openSUSE Security Announce
Threads by month
- ----- 2024 -----
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
July 2021
- 2 participants
- 144 discussions
openSUSE-SU-2021:2353-1: important: Security update for nodejs10
by opensuse-security@opensuse.org 15 Jul '21
by opensuse-security@opensuse.org 15 Jul '21
15 Jul '21
openSUSE Security Update: Security update for nodejs10
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2353-1
Rating: important
References: #1183155 #1183851 #1183852 #1184450 #1187973
#1187976 #1187977
Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362
CVE-2021-27290 CVE-2021-3449 CVE-2021-3450
CVSS scores:
CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-22918 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3449 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3450 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3450 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 6 vulnerabilities and has one errata
is now available.
Description:
This update for nodejs10 fixes the following issues:
Update nodejs10 to 10.24.1.
Including fixes for
- CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973)
- CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976)
- CVE-2021-23362: hosted-git-info Regular Expression Denial of Service
(bsc#1187977)
- CVE-2020-7774: y18n Prototype Pollution (bsc#1184450)
- CVE-2021-3450: OpenSSL - CA certificate check bypass with
X509_V_FLAG_X509_STRICT (bsc#1183851)
- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms
processing (bsc#1183852)
- reduce memory footprint of test-worker-stdio (bsc#1183155)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2353=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs10-10.24.1-1.36.1
nodejs10-debuginfo-10.24.1-1.36.1
nodejs10-debugsource-10.24.1-1.36.1
nodejs10-devel-10.24.1-1.36.1
npm10-10.24.1-1.36.1
- openSUSE Leap 15.3 (noarch):
nodejs10-docs-10.24.1-1.36.1
References:
https://www.suse.com/security/cve/CVE-2020-7774.html
https://www.suse.com/security/cve/CVE-2021-22918.html
https://www.suse.com/security/cve/CVE-2021-23362.html
https://www.suse.com/security/cve/CVE-2021-27290.html
https://www.suse.com/security/cve/CVE-2021-3449.html
https://www.suse.com/security/cve/CVE-2021-3450.html
https://bugzilla.suse.com/1183155
https://bugzilla.suse.com/1183851
https://bugzilla.suse.com/1183852
https://bugzilla.suse.com/1184450
https://bugzilla.suse.com/1187973
https://bugzilla.suse.com/1187976
https://bugzilla.suse.com/1187977
1
0
openSUSE-SU-2021:2354-1: important: Security update for nodejs14
by opensuse-security@opensuse.org 15 Jul '21
by opensuse-security@opensuse.org 15 Jul '21
15 Jul '21
openSUSE Security Update: Security update for nodejs14
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2354-1
Rating: important
References: #1184450 #1187973 #1187976 #1187977
Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362
CVE-2021-27290
CVSS scores:
CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-22918 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for nodejs14 fixes the following issues:
Update nodejs14 to 14.17.2.
Including fixes for:
- CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973)
- CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976)
- CVE-2021-23362: hosted-git-info Regular Expression Denial of Service
(bsc#1187977)
- CVE-2020-7774: y18n Prototype Pollution (bsc#1184450)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2354=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs14-14.17.2-5.12.1
nodejs14-debuginfo-14.17.2-5.12.1
nodejs14-debugsource-14.17.2-5.12.1
nodejs14-devel-14.17.2-5.12.1
npm14-14.17.2-5.12.1
- openSUSE Leap 15.3 (noarch):
nodejs14-docs-14.17.2-5.12.1
References:
https://www.suse.com/security/cve/CVE-2020-7774.html
https://www.suse.com/security/cve/CVE-2021-22918.html
https://www.suse.com/security/cve/CVE-2021-23362.html
https://www.suse.com/security/cve/CVE-2021-27290.html
https://bugzilla.suse.com/1184450
https://bugzilla.suse.com/1187973
https://bugzilla.suse.com/1187976
https://bugzilla.suse.com/1187977
1
0
openSUSE-SU-2021:2352-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 15 Jul '21
by opensuse-security@opensuse.org 15 Jul '21
15 Jul '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2352-1
Rating: important
References: #1152489 #1153274 #1154353 #1155518 #1164648
#1176447 #1176774 #1176919 #1177028 #1178134
#1182470 #1184212 #1184685 #1185486 #1185675
#1185677 #1186206 #1186666 #1186949 #1187171
#1187263 #1187356 #1187402 #1187403 #1187404
#1187407 #1187408 #1187409 #1187410 #1187411
#1187412 #1187413 #1187452 #1187554 #1187595
#1187601 #1187795 #1187867 #1187883 #1187886
#1187927 #1187972 #1187980
Cross-References: CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
CVE-2021-34693 CVE-2021-3573
CVSS scores:
CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3573 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 38 fixes is
now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
attackers to corrupt kernel heaps and adopt further exploitations.
(bsc#1186666)
- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to
leak the contents of arbitrary kernel memory (and therefore, of all
physical memory) via a side-channel. (bsc#1187554)
- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
users to obtain sensitive information from kernel stack memory because
parts of a data structure are uninitialized. (bsc#1187452)
The following non-security bugs were fixed:
- 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch:
(bsc#1187263).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- ASoC: fsl-asoc-card: Set .owner attribute when registering card
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
(git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
- ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire
mode (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- block: Discard page cache of zone reset target range (bsc#1187402).
- Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
- Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
(jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371
bsc#1153274).
- bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371
bsc#1153274).
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
(bsc#1177028).
- bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
- bpfilter: Specify the log level for the kmsg message (bsc#1155518).
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- ceph: must hold snap_rwsem when filling inode for async create
(bsc#1187927).
- cfg80211: avoid double free of PMSR request (git-fixes).
- cfg80211: make certificate generation more robust (git-fixes).
- cgroup1: do not allow '\n' in renaming (bsc#1187972).
- cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
- cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
- cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
- cxgb4: fix wrong shift (git-fixes).
- cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions
(git-fixes).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
- drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
- drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
- drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).
- drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
- drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
- dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
- ethtool: strset: fix message length calculation (bsc#1176447).
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
- ext4: fix check to prevent false positive report of incorrect used
inodes (bsc#1187404).
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
- fs: fix reporting supported extra file attributes for statx()
(bsc#1187410).
- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
- fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: hid-input: add mapping for emoji picker key (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure
(git-fixes).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
(git-fixes).
- hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
- ice: parameterize functions responsible for Tx ring management
(jsc#SLE-12878).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- kernel: kexec_file: fix error return code of
kexec_calculate_store_digests() (git-fixes).
- kthread_worker: split code for canceling the delayed work timer
(bsc#1187867).
- kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
- kyber: fix out of bounds access when preempted (bsc#1187403).
- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
- media: mtk-mdp: Check return value of of_clk_get (git-fixes).
- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
- media: s5p-g2d: Fix a memory leak in an error handling path in
'g2d_probe()' (git-fixes).
- mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11
(bsc#1176774).
- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
- module: limit enabling module.sig_enforce (git-fixes).
- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
- net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
- net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
- net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
- net/mlx5: Fix PBMC register mapping (git-fixes).
- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
- net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
- net/mlx5e: Block offload of outer header csum for UDP tunnels
(git-fixes).
- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
- net/x25: Return the correct errno code (git-fixes).
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
(git-fixes).
- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
- NFS: Fix deadlock between nfs4_evict_inode() and
nfs4_opendata_get_inode() (git-fixes).
- nvmem: rmem: fix undefined reference to memremap (git-fixes).
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
- perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1
(git-fixes).
- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
(bsc#1184685).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not
set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
bsc#1185486).
- qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
(git-fixes).
- Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
- Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413).
- Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206
ltc#191041).
- Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
(git-fixes).
- Revert "video: hgafb: fix potential NULL pointer dereference"
(git-fixes).
- Revert "video: imsttfb: fix potential NULL pointer dereferences"
(bsc#1152489)
- s390/dasd: add missing discipline function (git-fixes).
- s390/stack: fix possible register corruption with stack switch helper
(bsc#1185677).
- sched/debug: Fix cgroup_path[] serialization (git-fixes)
- sched/fair: Keep load_avg and load_sum synced (git-fixes)
- scsi: core: Fix race between handling STS_RESOURCE and completion
(bsc#1187883).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
- scsi: ufs: Fix imprecise load calculation in devfreq window
(bsc#1187795).
- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
- spi: spi-nxp-fspi: move the register operation after the clock enable
(git-fixes).
- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- spi: stm32-qspi: Always wait BUSY bit to be cleared in
stm32_qspi_wait_cmd() (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- tracing: Correct the length check which causes memory corruption
(git-fixes).
- tracing: Do no increment trace_clock_global() by one (git-fixes).
- tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
- tracing: Do not stop recording comms if the trace file is being read
(git-fixes).
- tracing: Restructure trace_clock_global() to never block (git-fixes).
- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
- USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
- USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
- USB: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
- USB: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
- USB: fix various gadget panics on 10gbps cabling (git-fixes).
- USB: fix various gadget panics on 10gbps cabling (git-fixes).
- USB: gadget: eem: fix wrong eem header operation (git-fixes).
- USB: gadget: eem: fix wrong eem header operation (git-fixes).
- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- video: hgafb: correctly handle card detect failure during probe
(git-fixes).
- video: hgafb: fix potential NULL pointer dereference (git-fixes).
- vrf: fix maximum MTU (git-fixes).
- x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
- x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate()
(bsc#1178134).
- x86/pkru: Write hardware init value to PKRU when xstate is init
(bsc#1152489).
- x86/process: Check PF_KTHREAD and not current->mm for kernel threads
(bsc#1152489).
- xen-blkback: fix compatibility bug with single page rings (git-fixes).
- xen-pciback: reconfigure also from backend watch handler (git-fixes).
- xen-pciback: redo VF placement in the virtual topology (git-fixes).
- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
- xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype (bsc#1185675).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2352=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-59.13.1
cluster-md-kmp-default-debuginfo-5.3.18-59.13.1
dlm-kmp-default-5.3.18-59.13.1
dlm-kmp-default-debuginfo-5.3.18-59.13.1
gfs2-kmp-default-5.3.18-59.13.1
gfs2-kmp-default-debuginfo-5.3.18-59.13.1
kernel-default-5.3.18-59.13.1
kernel-default-base-5.3.18-59.13.1.18.6.1
kernel-default-base-rebuild-5.3.18-59.13.1.18.6.1
kernel-default-debuginfo-5.3.18-59.13.1
kernel-default-debugsource-5.3.18-59.13.1
kernel-default-devel-5.3.18-59.13.1
kernel-default-devel-debuginfo-5.3.18-59.13.1
kernel-default-extra-5.3.18-59.13.1
kernel-default-extra-debuginfo-5.3.18-59.13.1
kernel-default-livepatch-5.3.18-59.13.1
kernel-default-livepatch-devel-5.3.18-59.13.1
kernel-default-optional-5.3.18-59.13.1
kernel-default-optional-debuginfo-5.3.18-59.13.1
kernel-obs-build-5.3.18-59.13.1
kernel-obs-build-debugsource-5.3.18-59.13.1
kernel-obs-qa-5.3.18-59.13.1
kernel-syms-5.3.18-59.13.1
kselftests-kmp-default-5.3.18-59.13.1
kselftests-kmp-default-debuginfo-5.3.18-59.13.1
ocfs2-kmp-default-5.3.18-59.13.1
ocfs2-kmp-default-debuginfo-5.3.18-59.13.1
reiserfs-kmp-default-5.3.18-59.13.1
reiserfs-kmp-default-debuginfo-5.3.18-59.13.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-59.13.1
kernel-debug-debuginfo-5.3.18-59.13.1
kernel-debug-debugsource-5.3.18-59.13.1
kernel-debug-devel-5.3.18-59.13.1
kernel-debug-devel-debuginfo-5.3.18-59.13.1
kernel-debug-livepatch-devel-5.3.18-59.13.1
kernel-kvmsmall-5.3.18-59.13.1
kernel-kvmsmall-debuginfo-5.3.18-59.13.1
kernel-kvmsmall-debugsource-5.3.18-59.13.1
kernel-kvmsmall-devel-5.3.18-59.13.1
kernel-kvmsmall-devel-debuginfo-5.3.18-59.13.1
kernel-kvmsmall-livepatch-devel-5.3.18-59.13.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-59.13.1
cluster-md-kmp-preempt-debuginfo-5.3.18-59.13.1
dlm-kmp-preempt-5.3.18-59.13.1
dlm-kmp-preempt-debuginfo-5.3.18-59.13.1
gfs2-kmp-preempt-5.3.18-59.13.1
gfs2-kmp-preempt-debuginfo-5.3.18-59.13.1
kernel-preempt-5.3.18-59.13.1
kernel-preempt-debuginfo-5.3.18-59.13.1
kernel-preempt-debugsource-5.3.18-59.13.1
kernel-preempt-devel-5.3.18-59.13.1
kernel-preempt-devel-debuginfo-5.3.18-59.13.1
kernel-preempt-extra-5.3.18-59.13.1
kernel-preempt-extra-debuginfo-5.3.18-59.13.1
kernel-preempt-livepatch-devel-5.3.18-59.13.1
kernel-preempt-optional-5.3.18-59.13.1
kernel-preempt-optional-debuginfo-5.3.18-59.13.1
kselftests-kmp-preempt-5.3.18-59.13.1
kselftests-kmp-preempt-debuginfo-5.3.18-59.13.1
ocfs2-kmp-preempt-5.3.18-59.13.1
ocfs2-kmp-preempt-debuginfo-5.3.18-59.13.1
reiserfs-kmp-preempt-5.3.18-59.13.1
reiserfs-kmp-preempt-debuginfo-5.3.18-59.13.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-59.13.1
cluster-md-kmp-64kb-debuginfo-5.3.18-59.13.1
dlm-kmp-64kb-5.3.18-59.13.1
dlm-kmp-64kb-debuginfo-5.3.18-59.13.1
gfs2-kmp-64kb-5.3.18-59.13.1
gfs2-kmp-64kb-debuginfo-5.3.18-59.13.1
kernel-64kb-5.3.18-59.13.1
kernel-64kb-debuginfo-5.3.18-59.13.1
kernel-64kb-debugsource-5.3.18-59.13.1
kernel-64kb-devel-5.3.18-59.13.1
kernel-64kb-devel-debuginfo-5.3.18-59.13.1
kernel-64kb-extra-5.3.18-59.13.1
kernel-64kb-extra-debuginfo-5.3.18-59.13.1
kernel-64kb-livepatch-devel-5.3.18-59.13.1
kernel-64kb-optional-5.3.18-59.13.1
kernel-64kb-optional-debuginfo-5.3.18-59.13.1
kselftests-kmp-64kb-5.3.18-59.13.1
kselftests-kmp-64kb-debuginfo-5.3.18-59.13.1
ocfs2-kmp-64kb-5.3.18-59.13.1
ocfs2-kmp-64kb-debuginfo-5.3.18-59.13.1
reiserfs-kmp-64kb-5.3.18-59.13.1
reiserfs-kmp-64kb-debuginfo-5.3.18-59.13.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-59.13.1
kernel-docs-5.3.18-59.13.1
kernel-docs-html-5.3.18-59.13.1
kernel-macros-5.3.18-59.13.1
kernel-source-5.3.18-59.13.1
kernel-source-vanilla-5.3.18-59.13.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-59.13.1
