September 2021 - openSUSE Security Announce

openSUSE-SU-2021:1308-1: moderate: Security update for grafana-piechart-panel
by opensuse-security＠opensuse.org 25 Sep '21

25 Sep '21

openSUSE Security Update: Security update for grafana-piechart-panel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1308-1 Rating: moderate References: #1172125 Cross-References: CVE-2020-13429 CVSS scores: CVE-2020-13429 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2020-13429 (SUSE): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grafana-piechart-panel fixes the following issues: - CVE-2020-13429: Fixed XSS via the Values Header option in the piechart-panel (bsc#1172125). This update was imported from the SUSE:SLE-15-SP2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1308=1 Package List: - openSUSE Leap 15.2 (noarch): grafana-piechart-panel-1.6.1-lp152.2.6.1 References: https://www.suse.com/security/cve/CVE-2020-13429.html https://bugzilla.suse.com/1172125

1 0

openSUSE-SU-2021:3205-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 23 Sep '21

23 Sep '21

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3205-1 Rating: important References: #1040364 #1127650 #1135481 #1152489 #1160010 #1168202 #1171420 #1174969 #1175052 #1175543 #1177399 #1180100 #1180141 #1180347 #1181006 #1181148 #1181972 #1184180 #1185902 #1186264 #1186731 #1187211 #1187455 #1187468 #1187483 #1187619 #1187959 #1188067 #1188172 #1188231 #1188270 #1188412 #1188418 #1188616 #1188700 #1188780 #1188781 #1188782 #1188783 #1188784 #1188786 #1188787 #1188788 #1188790 #1188878 #1188885 #1188924 #1188982 #1188983 #1188985 #1189021 #1189057 #1189077 #1189153 #1189197 #1189209 #1189210 #1189212 #1189213 #1189214 #1189215 #1189216 #1189217 #1189218 #1189219 #1189220 #1189221 #1189222 #1189225 #1189229 #1189233 #1189262 #1189291 #1189292 #1189296 #1189298 #1189301 #1189305 #1189323 #1189384 #1189385 #1189392 #1189393 #1189399 #1189400 #1189427 #1189503 #1189504 #1189505 #1189506 #1189507 #1189562 #1189563 #1189564 #1189565 #1189566 #1189567 #1189568 #1189569 #1189573 #1189574 #1189575 #1189576 #1189577 #1189579 #1189581 #1189582 #1189583 #1189585 #1189586 #1189587 #1189706 #1189760 #1189762 #1189832 #1189841 #1189870 #1189872 #1189883 #1190022 #1190025 #1190115 #1190117 #1190412 #1190413 #1190428 Cross-References: CVE-2020-12770 CVE-2021-34556 CVE-2021-35477 CVE-2021-3640 CVE-2021-3653 CVE-2021-3656 CVE-2021-3679 CVE-2021-3732 CVE-2021-3739 CVE-2021-3743 CVE-2021-3753 CVE-2021-3759 CVE-2021-38160 CVE-2021-38166 CVE-2021-38198 CVE-2021-38204 CVE-2021-38205 CVE-2021-38206 CVE-2021-38207 CVE-2021-38209 CVSS scores: CVE-2020-12770 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2020-12770 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2021-34556 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-35477 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3640 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3653 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3656 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3679 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3732 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3739 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2021-3743 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3753 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3759 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38160 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38166 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-38198 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-38204 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38205 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-38206 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-38206 