
* Bug 2493: Harden ARC verify against Outlook, which has been seen to
mix the ordering of its ARC headers. This caused a crash.
* Bug 2492: Use tainted memory for retry record when needed. Previously
when a new record was being constructed with information from the
peer, a trap was taken.
* Bug 2494: Unset the default for dmarc_tld_file.
* Fix an uninitialised flag in early-pipelining. Previously connections
could, depending on the platform, hang at the STARTTLS response.
* Bug 2498: Reset a counter used for ARC verify before handling another
message on a connection. Previously if one message had ARC headers
and the following one did not, a crash could result when adding an
Authentication-Results: header.
* Bug 2500: Rewind some of the common-coding in string handling between
the Exim main code and Exim-related utities.
* Fix the variables set by the gsasl authenticator.
* Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
only retrieve the errormessage once.
* Bug 2501: Fix init call in the heimdal authenticator. Previously it
adjusted the size of a major service buffer; this failed because the
buffer was in use at the time. Change to a compile-time increase in
the buffer size, when this authenticator is compiled into exim.
- don't create logfiles during install
* fixes CVE-2020-8015 (boo#1154183)
- add a spec-file workaround for boo#1160726
- update to exim 4.93.0.4 (+fixes release)
* Avoid costly startup code when not strictly needed. This reduces time
for some exim process initialisations. It does mean that the logging
of TLS configuration problems is only done for the daemon startup.
* Early-pipelining support code is now included unless disabled in
Makefile.
* DKIM verification defaults no long accept sha1 hashes, to conform to
RFC 8301. They can still be enabled, using the dkim_verify_hashes main
option.
* Support CHUNKING from an smtp transport using a transport_filter, when
DKIM signing is being done. Previously a transport_filter would
always disable CHUNKING, falling back to traditional DATA.
* Regard command-line receipients as tainted.
* Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.
* Bug 2489: Fix crash in the "pam" expansion condition. It seems that
the PAM library frees one of the arguments given to it, despite the
documentation. Therefore a plain malloc must be used.
* Bug 2491: Use tainted buffers for the transport smtp context.
Previously
on-stack buffers were used, resulting in a taint trap when DSN
information copied from a received message was written into the
buffer.
* Bug 2493: Harden ARC verify against Outlook, whick has been seen to
mix the ordering of its ARC headers. This caused a crash.
* Bug 2492: Use tainted memory for retry record when needed. Previously
when a new record was being constructed with information from the
peer, a trap was taken.
* Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive
installation would get error messages from DMARC verify, when it hit
the nonexistent file indicated by the default. Distros wanting DMARC
enabled should both provide the file and set the option. Also enforce
no DMARC verification for command-line sourced messages.
* Fix an uninitialised flag in early-pipelining. Previously connections
could, depending on the platform, hang at the STARTTLS response.
* Bug 2498: Reset a counter used for ARC verify before handling another
message on a connection. Previously if one message had ARC headers
and the following one did not, a crash could result when adding an
Authentication-Results: header.
* Bug 2500: Rewind some of the common-coding in string handling between
the Exim main code and Exim-related utities. The introduction of
taint tracking also did many adjustments to string handling. Since
then, eximon frequently terminated with an assert failure.
* When PIPELINING, synch after every hundred or so RCPT commands sent
and check for 452 responses. This slightly helps the inefficieny of
doing a large alias-expansion into a recipient-limited target. The
max_rcpt transport option still applies (and at the current default,
will override the new feature). The check is done for either cause of
synch, and forces a fast-retry of all 452'd recipients using a new
MAIL FROM on the same connection. The new facility is not tunable at
this time.
* Fix the variables set by the gsasl authenticator. Previously a
pointer to library live data was being used, so the results became
garbage. Make copies while it is still usable.
* Logging: when the deliver_time selector ise set, include the DT= field
on delivery deferred (==) and failed (**) lines (if a delivery was
attemtped). Previously it was only on completion (=>) lines.
* Authentication: the gsasl driver not provides the $authN variables in
time for the expansion of the server_scram_iter and server_scram_salt
options.
spec file cleanup to make update work
- add docdir to spec
- update to exim 4.93
* SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
* DISABLE_TLS replaces SUPPORT_TLS
* Bump the version for the local_scan API.
* smtp transport option hosts_try_fastopen defaults to "*".
* DNSSec is requested (not required) for all queries. (This seemes to
ask for trouble if your resolver is a systemd-resolved.)
* Generic router option retry_use_local_part defaults to "true" under
specific pre-conditions.
* Introduce a tainting mechanism for values read from untrusted sources.
* Use longer file names for temporary spool files (this avoids name
conflicts with spool on a shared file system).
* Use dsn_from main config option (was ignored previously).