kernel-zfcpdump-debuginfo-5.3.18-59.13.1
kernel-zfcpdump-debugsource-5.3.18-59.13.1
References:
https://www.suse.com/security/cve/CVE-2021-0512.html
https://www.suse.com/security/cve/CVE-2021-0605.html
https://www.suse.com/security/cve/CVE-2021-33624.html
https://www.suse.com/security/cve/CVE-2021-34693.html
https://www.suse.com/security/cve/CVE-2021-3573.html
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1155518
https://bugzilla.suse.com/1164648
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176774
https://bugzilla.suse.com/1176919
https://bugzilla.suse.com/1177028
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1182470
https://bugzilla.suse.com/1184212
https://bugzilla.suse.com/1184685
https://bugzilla.suse.com/1185486
https://bugzilla.suse.com/1185675
https://bugzilla.suse.com/1185677
https://bugzilla.suse.com/1186206
https://bugzilla.suse.com/1186666
https://bugzilla.suse.com/1186949
https://bugzilla.suse.com/1187171
https://bugzilla.suse.com/1187263
https://bugzilla.suse.com/1187356
https://bugzilla.suse.com/1187402
https://bugzilla.suse.com/1187403
https://bugzilla.suse.com/1187404
https://bugzilla.suse.com/1187407
https://bugzilla.suse.com/1187408
https://bugzilla.suse.com/1187409
https://bugzilla.suse.com/1187410
https://bugzilla.suse.com/1187411
https://bugzilla.suse.com/1187412
https://bugzilla.suse.com/1187413
https://bugzilla.suse.com/1187452
https://bugzilla.suse.com/1187554
https://bugzilla.suse.com/1187595
https://bugzilla.suse.com/1187601
https://bugzilla.suse.com/1187795
https://bugzilla.suse.com/1187867
https://bugzilla.suse.com/1187883
https://bugzilla.suse.com/1187886
https://bugzilla.suse.com/1187927
https://bugzilla.suse.com/1187972
https://bugzilla.suse.com/1187980
1
0
openSUSE-SU-2021:2327-1: important: Security update for nodejs12
by opensuse-security@opensuse.org 14 Jul '21
by opensuse-security@opensuse.org 14 Jul '21
14 Jul '21
openSUSE Security Update: Security update for nodejs12
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2327-1
Rating: important
References: #1183851 #1183852 #1184450 #1187973 #1187976
#1187977
Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362
CVE-2021-27290 CVE-2021-3449 CVE-2021-3450
CVSS scores:
CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3449 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3450 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3450 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for nodejs12 fixes the following issues:
- update to 12.22.2:
- CVE-2021-22918: Out of bounds read (bsc#1187973)
- CVE-2021-23362: ssri Regular Expression Denial of Service and
hosted-git-info (bsc#1187977)
- CVE-2021-27290: Regular Expression Denial of Service (bsc#1187976)
- CVE-2021-3450: OpenSSL - CA certificate check bypass with
X509_V_FLAG_X509_STRICT (bsc#1183851)
- CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms
processing (bsc#1183852)
- CVE-2020-7774: npm - Update y18n to fix Prototype-Pollution (bsc#1184450)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2327=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs12-12.22.2-4.16.1
nodejs12-debuginfo-12.22.2-4.16.1
nodejs12-debugsource-12.22.2-4.16.1
nodejs12-devel-12.22.2-4.16.1
npm12-12.22.2-4.16.1
- openSUSE Leap 15.3 (noarch):
nodejs12-docs-12.22.2-4.16.1
References:
https://www.suse.com/security/cve/CVE-2020-7774.html
https://www.suse.com/security/cve/CVE-2021-22918.html
https://www.suse.com/security/cve/CVE-2021-23362.html
https://www.suse.com/security/cve/CVE-2021-27290.html
https://www.suse.com/security/cve/CVE-2021-3449.html
https://www.suse.com/security/cve/CVE-2021-3450.html
https://bugzilla.suse.com/1183851
https://bugzilla.suse.com/1183852
https://bugzilla.suse.com/1184450
https://bugzilla.suse.com/1187973
https://bugzilla.suse.com/1187976
https://bugzilla.suse.com/1187977
1
0
openSUSE-SU-2021:2320-1: important: Security update for sqlite3
by opensuse-security@opensuse.org 14 Jul '21
by opensuse-security@opensuse.org 14 Jul '21
14 Jul '21
openSUSE Security Update: Security update for sqlite3
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2320-1
Rating: important
References: #1157818 #1158812 #1158958 #1158959 #1158960
#1159491 #1159715 #1159847 #1159850 #1160309
#1160438 #1160439 #1164719 #1172091 #1172115
#1172234 #1172236 #1172240 #1173641 #928700
#928701 SLE-16032
Cross-References: CVE-2015-3414 CVE-2015-3415 CVE-2019-19244
CVE-2019-19317 CVE-2019-19603 CVE-2019-19645
CVE-2019-19646 CVE-2019-19880 CVE-2019-19923
CVE-2019-19924 CVE-2019-19925 CVE-2019-19926
CVE-2019-19959 CVE-2019-20218 CVE-2020-13434
CVE-2020-13435 CVE-2020-13630 CVE-2020-13631
CVE-2020-13632 CVE-2020-15358 CVE-2020-9327
CVSS scores:
CVE-2019-19244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19244 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19317 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-19317 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2019-19603 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19603 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19645 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19645 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19646 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-19646 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2019-19880 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19923 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19923 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2019-19924 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2019-19924 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2019-19925 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19925 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-19926 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19926 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19959 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2019-19959 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2019-20218 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-20218 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-13434 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-13434 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-13435 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-13435 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
CVE-2020-13630 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-13630 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVE-2020-13631 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2020-13631 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE-2020-13632 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-13632 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2020-15358 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-15358 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2020-9327 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-9327 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 21 vulnerabilities, contains one
feature is now available.