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38207 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-38209 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 20 vulnerabilities and has 106 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3640: Fixed a Use-After-Free vulnerability in function sco_sock_sendmsg() in the bluetooth stack (bsc#1188172). - CVE-2021-3653: Missing validation of the `int_ctl` VMCB field and allows a malicious L1 guest to enable AVIC support for the L2 guest. (bsc#1189399). - CVE-2021-3656: Missing validation of the the `virt_ext` VMCB field and allows a malicious L1 guest to disable both VMLOAD/VMSAVE intercepts and VLS for the L2 guest (bsc#1189400). - CVE-2021-3679: A lack of CPU resource in tracing module functionality was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service (bnc#1189057). - CVE-2021-3732: Mounting overlayfs inside an unprivileged user namespace can reveal files (bsc#1189706). - CVE-2021-3739: Fixed a NULL pointer dereference when deleting device by invalid id (bsc#1189832 ). - CVE-2021-3743: Fixed OOB Read in qrtr_endpoint_post (bsc#1189883). - CVE-2021-3753: Fixed race out-of-bounds in virtual terminal handling (bsc#1190025). - CVE-2021-38160: Data corruption or loss could be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size in drivers/char/virtio_console.c (bsc#1190117) - CVE-2021-38198: arch/x86/kvm/mmu/paging_tmpl.h incorrectly computes the access permissions of a shadow page, leading to a missing guest protection page fault (bnc#1189262). - CVE-2021-38204: drivers/usb/host/max3421-hcd.c allowed physically proximate attackers to cause a denial of service (use-after-free and panic) by removing a MAX-3421 USB device in certain situations (bnc#1189291). - CVE-2021-38205: drivers/net/ethernet/xilinx/xilinx_emaclite.c made it easier for attackers to defeat an ASLR protection mechanism because it prints a kernel pointer (i.e., the real IOMEM pointer) (bnc#1189292). - CVE-2021-38207: drivers/net/ethernet/xilinx/ll_temac_main.c allowed remote attackers to cause a denial of service (buffer overflow and lockup) by sending heavy network traffic for about ten minutes (bnc#1189298). - CVE-2021-38166: Fixed an integer overflow and out-of-bounds write when many elements are placed in a single bucket in kernel/bpf/hashtab.c (bnc#1189233 ). - CVE-2021-38209: Fixed allowed observation of changes in any net namespace via net/netfilter/nf_conntrack_standalone.c (bnc#1189393). - CVE-2021-38206: Fixed NULL pointer dereference in the radiotap parser inside the mac80211 subsystem (bnc#1189296). - CVE-2021-34556: Fixed side-channel attack via a Speculative Store Bypass via unprivileged BPF program that could have obtain sensitive information from kernel memory (bsc#1188983). - CVE-2021-35477: Fixed BPF stack frame pointer which could have been abused to disclose content of arbitrary kernel memory (bsc#1188985). - CVE-2021-3759: Unaccounted ipc objects in Linux kernel could have lead to breaking memcg limits and DoS attacks (bsc#1190115). - CVE-2020-12770: Fixed sg_remove_request call in a certain failure cases (bsc#1171420). The following non-security bugs were fixed: - ACPI: NFIT: Fix support for virtual SPA ranges (git-fixes). - ACPI: processor: Clean up acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Export function to claim _CST control (bsc#1175543) - ACPI: processor: Introduce acpi_processor_evaluate_cst() (bsc#1175543) - ACPI: processor: Make ACPI_PROCESSOR_CSTATE depend on ACPI_PROCESSOR (bsc#1175543) - ALSA: hda - fix the 'Capture Switch' value change notifications (git-fixes). - ALSA: hda/hdmi: Add quirk to force pin connectivity on NUC10 (git-fixes). - ALSA: hda/hdmi: fix max DP-MST dev_num