- update to exim 4.92.3
* CVE-2019-16928: fix against Heap-based buffer overflow in
string_vformat, remote code execution seems to be possible
- update to exim 4.92.2
* CVE-2019-15846: fix against remote attackers executing arbitrary code
as root via a trailing backslash
- update to exim 4.92.1
* CVE-2019-13917: Fixed an issue with ${sort} expansion which could allow
remote attackers to execute other programs with root privileges
(boo#1142207)
- spec file cleanup
* fix DANE inclusion guard condition
* re-enable i18n and remove misleading comment
* EXPERIMENTAL_SPF is now SUPPORT_SPF
* DANE is now SUPPORT_DANE
- update to exim 4.92
* ${l_header:<name>} expansion
* ${readsocket} now supports TLS
* "utf8_downconvert" option (if built with SUPPORT_I18N)
* "pipelining" log_selector
* JSON variants for ${extract } expansion
* "noutf8" debug option
* TCP Fast Open support on MacOS
* CVE-2019-10149: Fixed a Remote Command Execution (boo#1136587)
- add workaround patch for compile time error on missing printf format
annotation (gnu_printf.patch)
- update to 4.91
* DEFER rather than ERROR on redis cluster MOVED response.
* Catch and remove uninitialized value warning in exiqsumm
* Disallow '/' characters in queue names specified for the "queue=" ACL
modifier. This matches the restriction on the commandline.
* Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
* Bug 2217: Tighten up the parsing of DKIM signature headers.
* Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
* Fix issue with continued-connections when the DNS shifts unreliably.
* Bug 2214: Fix SMTP responses resulting from non-accept result of MIME
ACL.
* The "support for" informational output now, which built with Content
Scanning support, has a line for the malware scanner interfaces
compiled in. Interface can be individually included or not at build
time.
* The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
by the template makefile "src/EDITME". The "STREAM" support for an
older ClamAV interface method is removed.
* Bug 2223: Fix mysql lookup returns for the no-data case (when the
number of rows affected is given instead).
* The runtime Berkeley DB library version is now additionally output by
"exim -d -bV". Previously only the compile-time version was shown.
* Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
SMTP connection.
* Bug 2229: Fix cutthrough routing for nonstandard port numbers defined
by routers.
* Bug 2174: A timeout on connect for a callout was also erroneously seen
as a timeout on read on a GnuTLS initiating connection, resulting in
the initiating connection being dropped.
* Relax results from ACL control request to enable cutthrough, in
unsupported situations, from error to silently (except under debug)
ignoring.
* Fix Buffer overflow in base64d() (CVE-2018-6789)
* Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
metadata, resulting in a crash in free().
* Fix broken Heimdal GSSAPI authenticator integration.
* Bug 2113: Fix conversation closedown with the Avast malware scanner.
* Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
ACL.
* Speed up macro lookups during configuration file read, by skipping non-
macro text after a replacement (previously it was only once per line)
and by skipping builtin macros when searching for an uppercase lead
character.
* DANE support moved from Experimental to mainline. The Makefile control
for the build is renamed.
* Fix memory leak during multi-message connections using STARTTLS.
* Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
reported the original. Fix to report (as far as possible) the ACL
result replacing the original.
* Fix memory leak during multi-message connections using STARTTLS under
OpenSSL
* Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
* Fix utf8_downconvert propagation through a redirect router.
* Bug 2253: For logging delivery lines under PRDR, append the overall
DATA response info to the (existing) per-recipient response info for
the "C=" log element.
* Bug 2251: Fix ldap lookups that return a single attribute having zero-
length value.
* Support Avast multiline protocol, this allows passing flags to newer
versions of the scanner.
* Ensure that variables possibly set during message acceptance are
marked dead before release of memory in the daemon loop.
* Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
as a multi-recipient message from a mailinglist manager).
* The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
replaced by the ${authresults } expansion.
* Bug 2257: Fix pipe transport to not use a socket-only syscall.
* Set a handler for SIGTERM and call exit(3) if running as PID 1. This
allows proper process termination in container environments.
* Bug 2258: Fix spool_wireformat in combination with LMTP transport.
Previously the "final dot" had a newline after it; ensure it is CR,LF.
* SPF: remove support for the "spf" ACL condition outcome values
"err_temp" and "err_perm", deprecated since 4.83 when the RFC-defined
words " temperror" and "permerror" were introduced.
* Re-introduce enforcement of no cutthrough delivery on transports having
transport-filters or DKIM-signing.
* Cutthrough: for a final-dot response timeout (and nonunderstood
responses) in defer=pass mode supply a 450 to the initiator.
Previously the message would be spooled.
* DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
tls_require_ciphers is used as before.
* Malware Avast: Better match the Avast multiline protocol.
* Fix reinitialisation of DKIM logging variable between messages.
* Bug 2255: Revert the disable of the OpenSSL session caching.