Description:
This update for sqlite3 fixes the following issues:
- Update to version 3.36.0
- CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to
mishandling of query-flattener
optimization (bsc#1173641)
- CVE-2020-9327: NULL pointer dereference and segmentation fault because
of generated column optimizations in isAuxiliaryVtabOperator
(bsc#1164719)
- CVE-2019-20218: selectExpander in select.c proceeds with WITH stack
unwinding even after a parsing error (bsc#1160439)
- CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving
embedded '\0' input (bsc#1160438)
- CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT
in flattenSubquery may lead to null pointer dereference (bsc#1160309)
- CVE-2019-19924: improper error handling in sqlite3WindowRewrite()
(bsc#1159850)
- CVE-2019-19925: improper handling of NULL pathname during an update of a
ZIP archive (bsc#1159847)
- CVE-2019-19926: improper handling of certain errors during parsing
multiSelect in select.c (bsc#1159715)
- CVE-2019-19880: exprListAppendList in window.c allows attackers to
trigger an invalid pointer dereference (bsc#1159491)
- CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW
statements, does not consider confusion with a shadow table name
(bsc#1158960)
- CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check
PRAGMA command in certain cases of generated columns (bsc#1158959)
- CVE-2019-19645: alter.c allows attackers to trigger infinite recursion
via certain types of self-referential views in conjunction with ALTER
TABLE statements (bsc#1158958)
- CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed
bitmask in the case of a generated column, which allows attackers to
cause a denial of service (bsc#1158812)
- CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in
select.c allows a crash if a sub-select uses both DISTINCT and window
functions, and also has certain ORDER BY usage (bsc#1157818)
- CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability
(bsc#928701)
- CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names
(bsc#928700)
- CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115)
- CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow
- CVE-2020-13631: virtual table allowed to be renamed to one of its shadow
tables (bsc#1172236)
- CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query
(bsc#1172240)
- CVE-2020-13435: Malicious SQL statements could have crashed the process
that is running SQLite (bsc#1172091)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2320=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.36.0-3.12.1
libsqlite3-0-debuginfo-3.36.0-3.12.1
sqlite3-3.36.0-3.12.1
sqlite3-debuginfo-3.36.0-3.12.1
sqlite3-debugsource-3.36.0-3.12.1
sqlite3-devel-3.36.0-3.12.1
- openSUSE Leap 15.3 (noarch):
sqlite3-doc-3.36.0-3.12.1
- openSUSE Leap 15.3 (x86_64):
libsqlite3-0-32bit-3.36.0-3.12.1
libsqlite3-0-32bit-debuginfo-3.36.0-3.12.1
References:
https://www.suse.com/security/cve/CVE-2015-3414.html
https://www.suse.com/security/cve/CVE-2015-3415.html
https://www.suse.com/security/cve/CVE-2019-19244.html
https://www.suse.com/security/cve/CVE-2019-19317.html
https://www.suse.com/security/cve/CVE-2019-19603.html
https://www.suse.com/security/cve/CVE-2019-19645.html
https://www.suse.com/security/cve/CVE-2019-19646.html
https://www.suse.com/security/cve/CVE-2019-19880.html
https://www.suse.com/security/cve/CVE-2019-19923.html
https://www.suse.com/security/cve/CVE-2019-19924.html
https://www.suse.com/security/cve/CVE-2019-19925.html
https://www.suse.com/security/cve/CVE-2019-19926.html
https://www.suse.com/security/cve/CVE-2019-19959.html
https://www.suse.com/security/cve/CVE-2019-20218.html
https://www.suse.com/security/cve/CVE-2020-13434.html
https://www.suse.com/security/cve/CVE-2020-13435.html
https://www.suse.com/security/cve/CVE-2020-13630.html
https://www.suse.com/security/cve/CVE-2020-13631.html
https://www.suse.com/security/cve/CVE-2020-13632.html
https://www.suse.com/security/cve/CVE-2020-15358.html
https://www.suse.com/security/cve/CVE-2020-9327.html
https://bugzilla.suse.com/1157818
https://bugzilla.suse.com/1158812
https://bugzilla.suse.com/1158958
https://bugzilla.suse.com/1158959
https://bugzilla.suse.com/1158960
https://bugzilla.suse.com/1159491
https://bugzilla.suse.com/1159715
https://bugzilla.suse.com/1159847
https://bugzilla.suse.com/1159850
https://bugzilla.suse.com/1160309
https://bugzilla.suse.com/1160438
https://bugzilla.suse.com/1160439
https://bugzilla.suse.com/1164719
https://bugzilla.suse.com/1172091
https://bugzilla.suse.com/1172115
https://bugzilla.suse.com/1172234
https://bugzilla.suse.com/1172236
https://bugzilla.suse.com/1172240
https://bugzilla.suse.com/1173641
https://bugzilla.suse.com/928700
https://bugzilla.suse.com/928701
1
0
openSUSE-SU-2021:2322-1: important: Security update for ffmpeg
by opensuse-security@opensuse.org 14 Jul '21
by opensuse-security@opensuse.org 14 Jul '21
14 Jul '21
openSUSE Security Update: Security update for ffmpeg
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2322-1
Rating: important
References: #1172640 #1186406 #1186583 #1186586 #1186587
#1186596 #1186597 #1186598 #1186600 #1186603
#1186604 #1186605 #1186613 #1186614 #1186615
#1186616 #1186658 #1186660 #1186757 #1186758
#1186762 #1186763
Cross-References: CVE-2019-17539 CVE-2020-13904 CVE-2020-20448
CVE-2020-20451 CVE-2020-21041 CVE-2020-22015
CVE-2020-22016 CVE-2020-22017 CVE-2020-22019
CVE-2020-22020 CVE-2020-22021 CVE-2020-22022
CVE-2020-22023 CVE-2020-22025 CVE-2020-22026
CVE-2020-22031 CVE-2020-22032 CVE-2020-22033
CVE-2020-22034 CVE-2020-22038 CVE-2020-22039
CVE-2020-22043 CVE-2020-22044
CVSS scores:
CVE-2019-17539 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-17539 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2020-13904 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-13904 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2020-20448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-20451 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-20451 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21041 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22015 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22015 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22016 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22016 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2020-22017 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22017 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22019 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22020 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22020 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22021 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22021 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22022 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22022 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22023 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22023 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22025 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22025 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22026 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22026 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22031 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22032 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22033 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22033 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22034 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-22034 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22038 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22039 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22043 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-22044 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes 23 vulnerabilities is now available.
Description:
This update for ffmpeg fixes the following issues:
- CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an
m3u8 file (bsc#1172640).
- CVE-2020-21041: Fixed buffer overflow vulnerability via
apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406).
- CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in
libavcodec/utils.c (bsc# 1154065).
- CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at
libavfilter/af_tremolo.c (bsc#1186583).
- CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges
function in libavfilter/vf_yadif.c (bsc#1186586).
- CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map()
in libavfilter/vf_fieldmatch.c (bsc#1186587).
- CVE-2020-22015: Fixed buffer overflow vulnerability in
mov_write_video_tag() due to the out of bounds in libavformat/movenc.c
(bsc#1186596).
- CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at
libavcodec/get_bits.h when writing .mov files (bsc#1186598).
- CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in
ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600).
- CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in
filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603).
- CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in
filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604)
- CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in
gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605).
- CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at
libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613).
- CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at
libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614).
- CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at
libavfilter/vf_floodfill.c (bsc#1186616).
- CVE-2020-20451: Fixed denial of service issue due to resource management
errors via fftools/cmdutils.c (bsc#1186658).
- CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c
(bsc#1186660).
- CVE-2020-22038: Fixed denial of service vulnerability due to a memory
leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c
(bsc#1186757).
- CVE-2020-22039: Fixed denial of service vulnerability due to a memory
leak in the inavi_add_ientry function (bsc#1186758).
- CVE-2020-22043: Fixed denial of service vulnerability due to a memory
leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762).
- CVE-2020-22044: Fixed denial of service vulnerability due to a memory
leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c
(bsc#1186763).
- CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow
Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and
in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615,
bsc#1186597).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2322=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ffmpeg-3.4.2-11.3.1
ffmpeg-debuginfo-3.4.2-11.3.1
ffmpeg-debugsource-3.4.2-11.3.1
ffmpeg-private-devel-3.4.2-11.3.1
libavcodec-devel-3.4.2-11.3.1
libavcodec57-3.4.2-11.3.1
libavcodec57-debuginfo-3.4.2-11.3.1
libavdevice-devel-3.4.2-11.3.1
libavdevice57-3.4.2-11.3.1
libavdevice57-debuginfo-3.4.2-11.3.1
libavfilter-devel-3.4.2-11.3.1
libavfilter6-3.4.2-11.3.1
libavfilter6-debuginfo-3.4.2-11.3.1
libavformat-devel-3.4.2-11.3.1
libavformat57-3.4.2-11.3.1
libavformat57-debuginfo-3.4.2-11.3.1
libavresample-devel-3.4.2-11.3.1
libavresample3-3.4.2-11.3.1
libavresample3-debuginfo-3.4.2-11.3.1
libavutil-devel-3.4.2-11.3.1
libavutil55-3.4.2-11.3.1
libavutil55-debuginfo-3.4.2-11.3.1
libpostproc-devel-3.4.2-11.3.1
libpostproc54-3.4.2-11.3.1
libpostproc54-debuginfo-3.4.2-11.3.1
libswresample-devel-3.4.2-11.3.1
libswresample2-3.4.2-11.3.1
libswresample2-debuginfo-3.4.2-11.3.1
libswscale-devel-3.4.2-11.3.1
libswscale4-3.4.2-11.3.1
libswscale4-debuginfo-3.4.2-11.3.1
- openSUSE Leap 15.3 (x86_64):
libavcodec57-32bit-3.4.2-11.3.1
libavcodec57-32bit-debuginfo-3.4.2-11.3.1
libavdevice57-32bit-3.4.2-11.3.1
libavdevice57-32bit-debuginfo-3.4.2-11.3.1
libavfilter6-32bit-3.4.2-11.3.1
libavfilter6-32bit-debuginfo-3.4.2-11.3.1
libavformat57-32bit-3.4.2-11.3.1
libavformat57-32bit-debuginfo-3.4.2-11.3.1
libavresample3-32bit-3.4.2-11.3.1
libavresample3-32bit-debuginfo-3.4.2-11.3.1
libavutil55-32bit-3.4.2-11.3.1
libavutil55-32bit-debuginfo-3.4.2-11.3.1
libpostproc54-32bit-3.4.2-11.3.1
libpostproc54-32bit-debuginfo-3.4.2-11.3.1
libswresample2-32bit-3.4.2-11.3.1
libswresample2-32bit-debuginfo-3.4.2-11.3.1
libswscale4-32bit-3.4.2-11.3.1
libswscale4-32bit-debuginfo-3.4.2-11.3.1
References:
https://www.suse.com/security/cve/CVE-2019-17539.html
https://www.suse.com/security/cve/CVE-2020-13904.html
https://www.suse.com/security/cve/CVE-2020-20448.html
https://www.suse.com/security/cve/CVE-2020-20451.html
https://www.suse.com/security/cve/CVE-2020-21041.html
https://www.suse.com/security/cve/CVE-2020-22015.html
https://www.suse.com/security/cve/CVE-2020-22016.html
https://www.suse.com/security/cve/CVE-2020-22017.html
https://www.suse.com/security/cve/CVE-2020-22019.html
https://www.suse.com/security/cve/CVE-2020-22020.html
https://www.suse.com/security/cve/CVE-2020-22021.html
https://www.suse.com/security/cve/CVE-2020-22022.html
https://www.suse.com/security/cve/CVE-2020-22023.html
https://www.suse.com/security/cve/CVE-2020-22025.html
https://www.suse.com/security/cve/CVE-2020-22026.html
https://www.suse.com/security/cve/CVE-2020-22031.html
https://www.suse.com/security/cve/CVE-2020-22032.html
https://www.suse.com/security/cve/CVE-2020-22033.html
https://www.suse.com/security/cve/CVE-2020-22034.html
https://www.suse.com/security/cve/CVE-2020-22038.html
https://www.suse.com/security/cve/CVE-2020-22039.html
https://www.suse.com/security/cve/CVE-2020-22043.html
https://www.suse.com/security/cve/CVE-2020-22044.html
https://bugzilla.suse.com/1172640
https://bugzilla.suse.com/1186406
https://bugzilla.suse.com/1186583
https://bugzilla.suse.com/1186586
https://bugzilla.suse.com/1186587
https://bugzilla.suse.com/1186596
https://bugzilla.suse.com/1186597
https://bugzilla.suse.com/1186598
https://bugzilla.suse.com/1186600
https://bugzilla.suse.com/1186603
https://bugzilla.suse.com/1186604
https://bugzilla.suse.com/1186605
https://bugzilla.suse.com/1186613
https://bugzilla.suse.com/1186614
https://bugzilla.suse.com/1186615
https://bugzilla.suse.com/1186616
https://bugzilla.suse.com/1186658
https://bugzilla.suse.com/1186660
https://bugzilla.suse.com/1186757
https://bugzilla.suse.com/1186758
https://bugzilla.suse.com/1186762
https://bugzilla.suse.com/1186763
1
0
openSUSE-SU-2021:1043-1: moderate: Security update for qemu
by opensuse-security@opensuse.org 14 Jul '21
by opensuse-security@opensuse.org 14 Jul '21
14 Jul '21
openSUSE Security Update: Security update for qemu
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1043-1
Rating: moderate
References: #1149813 #1163019 #1172380 #1175534 #1176681
#1178683 #1178935 #1179477 #1179484 #1182846
#1182975 #1183979 #1184574 #1185591 #1185981
#1185990 #1186010 #1186290 #1187013 SLE-17785
Cross-References: CVE-2019-15890 CVE-2020-10756 CVE-2020-14364
CVE-2020-25085 CVE-2020-25707 CVE-2020-25723
CVE-2020-29129 CVE-2020-29130 CVE-2020-8608
CVE-2021-20257 CVE-2021-3419 CVE-2021-3544
CVE-2021-3545 CVE-2021-3546
CVSS scores:
CVE-2019-15890 (SUSE): 5.8 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2020-10756 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-10756 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-14364 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2020-14364 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2020-25085 (NVD) : 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2020-25085 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
CVE-2020-25707 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
CVE-2020-25723 (NVD) : 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CVE-2020-25723 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CVE-2020-29129 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29129 (SUSE): 2.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2020-8608 (NVD) : 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2020-8608 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H
CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L
CVE-2021-3419 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3544 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2021-3544 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3545 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-3545 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
CVE-2021-3546 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-3546 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 14 vulnerabilities, contains one
feature and has 5 fixes is now available.