for Intel TGL+ platforms (git-fixes). - ALSA: hda/hdmi: let new platforms assign the pcm slot dynamically (git-fixes). - ALSA: hda/realtek - Add ALC285 HP init procedure (git-fixes). - ALSA: hda/realtek - Add type for ALC287 (git-fixes). - ALSA: hda/realtek: Change device names for quirks to barebone names (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell XPS 15 9510 laptop (git-fixes). - ALSA: hda/realtek: Fix headset mic for Acer SWIFT SF314-56 (ALC256) (git-fixes). - ALSA: hda/realtek: Limit mic boost on HP ProBook 445 G8 (git-fixes). - ALSA: hda/realtek: add mic quirk for Acer SF314-42 (git-fixes). - ALSA: hda/realtek: fix mute led of the HP Pavilion 15-eh1xxx series (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for HP ProBook 650 G8 Notebook PC (git-fixes). - ALSA: hda/via: Apply runtime PM workaround for ASUS B23E (git-fixes). - ALSA: hda: Add quirk for ASUS Flow x13 (git-fixes). - ALSA: hda: Fix hang during shutdown due to link reset (git-fixes). - ALSA: hda: Release controller display power during shutdown/reboot (git-fixes). - ALSA: pcm: Fix mmap breakage without explicit buffer setup (git-fixes). - ALSA: pcm: fix divide error in snd_pcm_lib_ioctl (git-fixes). - ALSA: seq: Fix racy deletion of subscriber (git-fixes). - ALSA: usb-audio: Add registration quirk for JBL Quantum 600 (git-fixes). - ALSA: usb-audio: Avoid unnecessary or invalid connector selection at resume (git-fixes). - ALSA: usb-audio: Fix regression on Sony WALKMAN NW-A45 DAC (git-fixes). - ALSA: usb-audio: Fix superfluous autosuspend recovery (git-fixes). - ALSA: usb-audio: fix incorrect clock source setting (git-fixes). - ASoC: Intel: Skylake: Fix module resource and format selection (git-fixes). - ASoC: Intel: Skylake: Leave data as is when invoking TLV IPCs (git-fixes). - ASoC: Intel: kbl_da7219_max98927: Fix format selection for max98373 (git-fixes). - ASoC: SOF: Intel: hda-ipc: fix reply size checking (git-fixes). - ASoC: amd: Fix reference to PCM buffer address (git-fixes). - ASoC: component: Remove misplaced prefix handling in pin control functions (git-fixes). - ASoC: cs42l42: Correct definition of ADC Volume control (git-fixes). - ASoC: cs42l42: Do not allow SND_SOC_DAIFMT_LEFT_J (git-fixes). - ASoC: cs42l42: Fix LRCLK frame start edge (git-fixes). - ASoC: cs42l42: Fix inversion of ADC Notch Switch control (git-fixes). - ASoC: cs42l42: Remove duplicate control for WNF filter frequency (git-fixes). - ASoC: intel: atom: Fix breakage for PCM buffer address setup (git-fixes). - ASoC: intel: atom: Fix reference to PCM buffer address (git-fixes). - ASoC: mediatek: mt8183: Fix Unbalanced pm_runtime_enable in mt8183_afe_pcm_dev_probe (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold (git-fixes). - ASoC: rt5682: Adjust headset volume button threshold again (git-fixes). - ASoC: rt5682: Fix the issue of garbled recording after powerd_dbus_suspend (git-fixes). - ASoC: ti: j721e-evm: Check for not initialized parent_clk_id (git-fixes). - ASoC: ti: j721e-evm: Fix unbalanced domain activity tracking during startup (git-fixes). - ASoC: tlv320aic31xx: Fix jack detection after suspend (git-fixes). - ASoC: tlv320aic31xx: fix reversed bclk/wclk master bits (git-fixes). - ASoC: uniphier: Fix reference to PCM buffer address (git-fixes). - ASoC: wcd9335: Disable irq on slave ports in the remove function (git-fixes). - ASoC: wcd9335: Fix a double irq free in the remove function (git-fixes). - ASoC: wcd9335: Fix a memory leak in the error handling path of the probe function (git-fixes). - ASoC: xilinx: Fix reference to PCM buffer address (git-fixes). - Avoid double printing SUSE specific flags in mod->taint (bsc#1190413). - Bluetooth: add timeout sanity check to hci_inquiry (git-fixes). - Bluetooth: btusb: Fix a unspported condition to set available debug features (git-fixes). - Bluetooth: btusb: check conditions before enabling USB ALT 3 for WBS (git-fixes). - Bluetooth: defer cleanup of resources in hci_unregister_dev() (git-fixes). - Bluetooth: fix repeated calls to sco_sock_kill (git-fixes). - Bluetooth: hidp: use correct wait queue when removing ctrl_wait (git-fixes). - Bluetooth: increase BTNAMSIZ to 21 chars to fix potential buffer overflow (git-fixes). - Bluetooth: mgmt: Fix wrong opcode in the response for add_adv cmd (git-fixes). - Bluetooth: sco: prevent information leak in sco_conn_defer_accept() (git-fixes). - Drop two intel_int0002_vgpio patches that cause Oops (bsc#1190412) - KVM: VMX: Drop guest CPUID check for VMXE in vmx_set_cr4() (bsc#1188786). - KVM: VMX: Enable machine check support for 32bit targets (bsc#1188787). - KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (bsc#1188788). - KVM: VMX: Extend VMXs #AC interceptor to handle split lock #AC in guest (bsc#1187959). - KVM: nVMX: Handle split-lock #AC exceptions that happen in L2 (bsc#1187959). - KVM: nVMX: Really make emulated nested preemption timer pinned (bsc#1188780). - KVM: nVMX: Reset the segment cache when stuffing guest segs (bsc#1188781). - KVM: nVMX: Skip IBPB when switching between vmcs01 and vmcs02 (bsc#1188782). - KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration (bsc#1188783). - KVM: nVMX: Truncate bits 63:32 of VMCS field on nested check in !64-bit (bsc#1188784). - KVM: x86: Emulate split-lock access as a write in emulator (bsc#1187959). - KVM: x86: bit 8 of non-leaf PDPEs is not reserved (bsc#1188790). - NFS: Correct size calculation for create reply length (bsc#1189870). - NFSv4.1: Do not rebind to the same source port when (bnc#1186264 bnc#1189021) - NFSv4/pNFS: Do not call _nfs4_pnfs_v3_ds_connect multiple times (git-fixes). - NFSv4: Initialise connection to the server in nfs4_alloc_client() (bsc#1040364). - PCI/MSI: Correct misleading comments (git-fixes). - PCI/MSI: Do not set invalid bits in MSI mask (git-fixes). - PCI/MSI: Enable and mask MSI-X early (git-fixes). - PCI/MSI: Enforce MSI[X] entry updates to be visible (git-fixes). - PCI/MSI: Enforce that MSI-X table entry is masked for update (git-fixes). - PCI/MSI: Mask all unused MSI-X entries (git-fixes). - PCI/MSI: Skip masking MSI-X on Xen PV (git-fixes). - PCI/MSI: Use msi_mask_irq() in pci_msi_shutdown() (git-fixes). - PCI: Increase D3 delay for AMD Renoir/Cezanne XHCI (git-fixes). - PCI: PM: Avoid forcing PCI_D0 for wakeup reasons inconsistently (git-fixes). - PCI: PM: Enable PME if it can be signaled from D3cold (git-fixes). - RDMA/bnxt_re: Fix stats counters (bsc#1188231). - SUNRPC: 'Directory with parent 'rpc_clnt' already present!' (bsc#1168202 bsc#1188924). - SUNRPC: Fix the batch tasks count wraparound (git-fixes). - SUNRPC: Should wake up the privileged task firstly (git-fixes). - SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - SUNRPC: fix use-after-free in rpc_free_client_work() (bsc#1168202 bsc#1188924). - SUNRPC: improve error response to over-size gss credential (bsc#1190022). - SUNRPC: prevent port reuse on transports which do not request it (bnc#1186264 bnc#1189021). - USB: core: Avoid WARNings for 0-length descriptor requests (git-fixes). - USB: serial: ch341: fix character loss at high transfer rates (git-fixes). - USB: serial: ftdi_sio: add device ID for Auto-M3 OP-COM v2 (git-fixes). - USB: serial: option: add Telit FD980 composition 0x1056 (git-fixes). - USB: usbtmc: Fix RCU stall warning (git-fixes). - USB:ehci:fix Kunpeng920 ehci hardware problem (git-fixes). - VMCI: fix NULL pointer dereference when unmapping queue pair (git-fixes). - ath6kl: wmi: fix an error code in