* Add util/renew-opendmarc-tlds.sh script for safe renewal of public
suffix list.
* DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
since the IETF WG has not yet settled on that versus the original
"bare" representation.
* Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
Previously the millisecond value corrupted the output. Fix also for
syslog_pid=no and log_selector +pid, for which the pid corrupted the
output.
- Replace xorg-x11-devel by individual pkgconfig() buildrequires.
- update to 4.90.1
* Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
during configuration. Wildcards are allowed and expanded.
* Shorten the log line for daemon startup by collapsing adjacent sets of
identical IP addresses on different listening ports. Will also affect
"exiwhat" output.
* Tighten up the checking in isip4 (et al): dotted-quad components
larger than 255 are no longer allowed.
* Default openssl_options to include +no_ticket, to reduce load on
peers. Disable the session-cache too, which might reduce our load.
Since we currrectly use a new context for every connection, both as
server and client, there is no benefit for these.
* Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
<https://reproducible-builds.org/specs/source-date-epoch/>.
* Fix smtp transport use of limited max_rcpt under mua_wrapper.
Previously the check for any unsuccessful recipients did not notice
the limit, and erroneously found still-pending ones.
* Pipeline CHUNKING command and data together, on kernels that support
MSG_MORE. Only in-clear (not on TLS connections).
* Avoid using a temporary file during transport using dkim. Unless a
transport-filter is involved we can buffer the headers in memory for
creating the signature, and read the spool data file once for the
signature and again for transmission.
* Enable use of sendfile in Linux builds as default. It was disabled in
4.77 as the kernel support then wasn't solid, having issues in 64bit
mode. Now, it's been long enough. Add support for FreeBSD also.
* Add commandline_checks_require_admin option.
* Do pipelining under TLS.
* For the "sock" variant of the malware scanner interface, accept an
empty cmdline element to get the documented default one. Previously
it was inaccessible.
* Prevent repeated use of -p/-oMr
* DKIM: enforce the DNS pubkey record "h" permitted-hashes optional
field, if present.
* DKIM: when a message has multiple signatures matching an identity
given in dkim_verify_signers, run the dkim acl once for each.
* Support IDNA2008.
* The path option on a pipe transport is now expanded before use
* Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
- Several bug fixes
- Fix for buffer overflow in base64decode() (boo#1079832 CVE-2018-6789)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2021-753=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
exim-4.94.2-bp151.2.4.1
eximon-4.94.2-bp151.2.4.1
eximstats-html-4.94.2-bp151.2.4.1
libspf2-2-1.2.10-bp151.4.1
libspf2-2-debuginfo-1.2.10-bp151.4.1
libspf2-debuginfo-1.2.10-bp151.4.1
libspf2-debugsource-1.2.10-bp151.4.1
libspf2-devel-1.2.10-bp151.4.1
libspf2-tools-1.2.10-bp151.4.1
libspf2-tools-debuginfo-1.2.10-bp151.4.1
References:
https://www.suse.com/security/cve/CVE-2017-1000369.html
https://www.suse.com/security/cve/CVE-2017-16943.html
https://www.suse.com/security/cve/CVE-2017-16944.html
https://www.suse.com/security/cve/CVE-2018-6789.html
https://www.suse.com/security/cve/CVE-2019-10149.html
https://www.suse.com/security/cve/CVE-2019-13917.html
https://www.suse.com/security/cve/CVE-2019-15846.html
https://www.suse.com/security/cve/CVE-2019-16928.html
https://www.suse.com/security/cve/CVE-2020-12783.html
https://www.suse.com/security/cve/CVE-2020-28007.html
https://www.suse.com/security/cve/CVE-2020-28008.html
https://www.suse.com/security/cve/CVE-2020-28009.html
https://www.suse.com/security/cve/CVE-2020-28010.html
https://www.suse.com/security/cve/CVE-2020-28011.html
https://www.suse.com/security/cve/CVE-2020-28012.html
https://www.suse.com/security/cve/CVE-2020-28013.html
https://www.suse.com/security/cve/CVE-2020-28014.html
https://www.suse.com/security/cve/CVE-2020-28015.html
https://www.suse.com/security/cve/CVE-2020-28016.html
https://www.suse.com/security/cve/CVE-2020-28017.html
https://www.suse.com/security/cve/CVE-2020-28018.html
https://www.suse.com/security/cve/CVE-2020-28019.html
https://www.suse.com/security/cve/CVE-2020-28020.html
https://www.suse.com/security/cve/CVE-2020-28021.html
https://www.suse.com/security/cve/CVE-2020-28022.html
https://www.suse.com/security/cve/CVE-2020-28023.html
https://www.suse.com/security/cve/CVE-2020-28024.html
https://www.suse.com/security/cve/CVE-2020-28025.html
https://www.suse.com/security/cve/CVE-2020-28026.html
https://www.suse.com/security/cve/CVE-2020-8015.html