Description:
This update for qemu fixes the following issues:
Security issues fixed:
- CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset
(bsc#1185981)
- CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU
device (bsc#1186010)
- CVE-2021-3545: Fix information disclosure due to uninitialized memory
read (bsc#1185990)
- CVE-2020-25085: Fix out-of-bounds access issue while doing multi block
SDMA (bsc#1176681)
- CVE-2020-10756: Fix out-of-bounds read information disclosure in
icmp6_send_echoreply(bsc#1172380)
- For the record, these issues are fixed in this package already. Most are
alternate references to previously mentioned issues: (CVE-2019-15890,
bsc#1149813, CVE-2020-8608, bsc#1163019, CVE-2020-14364, bsc#1175534,
CVE-2020-25707, bsc#1178683, CVE-2020-25723, bsc#1178935,
CVE-2020-29130, bsc#1179477, CVE-2020-29129, bsc#1179484,
CVE-2021-20257, bsc#1182846, CVE-2021-3419, bsc#1182975)
Non-security issues fixed:
- Fix issue where s390 guest fails to find zipl boot menu index
(bsc#1183979)
- QEMU BIOS fails to read stage2 loader on s390x (bsc#1186290)
- Host CPU microcode revision will be visible inside VMs when the proper
CPU-model is used (jsc#SLE-17785):
- Fix testsuite error (bsc#1184574)
- Fix qemu crash with iothread when block commit after snapshot
(bsc#1187013)
- Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591)
- Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1043=1
Package List:
- openSUSE Leap 15.2 (x86_64):
qemu-4.2.1-lp152.9.16.2
qemu-arm-4.2.1-lp152.9.16.2
qemu-arm-debuginfo-4.2.1-lp152.9.16.2
qemu-audio-alsa-4.2.1-lp152.9.16.2
qemu-audio-alsa-debuginfo-4.2.1-lp152.9.16.2
qemu-audio-pa-4.2.1-lp152.9.16.2
qemu-audio-pa-debuginfo-4.2.1-lp152.9.16.2
qemu-audio-sdl-4.2.1-lp152.9.16.2
qemu-audio-sdl-debuginfo-4.2.1-lp152.9.16.2
qemu-block-curl-4.2.1-lp152.9.16.2
qemu-block-curl-debuginfo-4.2.1-lp152.9.16.2
qemu-block-dmg-4.2.1-lp152.9.16.2
qemu-block-dmg-debuginfo-4.2.1-lp152.9.16.2
qemu-block-gluster-4.2.1-lp152.9.16.2
qemu-block-gluster-debuginfo-4.2.1-lp152.9.16.2
qemu-block-iscsi-4.2.1-lp152.9.16.2
qemu-block-iscsi-debuginfo-4.2.1-lp152.9.16.2
qemu-block-nfs-4.2.1-lp152.9.16.2
qemu-block-nfs-debuginfo-4.2.1-lp152.9.16.2
qemu-block-rbd-4.2.1-lp152.9.16.2
qemu-block-rbd-debuginfo-4.2.1-lp152.9.16.2
qemu-block-ssh-4.2.1-lp152.9.16.2
qemu-block-ssh-debuginfo-4.2.1-lp152.9.16.2
qemu-debuginfo-4.2.1-lp152.9.16.2
qemu-debugsource-4.2.1-lp152.9.16.2
qemu-extra-4.2.1-lp152.9.16.2
qemu-extra-debuginfo-4.2.1-lp152.9.16.2
qemu-guest-agent-4.2.1-lp152.9.16.2
qemu-guest-agent-debuginfo-4.2.1-lp152.9.16.2
qemu-ksm-4.2.1-lp152.9.16.2
qemu-kvm-4.2.1-lp152.9.16.2
qemu-lang-4.2.1-lp152.9.16.2
qemu-linux-user-4.2.1-lp152.9.16.1
qemu-linux-user-debuginfo-4.2.1-lp152.9.16.1
qemu-linux-user-debugsource-4.2.1-lp152.9.16.1
qemu-ppc-4.2.1-lp152.9.16.2
qemu-ppc-debuginfo-4.2.1-lp152.9.16.2
qemu-s390-4.2.1-lp152.9.16.2
qemu-s390-debuginfo-4.2.1-lp152.9.16.2
qemu-testsuite-4.2.1-lp152.9.16.7
qemu-tools-4.2.1-lp152.9.16.2
qemu-tools-debuginfo-4.2.1-lp152.9.16.2
qemu-ui-curses-4.2.1-lp152.9.16.2
qemu-ui-curses-debuginfo-4.2.1-lp152.9.16.2
qemu-ui-gtk-4.2.1-lp152.9.16.2
qemu-ui-gtk-debuginfo-4.2.1-lp152.9.16.2
qemu-ui-sdl-4.2.1-lp152.9.16.2
qemu-ui-sdl-debuginfo-4.2.1-lp152.9.16.2
qemu-ui-spice-app-4.2.1-lp152.9.16.2
qemu-ui-spice-app-debuginfo-4.2.1-lp152.9.16.2
qemu-vhost-user-gpu-4.2.1-lp152.9.16.2
qemu-vhost-user-gpu-debuginfo-4.2.1-lp152.9.16.2
qemu-x86-4.2.1-lp152.9.16.2
qemu-x86-debuginfo-4.2.1-lp152.9.16.2
- openSUSE Leap 15.2 (noarch):
qemu-ipxe-1.0.0+-lp152.9.16.2
qemu-microvm-4.2.1-lp152.9.16.2
qemu-seabios-1.12.1+-lp152.9.16.2
qemu-sgabios-8-lp152.9.16.2
qemu-vgabios-1.12.1+-lp152.9.16.2
References:
https://www.suse.com/security/cve/CVE-2019-15890.html
https://www.suse.com/security/cve/CVE-2020-10756.html
https://www.suse.com/security/cve/CVE-2020-14364.html
https://www.suse.com/security/cve/CVE-2020-25085.html
https://www.suse.com/security/cve/CVE-2020-25707.html
https://www.suse.com/security/cve/CVE-2020-25723.html
https://www.suse.com/security/cve/CVE-2020-29129.html
https://www.suse.com/security/cve/CVE-2020-29130.html
https://www.suse.com/security/cve/CVE-2020-8608.html
https://www.suse.com/security/cve/CVE-2021-20257.html
https://www.suse.com/security/cve/CVE-2021-3419.html
https://www.suse.com/security/cve/CVE-2021-3544.html
https://www.suse.com/security/cve/CVE-2021-3545.html
https://www.suse.com/security/cve/CVE-2021-3546.html
https://bugzilla.suse.com/1149813
https://bugzilla.suse.com/1163019
https://bugzilla.suse.com/1172380
https://bugzilla.suse.com/1175534
https://bugzilla.suse.com/1176681
https://bugzilla.suse.com/1178683
https://bugzilla.suse.com/1178935
https://bugzilla.suse.com/1179477
https://bugzilla.suse.com/1179484
https://bugzilla.suse.com/1182846
https://bugzilla.suse.com/1182975
https://bugzilla.suse.com/1183979
https://bugzilla.suse.com/1184574
https://bugzilla.suse.com/1185591
https://bugzilla.suse.com/1185981
https://bugzilla.suse.com/1185990
https://bugzilla.suse.com/1186010
https://bugzilla.suse.com/1186290
https://bugzilla.suse.com/1187013
1
0
openSUSE-SU-2021:2305-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 13 Jul '21
by opensuse-security@opensuse.org 13 Jul '21
13 Jul '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2305-1
Rating: important
References: #1152489 #1153274 #1154353 #1155518 #1164648
#1176447 #1176774 #1176919 #1177028 #1178134
#1182470 #1183682 #1184212 #1184685 #1185486
#1185675 #1185677 #1186071 #1186206 #1186666
#1186949 #1187171 #1187263 #1187356 #1187402
#1187403 #1187404 #1187407 #1187408 #1187409
#1187410 #1187411 #1187412 #1187413 #1187452
#1187554 #1187595 #1187601 #1187795 #1187867
#1187883 #1187886 #1187927 #1187972 #1187980
Cross-References: CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
CVE-2021-34693 CVE-2021-3573
CVSS scores:
CVE-2021-0512 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-0605 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0605 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33624 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-33624 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-34693 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3573 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 40 fixes is
now available.
Description:
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
attackers to corrupt kernel heaps and adopt further exploitations.
(bsc#1186666)
- CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
- CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
- CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to
leak the contents of arbitrary kernel memory (and therefore, of all
physical memory) via a side-channel. (bsc#1187554)
- CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local
users to obtain sensitive information from kernel stack memory because
parts of a data structure are uninitialized. (bsc#1187452)
The following non-security bugs were fixed:
- 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch:
(bsc#1187263).