ath6kl_wmi_sync_point() (git-fixes). - ath9k: Clear key cache explicitly on disabling hardware (git-fixes). - ath: Use safer key clearing with key cache entries (git-fixes). - bcma: Fix memory leak for internally-handled cores (git-fixes). - bdi: Do not use freezable workqueue (bsc#1189573). - blk-iolatency: error out if blk_get_queue() failed in iolatency_set_limit() (bsc#1189507). - blk-mq-sched: Fix blk_mq_sched_alloc_tags() error handling (bsc#1189506). - blk-wbt: introduce a new disable state to prevent false positive by rwb_enabled() (bsc#1189503). - blk-wbt: make sure throttle is enabled properly (bsc#1189504). - block: fix trace completion for chained bio (bsc#1189505). - bnxt_en: Validate vlan protocol ID on RX packets (jsc#SLE-15075). - brcmfmac: pcie: fix oops on failure to resume and reprobe (git-fixes). - btrfs: Rename __btrfs_alloc_chunk to btrfs_alloc_chunk (bsc#1189077). - btrfs: add a trace class for dumping the current ENOSPC state (bsc#1135481). - btrfs: add a trace point for reserve tickets (bsc#1135481). - btrfs: adjust the flush trace point to include the source (bsc#1135481). - btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1135481). - btrfs: factor out create_chunk() (bsc#1189077). - btrfs: factor out decide_stripe_size() (bsc#1189077). - btrfs: factor out gather_device_info() (bsc#1189077). - btrfs: factor out init_alloc_chunk_ctl (bsc#1189077). - btrfs: fix btrfs_calc_reclaim_metadata_size calculation (bsc#1135481). - btrfs: fix deadlock with concurrent chunk allocations involving system chunks (bsc#1189077). - btrfs: handle invalid profile in chunk allocation (bsc#1189077). - btrfs: implement space clamping for preemptive flushing (bsc#1135481). - btrfs: improve preemptive background space flushing (bsc#1135481). - btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1135481). - btrfs: introduce alloc_chunk_ctl (bsc#1189077). - btrfs: introduce chunk allocation policy (bsc#1189077). - btrfs: make flush_space take a enum btrfs_flush_state instead of int (bsc#1135481). - btrfs: move the chunk_mutex in btrfs_read_chunk_tree (bsc#1189077). - btrfs: parameterize dev_extent_min for chunk allocation (bsc#1189077). - btrfs: refactor find_free_dev_extent_start() (bsc#1189077). - btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1135481). - btrfs: rename need_do_async_reclaim (bsc#1135481). - btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1135481). - btrfs: rework chunk allocation to avoid exhaustion of the system chunk array (bsc#1189077). - btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1135481). - btrfs: rip the first_ticket_bytes logic from fail_all_tickets (bsc#1135481). - btrfs: simplify the logic in need_preemptive_flushing (bsc#1135481). - btrfs: tracepoints: convert flush states to using EM macros (bsc#1135481). - btrfs: tracepoints: fix btrfs_trigger_flush symbolic string for flags (bsc#1135481). - can: ti_hecc: Fix memleak in ti_hecc_probe (git-fixes). - can: usb: esd_usb2: esd_usb2_rx_event(): fix the interchange of the CAN RX and TX error counters (git-fixes). - ceph: clean up and optimize ceph_check_delayed_caps() (bsc#1187468). - ceph: reduce contention in ceph_check_delayed_caps() (bsc#1187468). - ceph: take snap_empty_lock atomically with snaprealm refcount change (bsc#1189427). - cfg80211: Fix possible memory leak in function cfg80211_bss_update (git-fixes). - cifs: Remove unused inline function is_sysvol_or_netlogon() (bsc#1185902). - cifs: avoid starvation when refreshing dfs cache (bsc#1185902). - cifs: constify get_normalized_path() properly (bsc#1185902). - cifs: do not cargo-cult strndup() (bsc#1185902). - cifs: do not send tree disconnect to ipc shares (bsc#1185902). - cifs: do not share tcp servers with dfs mounts (bsc#1185902). - cifs: do not share tcp sessions of dfs connections (bsc#1185902). - cifs: fix check of dfs interlinks (bsc#1185902). - cifs: fix path comparison and hash calc (bsc#1185902). - cifs: get rid of @noreq param in __dfs_cache_find() (bsc#1185902). - cifs: handle different charsets in dfs cache (bsc#1185902). - cifs: keep referral server sessions alive (bsc#1185902). - cifs: missing null pointer check in cifs_mount (bsc#1185902). - cifs: prevent NULL deref in cifs_compose_mount_options() (bsc#1185902). - cifs: set a minimum of 2 minutes for refreshing dfs cache (bsc#1185902). - clk: fix leak on devm_clk_bulk_get_all() unwind (git-fixes). - clk: stm32f4: fix post divisor setup for I2S/SAI PLLs (git-fixes). - cpuidle: Allow idle states to be disabled by default (bsc#1175543) - cpuidle: Consolidate disabled state checks (bsc#1175543) - cpuidle: Drop disabled field from struct cpuidle_state (bsc#1175543) - cpuidle: Fix cpuidle_driver_state_disabled() (bsc#1175543) - cpuidle: Introduce cpuidle_driver_state_disabled() for driver quirks (bsc#1175543) - crypto: ccp - Annotate SEV Firmware file names (bsc#1189212). - crypto: qat - use proper type for vf_mask (git-fixes). - crypto: x86/curve25519 - fix cpu feature checking logic in mod_exit (git-fixes). - device-dax: Fix default return code of range_parse() (git-fixes). - dm integrity: fix missing goto in bitmap_flush_interval error handling (git-fixes). - dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails (git-fixes). - dm verity: fix DM_VERITY_OPTS_MAX value (git-fixes). - dmaengine: idxd: fix setup sequence for MSIXPERM table (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-dma: configure the generic DMA type to make it work (git-fixes). - dmaengine: imx-sdma: remove duplicated sdma_load_context (git-fixes). - dmaengine: of-dma: router_xlate to return -EPROBE_DEFER if controller is not yet available (git-fixes). - dmaengine: usb-dmac: Fix PM reference leak in usb_dmac_probe() (git-fixes). - dmaengine: xilinx_dma: Fix read-after-free bug when terminating transfers (git-fixes). - drivers/block/null_blk/main: Fix a double free in null_init (git-fixes). - drm/amd/display: Fix Dynamic bpp issue with 8K30 with Navi 1X (git-fixes). - drm/amd/display: Fix comparison error in dcn21 DML (git-fixes). - drm/amd/display: Fix max vstartup calculation for modes with borders (git-fixes). - drm/amd/display: Remove invalid assert for ODM + MPC case (git-fixes). - drm/amd/display: use GFP_ATOMIC in amdgpu_dm_irq_schedule_work (git-fixes). - drm/amd/display: workaround for hard hang on HPD on native DP (git-fixes). - drm/amdgpu/acp: Make PM domain really work (git-fixes). - drm/amdgpu/display: fix DMUB firmware version info (git-fixes). - drm/amdgpu/display: only enable aux backlight control for OLED panels (git-fixes). - drm/amdgpu: do not enable baco on boco platforms in runpm (git-fixes). - drm/amdgpu: fix the doorbell missing when in CGPG issue for renoir (git-fixes). - drm/dp_mst: Fix return code on sideband message failure (git-fixes). - drm/i915/dg1: gmbus pin mapping (bsc#1188700). - drm/i915/dg1: provide port/phy mapping for vbt (bsc#1188700). - drm/i915/gen9_bc: Add W/A for missing STRAP config on TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce HPD pin mappings for TGP PCH + CML combos (bsc#1188700). - drm/i915/gen9_bc: Introduce TGP PCH DDC pin mappings (bsc#1188700). - drm/i915/gen9_bc: Recognize TGP PCH + CML combos (bsc#1188700). - drm/i915/rkl: new rkl ddc map for different PCH (bsc#1188700). - drm/i915: Add VBT AUX CH H and I (bsc#1188700). - drm/i915: Add VBT DVO ports H and I (bsc#1188700). - drm/i915: Add more AUX CHs to the enum (bsc#1188700). - drm/i915: Configure GEN11_{TBT,TC}_HOTPLUG_CTL for ports TC5/6 (bsc#1188700). - drm/i915: Correct SFC_DONE register offset (git-fixes). - drm/i915: Introduce HPD_PORT_TC<n> (bsc#1188700). - drm/i915: Move hpd_pin setup to encoder init (bsc#1188700). - drm/i915: Nuke the redundant TC/TBT HPD bit defines (bsc#1188700). - drm/i915: Only access SFC_DONE when media domain is not fused off (git-fixes). - drm/meson: fix colour distortion from HDR set during vendor u-boot (git-fixes). - drm/msi/mdp4: populate priv->kms in mdp4_kms_init (git-fixes). - drm/msm/dpu: make dpu_hw_ctl_clear_all_blendstages clear necessary LMs (git-fixes). - drm/msm/dsi: Fix some reference counted resource leaks (git-fixes). - drm/msm: Fix error return code in msm_drm_init() (git-fixes). - drm/nouveau/kms/nv50: workaround EFI GOP window channel format differences (git-fixes). - drm/of: free the iterator object on failure (git-fixes). - drm/of: free the right object (git-fixes). - drm/panfrost: Fix missing clk_disable_unprepare() on error in panfrost_clk_init() (git-fixes). - drm/prime: fix comment on PRIME Helpers (git-fixes). - ext4: cleanup in-core orphan list if ext4_truncate() failed to get a transaction handle (bsc#1189568). - ext4: correct the cache_nr in tracepoint ext4_es_shrink_exit (bsc#1189564). - ext4: fix avefreec in find_group_orlov (bsc#1189566). - ext4: fix kernel infoleak via ext4_extent_header (bsc#1189562). - ext4: fix potential htree corruption when growing large_dir directories (bsc#1189576). - ext4: remove check for zero nr_to_scan in ext4_es_scan() (bsc#1189565). - ext4: return error code when ext4_fill_flex_info() fails (bsc#1189563). - ext4: use ext4_grp_locked_error in mb_find_extent (bsc#1189567). - fanotify: fix copy_event_to_user() fid error clean up (bsc#1189574). - firmware_loader: fix use-after-free in firmware_fallback_sysfs (git-fixes). - firmware_loader: use -ETIMEDOUT instead of -EAGAIN in fw_load_sysfs_fallback (git-fixes). - fixup "rpm: support gz and zst compression methods" (bsc#1190358, bsc#1190428). - fpga: altera-freeze-bridge: Address warning about unused variable (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: dfl: fme: Fix cpu hotplug issue in performance reporting (git-fixes). - fpga: xiilnx-spi: Address warning about unused variable (git-fixes). - fpga: zynqmp-fpga: Address warning about unused variable (git-fixes). - gpio: eic-sprd: break loop when getting NULL device resource (git-fixes). - gpio: tqmx86: really make IRQ optional (git-fixes). - i2c: dev: zero out array used for i2c reads from userspace (git-fixes). - i2c: highlander: add IRQ check (git-fixes). - i2c: iop3xx: fix deferred probing (git-fixes). - i2c: mt65xx: fix IRQ check (git-fixes). - i2c: s3c2410: fix IRQ check (git-fixes). - iio: adc: Fix incorrect exit of for-loop (git-fixes). - iio: adc: ti-ads7950: Ensure CS is deasserted after reading channels (git-fixes). - iio: humidity: hdc100x: Add margin to the conversion time (git-fixes). - intel_idle: Add module parameter to prevent ACPI _CST from being used (bsc#1175543) - intel_idle: Allow ACPI _CST to be used for selected known processors (bsc#1175543) - intel_idle: Annotate init time data structures (bsc#1175543) - intel_idle: Customize IceLake server support (bsc#1175543) - intel_idle: Disable ACPI _CST on Haswell (bsc#1175543, bsc#1177399, bsc#1180347, bsc#1180141) - intel_idle: Fix max_cstate for processor models without C-state tables (bsc#1175543) - intel_idle: Ignore _CST if control cannot be taken from the platform (bsc#1175543) - intel_idle: Refactor intel_idle_cpuidle_driver_init() (bsc#1175543) - intel_idle: Use ACPI _CST for processor models without C-state tables (bsc#1175543) - iommu/amd: Fix extended features logging (bsc#1189213). - iommu/amd: Move Stoney Ridge check to