https://bugzilla.suse.com/1079832
https://bugzilla.suse.com/1136587
https://bugzilla.suse.com/1142207
https://bugzilla.suse.com/1154183
https://bugzilla.suse.com/1160726
https://bugzilla.suse.com/1171490
https://bugzilla.suse.com/1171877
https://bugzilla.suse.com/1173693
https://bugzilla.suse.com/1185631
1
0
openSUSE-SU-2021:0754-1: critical: Security update for exim
by opensuse-security@opensuse.org 20 May '21
by opensuse-security@opensuse.org 20 May '21
20 May '21
openSUSE Security Update: Security update for exim
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0754-1
Rating: critical
References: #1079832 #1171490 #1171877 #1173693 #1185631
Cross-References: CVE-2017-1000369 CVE-2017-16943 CVE-2017-16944
CVE-2018-6789 CVE-2019-16928 CVE-2020-12783
CVE-2020-28007 CVE-2020-28008 CVE-2020-28009
CVE-2020-28010 CVE-2020-28011 CVE-2020-28012
CVE-2020-28013 CVE-2020-28014 CVE-2020-28015
CVE-2020-28016 CVE-2020-28017 CVE-2020-28018
CVE-2020-28019 CVE-2020-28020 CVE-2020-28021
CVE-2020-28022 CVE-2020-28023 CVE-2020-28024
CVE-2020-28025 CVE-2020-28026
CVSS scores:
CVE-2017-1000369 (NVD) : 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2017-16943 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2017-16944 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-6789 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-16928 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-12783 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-28007 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28009 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28010 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28012 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28013 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28014 (NVD) : 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2020-28015 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-28018 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes 26 vulnerabilities is now available.
Description:
This update for exim fixes the following issues:
Exim was updated to exim-4.94.2
security update (boo#1185631)
* CVE-2020-28007: Link attack in Exim's log directory
* CVE-2020-28008: Assorted attacks in Exim's spool directory
* CVE-2020-28014: Arbitrary PID file creation
* CVE-2020-28011: Heap buffer overflow in queue_run()
* CVE-2020-28010: Heap out-of-bounds write in main()
* CVE-2020-28013: Heap buffer overflow in parse_fix_phrase()
* CVE-2020-28016: Heap out-of-bounds write in parse_fix_phrase()
* CVE-2020-28015: New-line injection into spool header file (local)
* CVE-2020-28012: Missing close-on-exec flag for privileged pipe
* CVE-2020-28009: Integer overflow in get_stdinput()
* CVE-2020-28017: Integer overflow in receive_add_recipient()
* CVE-2020-28020: Integer overflow in receive_msg()
* CVE-2020-28023: Out-of-bounds read in smtp_setup_msg()
* CVE-2020-28021: New-line injection into spool header file (remote)
* CVE-2020-28022: Heap out-of-bounds read and write in extract_option()
* CVE-2020-28026: Line truncation and injection in spool_read_header()
* CVE-2020-28019: Failure to reset function pointer after BDAT error
* CVE-2020-28024: Heap buffer underflow in smtp_ungetc()
* CVE-2020-28018: Use-after-free in tls-openssl.c
* CVE-2020-28025: Heap out-of-bounds read in pdkim_finish_bodyhash()
update to exim-4.94.1
* Fix security issue in BDAT state confusion. Ensure we reset known-good
where we know we need to not be reading BDAT data, as a general case
fix, and move the places where we switch to BDAT mode until after
various protocol state checks. Fixes CVE-2020-BDATA reported by Qualys.
* Fix security issue in SMTP verb option parsing (CVE-2020-EXOPT)
* Fix security issue with too many recipients on a message (to remove a
known security problem if someone does set recipients_max to unlimited,
or if local additions add to the recipient list). Fixes CVE-2020-RCPTL
reported by Qualys.
* Fix CVE-2020-28016 (PFPZA): Heap out-of-bounds write in
parse_fix_phrase()
* Fix security issue CVE-2020-PFPSN and guard against cmdline invoker
providing a particularly obnoxious sender full name.
* Fix Linux security issue CVE-2020-SLCWD and guard against PATH_MAX
better.
- bring back missing exim_db.8 manual page (fixes boo#1173693)
- bring in changes from current +fixes (lots of taint check fixes)
* Bug 1329: Fix format of Maildir-format filenames to match other mail-
related applications. Previously an "H" was used where available info
says that "M" should be, so change to match.
* Bug 2587: Fix pam expansion condition. Tainted values are commonly
used as arguments, so an implementation trying to copy these into a
local buffer was taking a taint-enforcement trap. Fix by using
dynamically created buffers.