- alx: Fix an error handling path in 'alx_probe()' (git-fixes).
- asm-generic/hyperv: Add missing function prototypes per -W1 warnings
(bsc#1186071).
- ASoC: fsl-asoc-card: Set .owner attribute when registering card
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
(git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
(git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
- ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire
mode (git-fixes).
- ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
- ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).
- batman-adv: Avoid WARN_ON timing related checks (git-fixes).
- be2net: Fix an error handling path in 'be_probe()' (git-fixes).
- block: Discard page cache of zone reset target range (bsc#1187402).
- Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
- Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
- bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path
(jsc#SLE-8371 bsc#1153274).
- bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371
bsc#1153274).
- bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371
bsc#1153274).
- bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
(bsc#1177028).
- bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
- bpfilter: Specify the log level for the kmsg message (bsc#1155518).
- can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
- ceph: must hold snap_rwsem when filling inode for async create
(bsc#1187927).
- cfg80211: avoid double free of PMSR request (git-fixes).
- cfg80211: make certificate generation more robust (git-fixes).
- cgroup1: do not allow '\n' in renaming (bsc#1187972).
- clocksource/drivers/hyper-v: Handle sched_clock differences inline
(bsc#1186071).
- clocksource/drivers/hyper-v: Move handling of STIMER0 interrupts
(bsc#1186071).
- clocksource/drivers/hyper-v: Set clocksource rating based on Hyper-V
feature (bsc#1186071).
- cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
- cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
- cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
- cxgb4: fix wrong shift (git-fixes).
- cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
- dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
- dax: Add an enum for specifying dax wakup mode (bsc#1187411).
- dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
- dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
- dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions
(git-fixes).
- dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
- dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
- dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
- drivers: hv: Create a consistent pattern for checking Hyper-V hypercall
status (bsc#1186071).
- drivers: hv: Fix EXPORT_SYMBOL and tab spaces issue (bsc#1186071).
- Drivers: hv: Redo Hyper-V synthetic MSR get/set functions (bsc#1186071).
- Drivers: hv: vmbus: Check for pending channel interrupts before taking a
CPU offline (bsc#1186071).
- Drivers: hv: vmbus: Drivers: hv: vmbus: Introduce
CHANNELMSG_MODIFYCHANNEL_RESPONSE (bsc#1186071).
- Drivers: hv: vmbus: Drop error message when 'No request id available'
(bsc#1183682).
- Drivers: hv: vmbus: Handle auto EOI quirk inline (bsc#1186071).
- Drivers: hv: vmbus: Introduce and negotiate VMBus protocol version 5.3
(bsc#1186071).
- Drivers: hv: vmbus: Move handling of VMbus interrupts (bsc#1186071).
- Drivers: hv: vmbus: Move hyperv_report_panic_msg to arch neutral code
(bsc#1186071).
- Drivers: hv: vmbus: remove unused function (bsc#1186071).
- Drivers: hv: vmbus: Remove unused linux/version.h header (bsc#1186071).
- drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
- drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
- drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
- drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).
- drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
- drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
- drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
- drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
- drm: Fix use-after-free read in drm_getunique() (git-fixes).
- drm: Lock pointer access in drm_master_release() (git-fixes).
- dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
- ethtool: strset: fix message length calculation (bsc#1176447).
- ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
- ext4: fix check to prevent false positive report of incorrect used
inodes (bsc#1187404).
- ext4: fix error code in ext4_commit_super (bsc#1187407).
- ext4: fix memory leak in ext4_fill_super (bsc#1187409).
- FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
- fs: fix reporting supported extra file attributes for statx()
(bsc#1187410).
- ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
- ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
- fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
- HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
- HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
- HID: hid-input: add mapping for emoji picker key (git-fixes).
- HID: hid-sensor-hub: Return error for hid_set_field() failure
(git-fixes).
- HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
- HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
- HID: usbhid: Fix race between usbhid_close() and usbhid_stop()
(git-fixes).
- hv: hyperv.h: a few mundane typo fixes (bsc#1186071).
- hv_netvsc: Add a comment clarifying batching logic (bsc#1186071).
- hv_netvsc: Add error handling while switching data path (bsc#1186071).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number
(bsc#1186071).
- hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
- i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
- ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
- ice: parameterize functions responsible for Tx ring management
(jsc#SLE-12878).
- isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
- kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
- kernel: kexec_file: fix error return code of
kexec_calculate_store_digests() (git-fixes).
- kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
- kthread_worker: split code for canceling the delayed work timer
(bsc#1187867).
- kyber: fix out of bounds access when preempted (bsc#1187403).
- lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
- media: mtk-mdp: Check return value of of_clk_get (git-fixes).
- media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
- media: s5p-g2d: Fix a memory leak in an error handling path in
'g2d_probe()' (git-fixes).
- mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11
(bsc#1176774).
- mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
- module: limit enabling module.sig_enforce (git-fixes).
- net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
- net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
- net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
- net/mlx5: Fix PBMC register mapping (git-fixes).
- net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
- net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
- net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
- net/mlx5e: Block offload of outer header csum for UDP tunnels
(git-fixes).
- net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
- net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
- net/nfc/rawsock.c: fix a permission check bug (git-fixes).
- net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
- net/x25: Return the correct errno code (git-fixes).
- net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
- netxen_nic: Fix an error handling path in 'netxen_nic_probe()'
(git-fixes).
- NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
- NFS: Fix deadlock between nfs4_evict_inode() and
nfs4_opendata_get_inode() (git-fixes).
- NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
- nvmem: rmem: fix undefined reference to memremap (git-fixes).
- ocfs2: fix data corruption by fallocate (bsc#1187412).
- PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
- PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
- PCI: hv: Drop msi_controller structure (bsc#1186071).
- PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
- PCI: Mark TI C667X to avoid bus reset (git-fixes).
- PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
- perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1
(git-fixes).
- perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3
(bsc#1184685).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not
set (jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
- qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470
bsc#1185486).
- qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
- radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
- regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
(git-fixes).
- Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
- Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413).
- Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206
ltc#191041).
- Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
(git-fixes).
- Revert "video: hgafb: fix potential NULL pointer dereference"
(git-fixes).
- Revert "video: imsttfb: fix potential NULL pointer dereferences"
(bsc#1152489)
- s390/dasd: add missing discipline function (git-fixes).
- s390/stack: fix possible register corruption with stack switch helper
(bsc#1185677).
- sched/debug: Fix cgroup_path[] serialization (git-fixes)
- sched/fair: Keep load_avg and load_sum synced (git-fixes)
- scsi: core: Fix race between handling STS_RESOURCE and completion
(bsc#1187883).
- scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
- scsi: storvsc: Enable scatterlist entry lengths > 4Kbytes (bsc#1186071).
- scsi: storvsc: Parameterize number hardware queues (bsc#1186071).
- scsi: ufs: Fix imprecise load calculation in devfreq window
(bsc#1187795).
- SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
- scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
- spi: spi-nxp-fspi: move the register operation after the clock enable
(git-fixes).
- spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- spi: stm32-qspi: Always wait BUSY bit to be cleared in
stm32_qspi_wait_cmd() (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
- tracing: Correct the length check which causes memory corruption
(git-fixes).
- tracing: Do no increment trace_clock_global() by one (git-fixes).
- tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
- tracing: Do not stop recording comms if the trace file is being read
(git-fixes).
- tracing: Restructure trace_clock_global() to never block (git-fixes).
- USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
- USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
- USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
- USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
- USB: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
- USB: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
- USB: fix various gadget panics on 10gbps cabling (git-fixes).
- USB: fix various gadget panics on 10gbps cabling (git-fixes).
- USB: gadget: eem: fix wrong eem header operation (git-fixes).
- USB: gadget: eem: fix wrong eem header operation (git-fixes).
- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
- USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
- video: hgafb: correctly handle card detect failure during probe
(git-fixes).
- video: hgafb: fix potential NULL pointer dereference (git-fixes).
- vrf: fix maximum MTU (git-fixes).
- x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
- x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate()
(bsc#1178134).
- x86/hyper-v: Move hv_message_type to architecture neutral module
- x86/hyperv: Fix unused variable 'hi' warning in hv_apic_read
(bsc#1186071).
- x86/hyperv: Fix unused variable 'msr_val' warning in hv_qlock_wait
(bsc#1186071).
- x86/hyperv: Move hv_do_rep_hypercall to asm-generic (bsc#1186071).
- x86/hyperv: remove unused linux/version.h header (bsc#1186071).
- x86/pkru: Write hardware init value to PKRU when xstate is init
(bsc#1152489).
- x86/process: Check PF_KTHREAD and not current->mm for kernel threads
(bsc#1152489).
- xen-blkback: fix compatibility bug with single page rings (git-fixes).
- xen-pciback: reconfigure also from backend watch handler (git-fixes).
- xen-pciback: redo VF placement in the virtual topology (git-fixes).
- xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
- xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype (bsc#1185675).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2305=1
Package List:
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-38.11.1
kernel-source-azure-5.3.18-38.11.1
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-38.11.1
cluster-md-kmp-azure-debuginfo-5.3.18-38.11.1
dlm-kmp-azure-5.3.18-38.11.1
dlm-kmp-azure-debuginfo-5.3.18-38.11.1
gfs2-kmp-azure-5.3.18-38.11.1
gfs2-kmp-azure-debuginfo-5.3.18-38.11.1
kernel-azure-5.3.18-38.11.1
kernel-azure-debuginfo-5.3.18-38.11.1
kernel-azure-debugsource-5.3.18-38.11.1
kernel-azure-devel-5.3.18-38.11.1
kernel-azure-devel-debuginfo-5.3.18-38.11.1
kernel-azure-extra-5.3.18-38.11.1
kernel-azure-extra-debuginfo-5.3.18-38.11.1
kernel-azure-livepatch-devel-5.3.18-38.11.1
kernel-azure-optional-5.3.18-38.11.1
kernel-azure-optional-debuginfo-5.3.18-38.11.1
kernel-syms-azure-5.3.18-38.11.1
kselftests-kmp-azure-5.3.18-38.11.1
kselftests-kmp-azure-debuginfo-5.3.18-38.11.1
ocfs2-kmp-azure-5.3.18-38.11.1
ocfs2-kmp-azure-debuginfo-5.3.18-38.11.1
reiserfs-kmp-azure-5.3.18-38.11.1
reiserfs-kmp-azure-debuginfo-5.3.18-38.11.1
References:
https://www.suse.com/security/cve/CVE-2021-0512.html
https://www.suse.com/security/cve/CVE-2021-0605.html
https://www.suse.com/security/cve/CVE-2021-33624.html
https://www.suse.com/security/cve/CVE-2021-34693.html
https://www.suse.com/security/cve/CVE-2021-3573.html
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1153274
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1155518
https://bugzilla.suse.com/1164648
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176774
https://bugzilla.suse.com/1176919
https://bugzilla.suse.com/1177028
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1182470
https://bugzilla.suse.com/1183682
https://bugzilla.suse.com/1184212
https://bugzilla.suse.com/1184685
https://bugzilla.suse.com/1185486
https://bugzilla.suse.com/1185675
https://bugzilla.suse.com/1185677
https://bugzilla.suse.com/1186071
https://bugzilla.suse.com/1186206
https://bugzilla.suse.com/1186666
https://bugzilla.suse.com/1186949
https://bugzilla.suse.com/1187171
https://bugzilla.suse.com/1187263
https://bugzilla.suse.com/1187356
https://bugzilla.suse.com/1187402
https://bugzilla.suse.com/1187403
https://bugzilla.suse.com/1187404
https://bugzilla.suse.com/1187407
https://bugzilla.suse.com/1187408
https://bugzilla.suse.com/1187409
https://bugzilla.suse.com/1187410
https://bugzilla.suse.com/1187411
https://bugzilla.suse.com/1187412
https://bugzilla.suse.com/1187413
https://bugzilla.suse.com/1187452
https://bugzilla.suse.com/1187554
https://bugzilla.suse.com/1187595
https://bugzilla.suse.com/1187601
https://bugzilla.suse.com/1187795
https://bugzilla.suse.com/1187867
https://bugzilla.suse.com/1187883
https://bugzilla.suse.com/1187886
https://bugzilla.suse.com/1187927
https://bugzilla.suse.com/1187972
https://bugzilla.suse.com/1187980
1
0
openSUSE-SU-2021:1031-1: important: Security update for jdom2
by opensuse-security@opensuse.org 13 Jul '21
by opensuse-security@opensuse.org 13 Jul '21
13 Jul '21
openSUSE Security Update: Security update for jdom2
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1031-1
Rating: important
References: #1187446
Cross-References: CVE-2021-33813
CVSS scores:
CVE-2021-33813 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33813 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for jdom2 fixes the following issues:
- CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service
via a crafted HTTP request (bsc#1187446)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1031=1
Package List:
- openSUSE Leap 15.2 (noarch):
jdom2-2.0.6-lp152.2.3.1
jdom2-javadoc-2.0.6-lp152.2.3.1
References:
https://www.suse.com/security/cve/CVE-2021-33813.html
https://bugzilla.suse.com/1187446
1
0
openSUSE-SU-2021:2291-1: moderate: Security update for bluez
by opensuse-security@opensuse.org 12 Jul '21
by opensuse-security@opensuse.org 12 Jul '21
12 Jul '21
openSUSE Security Update: Security update for bluez
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2291-1
Rating: moderate
References: #1186463
Cross-References: CVE-2020-26558 CVE-2021-0129
CVSS scores:
CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for bluez fixes the following issues:
- CVE-2021-0129,CVE-2020-26558: Check bluetooth security flags
(bsc#1186463).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2291=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
bluez-5.55-3.3.1
bluez-cups-5.55-3.3.1
bluez-cups-debuginfo-5.55-3.3.1
bluez-debuginfo-5.55-3.3.1
bluez-debugsource-5.55-3.3.1
bluez-deprecated-5.55-3.3.1
bluez-deprecated-debuginfo-5.55-3.3.1
bluez-devel-5.55-3.3.1
bluez-test-5.55-3.3.1
bluez-test-debuginfo-5.55-3.3.1
libbluetooth3-5.55-3.3.1
libbluetooth3-debuginfo-5.55-3.3.1
- openSUSE Leap 15.3 (noarch):
bluez-auto-enable-devices-5.55-3.3.1
- openSUSE Leap 15.3 (x86_64):
bluez-devel-32bit-5.55-3.3.1
libbluetooth3-32bit-5.55-3.3.1
libbluetooth3-32bit-debuginfo-5.55-3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-26558.html
https://www.suse.com/security/cve/CVE-2021-0129.html
https://bugzilla.suse.com/1186463
1
0