* Bug 2586: Fix listcount expansion operator. Using tainted arguments
is reasonable, eg. to count headers. Fix by using dynamically created
buffers rather than a local. Do similar fixes for ACL actions "dcc",
"log_reject_target", "malware" and "spam"; the arguments are expanded
so could be handling tainted values.
* Bug 2590: Fix -bi (newaliases). A previous code rearrangement had
broken the (no-op) support for this sendmail command. Restore it to
doing nothing, silently, and returning good status.
- update to exim 4.94
* some transports now refuse to use tainted data in constructing their
delivery location this WILL BREAK configurations which are not updated
accordingly. In particular: any Transport use of $local_user which has
been relying upon check_local_user far away in the Router to make it
safe, should be updated to replace $local_user with $local_part_data.
* Attempting to remove, in router or transport, a header name that ends
with an asterisk (which is a standards-legal name) will now result in
all headers named starting with the string before the asterisk being
removed.
- switch pretrans to use lua (fixes boo#1171877)
- bring changes from current in +fixes branch
(patch-exim-fixes-ee83de04d3087efaf808d1f2235a988275c2ee94)
* fixes CVE-2020-12783 (boo#1171490)
* Regard command-line recipients as tainted.
* Bug 2489: Fix crash in the "pam" expansion condition.
* Use tainted buffers for the transport smtp context.
* Bug 2493: Harden ARC verify against Outlook, which has been seen to
mix the ordering of its ARC headers. This caused a crash.
* Bug 2492: Use tainted memory for retry record when needed. Previously
when a new record was being constructed with information from the
peer, a trap was taken.
* Bug 2494: Unset the default for dmarc_tld_file.
* Fix an uninitialised flag in early-pipelining. Previously connections
could, depending on the platform, hang at the STARTTLS response.
* Bug 2498: Reset a counter used for ARC verify before handling another
message on a connection. Previously if one message had ARC headers
and the following one did not, a crash could result when adding an
Authentication-Results: header.
* Bug 2500: Rewind some of the common-coding in string handling between
the Exim main code and Exim-related utities.
* Fix the variables set by the gsasl authenticator.
* Bug 2507: Modules: on handling a dynamic-module (lookups) open failure,
only retrieve the errormessage once.
* Bug 2501: Fix init call in the heimdal authenticator. Previously it
adjusted the size of a major service buffer; this failed because the
buffer was in use at the time. Change to a compile-time increase in
the buffer size, when this authenticator is compiled into exim.
- update to exim 4.93.0.4 (+fixes release)
* Avoid costly startup code when not strictly needed. This reduces time
for some exim process initialisations. It does mean that the logging
of TLS configuration problems is only done for the daemon startup.
* Early-pipelining support code is now included unless disabled in
Makefile.
* DKIM verification defaults no long accept sha1 hashes, to conform to
RFC 8301. They can still be enabled, using the dkim_verify_hashes main
option.
* Support CHUNKING from an smtp transport using a transport_filter, when
DKIM signing is being done. Previously a transport_filter would
always disable CHUNKING, falling back to traditional DATA.
* Regard command-line receipients as tainted.
* Bug 340: Remove the daemon pid file on exit, whe due to SIGTERM.
* Bug 2489: Fix crash in the "pam" expansion condition. It seems that
the PAM library frees one of the arguments given to it, despite the
documentation. Therefore a plain malloc must be used.
* Bug 2491: Use tainted buffers for the transport smtp context.
Previously
on-stack buffers were used, resulting in a taint trap when DSN
information copied from a received message was written into the
buffer.
* Bug 2493: Harden ARC verify against Outlook, whick has been seen to
mix the ordering of its ARC headers. This caused a crash.
* Bug 2492: Use tainted memory for retry record when needed. Previously
when a new record was being constructed with information from the
peer, a trap was taken.
* Bug 2494: Unset the default for dmarc_tld_file. Previously a naiive
installation would get error messages from DMARC verify, when it hit
the nonexistent file indicated by the default. Distros wanting DMARC
enabled should both provide the file and set the option. Also enforce
no DMARC verification for command-line sourced messages.
* Fix an uninitialised flag in early-pipelining. Previously connections
could, depending on the platform, hang at the STARTTLS response.
* Bug 2498: Reset a counter used for ARC verify before handling another
message on a connection. Previously if one message had ARC headers
and the following one did not, a crash could result when adding an
Authentication-Results: header.
* Bug 2500: Rewind some of the common-coding in string handling between
the Exim main code and Exim-related utities. The introduction of
taint tracking also did many adjustments to string handling. Since
then, eximon frequently terminated with an assert failure.
* When PIPELINING, synch after every hundred or so RCPT commands sent
and check for 452 responses. This slightly helps the inefficieny of
doing a large alias-expansion into a recipient-limited target. The
max_rcpt transport option still applies (and at the current default,
will override the new feature). The check is done for either cause of
synch, and forces a fast-retry of all 452'd recipients using a new
MAIL FROM on the same connection. The new facility is not tunable at
this time.
* Fix the variables set by the gsasl authenticator. Previously a
pointer to library live data was being used, so the results became
garbage. Make copies while it is still usable.
* Logging: when the deliver_time selector ise set, include the DT= field
on delivery deferred (==) and failed (**) lines (if a delivery was
attemtped). Previously it was only on completion (=>) lines.
* Authentication: the gsasl driver not provides the $authN variables in
time for the expansion of the server_scram_iter and server_scram_salt
options.
spec file cleanup to make update work
- add docdir to spec
- update to exim 4.93
* SUPPORT_DMARC replaces EXPERIMENTAL_DMARC
* DISABLE_TLS replaces SUPPORT_TLS
* Bump the version for the local_scan API.
* smtp transport option hosts_try_fastopen defaults to "*".
* DNSSec is requested (not required) for all queries. (This seemes to
ask for trouble if your resolver is a systemd-resolved.)
* Generic router option retry_use_local_part defaults to "true" under
specific pre-conditions.
* Introduce a tainting mechanism for values read from untrusted sources.
* Use longer file names for temporary spool files (this avoids name
conflicts with spool on a shared file system).
* Use dsn_from main config option (was ignored previously).
- update to exim 4.92.3
* CVE-2019-16928: fix against Heap-based buffer overflow in
string_vformat, remote code execution seems to be possible
- update to exim 4.92.2
* CVE-2019-15846: fix against remote attackers executing arbitrary code
as root via a trailing backslash
- update to exim 4.92.1
* CVE-2019-13917: Fixed an issue with ${sort} expansion which could allow
remote attackers to execute other programs with root privileges
(boo#1142207)
- spec file cleanup
* fix DANE inclusion guard condition
* re-enable i18n and remove misleading comment
* EXPERIMENTAL_SPF is now SUPPORT_SPF
* DANE is now SUPPORT_DANE
- update to exim 4.92
* ${l_header:<name>} expansion
* ${readsocket} now supports TLS
* "utf8_downconvert" option (if built with SUPPORT_I18N)
* "pipelining" log_selector
* JSON variants for ${extract } expansion
* "noutf8" debug option
* TCP Fast Open support on MacOS
* CVE-2019-10149: Fixed a Remote Command Execution (boo#1136587)
- add workaround patch for compile time error on missing printf format
annotation (gnu_printf.patch)
- update to 4.91
* DEFER rather than ERROR on redis cluster MOVED response.
* Catch and remove uninitialized value warning in exiqsumm
* Disallow '/' characters in queue names specified for the "queue=" ACL
modifier. This matches the restriction on the commandline.
* Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
* Bug 2217: Tighten up the parsing of DKIM signature headers.
* Bug 2215: Fix crash associated with dnsdb lookup done from DKIM ACL.
* Fix issue with continued-connections when the DNS shifts unreliably.
* Bug 2214: Fix SMTP responses resulting from non-accept result of MIME
ACL.
* The "support for" informational output now, which built with Content
Scanning support, has a line for the malware scanner interfaces
compiled in. Interface can be individually included or not at build
time.
* The "aveserver", "kavdaemon" and "mksd" interfaces are now not included
by the template makefile "src/EDITME". The "STREAM" support for an
older ClamAV interface method is removed.
* Bug 2223: Fix mysql lookup returns for the no-data case (when the
number of rows affected is given instead).
* The runtime Berkeley DB library version is now additionally output by
"exim -d -bV". Previously only the compile-time version was shown.
* Bug 2230: Fix cutthrough routing for nonfirst messages in an initiating
SMTP connection.
* Bug 2229: Fix cutthrough routing for nonstandard port numbers defined
by routers.
* Bug 2174: A timeout on connect for a callout was also erroneously seen
as a timeout on read on a GnuTLS initiating connection, resulting in
the initiating connection being dropped.
* Relax results from ACL control request to enable cutthrough, in
unsupported situations, from error to silently (except under debug)
ignoring.
* Fix Buffer overflow in base64d() (CVE-2018-6789)
* Fix bug in DKIM verify: a buffer overflow could corrupt the malloc
metadata, resulting in a crash in free().
* Fix broken Heimdal GSSAPI authenticator integration.
* Bug 2113: Fix conversation closedown with the Avast malware scanner.
* Bug 2239: Enforce non-usability of control=utf8_downconvert in the mail
ACL.
* Speed up macro lookups during configuration file read, by skipping non-
macro text after a replacement (previously it was only once per line)
and by skipping builtin macros when searching for an uppercase lead
character.
* DANE support moved from Experimental to mainline. The Makefile control
for the build is renamed.
* Fix memory leak during multi-message connections using STARTTLS.
* Bug 2236: When a DKIM verification result is overridden by ACL, DMARC
reported the original. Fix to report (as far as possible) the ACL
result replacing the original.
* Fix memory leak during multi-message connections using STARTTLS under
OpenSSL
* Bug 2242: Fix exim_dbmbuild to permit directoryless filenames.
* Fix utf8_downconvert propagation through a redirect router.
* Bug 2253: For logging delivery lines under PRDR, append the overall
DATA response info to the (existing) per-recipient response info for
the "C=" log element.
* Bug 2251: Fix ldap lookups that return a single attribute having zero-
length value.
* Support Avast multiline protocol, this allows passing flags to newer
versions of the scanner.
* Ensure that variables possibly set during message acceptance are
marked dead before release of memory in the daemon loop.
* Bug 2250: Fix a longstanding bug in heavily-pipelined SMTP input (such
as a multi-recipient message from a mailinglist manager).
* The (EXPERIMENTAL_DMARC) variable $dmarc_ar_header is withdrawn, being
replaced by the ${authresults } expansion.
* Bug 2257: Fix pipe transport to not use a socket-only syscall.
* Set a handler for SIGTERM and call exit(3) if running as PID 1. This
allows proper process termination in container environments.
* Bug 2258: Fix spool_wireformat in combination with LMTP transport.
Previously the "final dot" had a newline after it; ensure it is CR,LF.
* SPF: remove support for the "spf" ACL condition outcome values
"err_temp" and "err_perm", deprecated since 4.83 when the RFC-defined
words " temperror" and "permerror" were introduced.
* Re-introduce enforcement of no cutthrough delivery on transports having
transport-filters or DKIM-signing.
* Cutthrough: for a final-dot response timeout (and nonunderstood
responses) in defer=pass mode supply a 450 to the initiator.
Previously the message would be spooled.
* DANE: add dane_require_tls_ciphers SMTP Transport option; if unset,
tls_require_ciphers is used as before.
* Malware Avast: Better match the Avast multiline protocol.
* Fix reinitialisation of DKIM logging variable between messages.
* Bug 2255: Revert the disable of the OpenSSL session caching.
* Add util/renew-opendmarc-tlds.sh script for safe renewal of public
suffix list.
* DKIM: accept Ed25519 pubkeys in SubjectPublicKeyInfo-wrapped form,
since the IETF WG has not yet settled on that versus the original
"bare" representation.
* Fix syslog logging for syslog_timestamp=no and log_selector +millisec.
Previously the millisecond value corrupted the output. Fix also for
syslog_pid=no and log_selector +pid, for which the pid corrupted the
output.
- Replace xorg-x11-devel by individual pkgconfig() buildrequires.
- update to 4.90.1
* Allow PKG_CONFIG_PATH to be set in Local/Makefile and use it correctly
during configuration. Wildcards are allowed and expanded.
* Shorten the log line for daemon startup by collapsing adjacent sets of
identical IP addresses on different listening ports. Will also affect
"exiwhat" output.
* Tighten up the checking in isip4 (et al): dotted-quad components
larger than 255 are no longer allowed.
* Default openssl_options to include +no_ticket, to reduce load on
peers. Disable the session-cache too, which might reduce our load.
Since we currrectly use a new context for every connection, both as
server and client, there is no benefit for these.
* Add $SOURCE_DATE_EPOCH support for reproducible builds, per spec at
<https://reproducible-builds.org/specs/source-date-epoch/>.
* Fix smtp transport use of limited max_rcpt under mua_wrapper.
Previously the check for any unsuccessful recipients did not notice
the limit, and erroneously found still-pending ones.
* Pipeline CHUNKING command and data together, on kernels that support
MSG_MORE. Only in-clear (not on TLS connections).
* Avoid using a temporary file during transport using dkim. Unless a
transport-filter is involved we can buffer the headers in memory for
creating the signature, and read the spool data file once for the
signature and again for transmission.
* Enable use of sendfile in Linux builds as default. It was disabled in
4.77 as the kernel support then wasn't solid, having issues in 64bit
mode. Now, it's been long enough. Add support for FreeBSD also.
* Add commandline_checks_require_admin option.
* Do pipelining under TLS.
* For the "sock" variant of the malware scanner interface, accept an
empty cmdline element to get the documented default one. Previously
it was inaccessible.
* Prevent repeated use of -p/-oMr
* DKIM: enforce the DNS pubkey record "h" permitted-hashes optional
field, if present.
* DKIM: when a message has multiple signatures matching an identity
given in dkim_verify_signers, run the dkim acl once for each.
* Support IDNA2008.
* The path option on a pipe transport is now expanded before use
* Have the EHLO response advertise VRFY, if there is a vrfy ACL defined.
- Several bug fixes
- Fix for buffer overflow in base64decode() (boo#1079832 CVE-2018-6789)
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-754=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
exim-4.94.2-bp152.6.4.1
eximon-4.94.2-bp152.6.4.1
eximstats-html-4.94.2-bp152.6.4.1
libspf2-2-1.2.10-bp152.5.1
libspf2-2-debuginfo-1.2.10-bp152.5.1
libspf2-debuginfo-1.2.10-bp152.5.1
libspf2-debugsource-1.2.10-bp152.5.1
libspf2-devel-1.2.10-bp152.5.1
libspf2-tools-1.2.10-bp152.5.1
libspf2-tools-debuginfo-1.2.10-bp152.5.1
References:
https://www.suse.com/security/cve/CVE-2017-1000369.html
https://www.suse.com/security/cve/CVE-2017-16943.html
https://www.suse.com/security/cve/CVE-2017-16944.html
https://www.suse.com/security/cve/CVE-2018-6789.html
https://www.suse.com/security/cve/CVE-2019-16928.html
https://www.suse.com/security/cve/CVE-2020-12783.html
https://www.suse.com/security/cve/CVE-2020-28007.html
https://www.suse.com/security/cve/CVE-2020-28008.html
https://www.suse.com/security/cve/CVE-2020-28009.html
https://www.suse.com/security/cve/CVE-2020-28010.html
https://www.suse.com/security/cve/CVE-2020-28011.html
https://www.suse.com/security/cve/CVE-2020-28012.html
https://www.suse.com/security/cve/CVE-2020-28013.html
https://www.suse.com/security/cve/CVE-2020-28014.html
https://www.suse.com/security/cve/CVE-2020-28015.html
https://www.suse.com/security/cve/CVE-2020-28016.html
https://www.suse.com/security/cve/CVE-2020-28017.html
https://www.suse.com/security/cve/CVE-2020-28018.html
https://www.suse.com/security/cve/CVE-2020-28019.html
https://www.suse.com/security/cve/CVE-2020-28020.html
https://www.suse.com/security/cve/CVE-2020-28021.html
https://www.suse.com/security/cve/CVE-2020-28022.html
https://www.suse.com/security/cve/CVE-2020-28023.html
https://www.suse.com/security/cve/CVE-2020-28024.html
https://www.suse.com/security/cve/CVE-2020-28025.html
https://www.suse.com/security/cve/CVE-2020-28026.html
https://bugzilla.suse.com/1079832
https://bugzilla.suse.com/1171490
https://bugzilla.suse.com/1171877
https://bugzilla.suse.com/1173693
https://bugzilla.suse.com/1185631
1
0
openSUSE-SU-2021:0752-1: moderate: Security update for jhead
by opensuse-security@opensuse.org 19 May '21
by opensuse-security@opensuse.org 19 May '21
19 May '21
openSUSE Security Update: Security update for jhead
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0752-1
Rating: moderate
References: #1144316 #1144354 #1160544 #1160547
Cross-References: CVE-2016-3822 CVE-2018-16554 CVE-2018-17088
CVE-2018-6612 CVE-2019-1010301 CVE-2019-1010302
CVE-2020-6624 CVE-2020-6625 CVE-2021-3496
CVSS scores:
CVE-2016-3822 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-16554 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-17088 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-6612 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-1010301 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-1010302 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-1010302 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2021-3496 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for jhead fixes the following issues:
jhead was updated to 3.06.0.1
* lot of fuzztest fixes
* Apply a whole bunch of patches from Debian.
* Spell check and fuzz test stuff from Debian, nothing useful to human
users.
* Add option to set exif date from date from another file.
* Bug fixes relating to fuzz testing.
* Fix bug where thumbnail replacement DID NOT WORK.
* Fix bug when no orientation tag is present
* Fix bug of not clearing exif information when processing images with an
without exif data in one invocation.
* Remove some unnecessary warnings with some types of GPS data
* Remove multiple copies of the same type of section when deleting section
types
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-752=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
jhead-3.06.0.1-bp152.4.6.1
References:
https://www.suse.com/security/cve/CVE-2016-3822.html
https://www.suse.com/security/cve/CVE-2018-16554.html
https://www.suse.com/security/cve/CVE-2018-17088.html
https://www.suse.com/security/cve/CVE-2018-6612.html
https://www.suse.com/security/cve/CVE-2019-1010301.html
https://www.suse.com/security/cve/CVE-2019-1010302.html
https://www.suse.com/security/cve/CVE-2020-6624.html
https://www.suse.com/security/cve/CVE-2020-6625.html
https://www.suse.com/security/cve/CVE-2021-3496.html
https://bugzilla.suse.com/1144316
https://bugzilla.suse.com/1144354
https://bugzilla.suse.com/1160544
https://bugzilla.suse.com/1160547
1
0