detect_ivrs() (bsc#1189762). - iommu/arm-smmu-v3: Decrease the queue size of evtq and priq (bsc#1189210). - iommu/arm-smmu-v3: add bit field SFM into GERROR_ERR_MASK (bsc#1189209). - iommu/dma: Fix IOVA reserve dma ranges (bsc#1189214). - iommu/dma: Fix compile warning in 32-bit builds (bsc#1189229). - iommu/vt-d: Check for allocation failure in aux_detach_device() (bsc#1189215). - iommu/vt-d: Define counter explicitly as unsigned int (bsc#1189216). - iommu/vt-d: Do not set then clear private data in prq_event_thread() (bsc#1189217). - iommu/vt-d: Fix sysfs leak in alloc_iommu() (bsc#1189218). - iommu/vt-d: Force to flush iotlb before creating superpage (bsc#1189219). - iommu/vt-d: Global devTLB flush when present context entry changed (bsc#1189220). - iommu/vt-d: Invalidate PASID cache when root/context entry changed (bsc#1189221). - iommu/vt-d: Reject unsupported page request modes (bsc#1189222). - ionic: add handling of larger descriptors (jsc#SLE-16649). - ionic: add new queue features to interface (jsc#SLE-16649). - ionic: aggregate Tx byte counting calls (jsc#SLE-16649). - ionic: block actions during fw reset (jsc#SLE-16649). - ionic: change mtu after queues are stopped (jsc#SLE-16649). - ionic: check for link after netdev registration (jsc#SLE-16649). - ionic: code cleanup details (jsc#SLE-16649). - ionic: fix sizeof usage (jsc#SLE-16649). - ionic: fix unchecked reference (jsc#SLE-16649). - ionic: fix up dim accounting for tx and rx (jsc#SLE-16649). - ionic: generic tx skb mapping (jsc#SLE-16649). - ionic: implement Rx page reuse (jsc#SLE-16649). - ionic: make all rx_mode work threadsafe (jsc#SLE-16649). - ionic: move rx_page_alloc and free (jsc#SLE-16649). - ionic: optimize fastpath struct usage (jsc#SLE-16649). - ionic: protect adminq from early destroy (jsc#SLE-16649). - ionic: rebuild debugfs on qcq swap (jsc#SLE-16649). - ionic: remove intr coalesce update from napi (jsc#SLE-16649). - ionic: remove some unnecessary oom messages (jsc#SLE-16649). - ionic: simplify TSO descriptor mapping (jsc#SLE-16649). - ionic: simplify rx skb alloc (jsc#SLE-16649). - ionic: simplify the intr_index use in txq_init (jsc#SLE-16649). - ionic: simplify tx clean (jsc#SLE-16649). - ionic: simplify use of completion types (jsc#SLE-16649). - ionic: start queues before announcing link up (jsc#SLE-16649). - ionic: stop watchdog when in broken state (jsc#SLE-16649). - ionic: useful names for booleans (jsc#SLE-16649). - iwlwifi: pnvm: accept multiple HW-type TLVs (git-fixes). - iwlwifi: rs-fw: do not support stbc for HE 160 (git-fixes). - iwlwifi: skip first element in the WTAS ACPI table (git-fixes). - kABI fix of usb_dcd_config_params (git-fixes). - kABI: Fix kABI after fixing vcpu-id indexed arrays (git-fixes). - kabi fix for NFSv4.1: Do not rebind to the same source port when reconnecting to the server (bnc#1186264 bnc#1189021) - kabi fix for SUNRPC: defer slow parts of rpc_free_client() to a workqueue (bsc#1168202 bsc#1188924). - kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data() (bsc#1189153). - kernel-cert-subpackage: Fix certificate location in scriptlets (bsc#1189841). - leds: trigger: audio: Add an activate callback to ensure the initial brightness is set (git-fixes). - lib/mpi: use kcalloc in mpi_resize (git-fixes). - lib: Add zstd support to decompress (bsc#1187483, jsc#SLE-18766). - libata: fix ata_pio_sector for CONFIG_HIGHMEM (git-fixes). - mac80211: Fix insufficient headroom issue for AMSDU (git-fixes). - md/raid10: properly indicate failure when ending a failed write request (git-fixes). - md: revert io stats accounting (git-fixes). - media: TDA1997x: enable EDID support (git-fixes). - media: cxd2880-spi: Fix an error handling path (git-fixes). - media: drivers/media/usb: fix memory leak in zr364xx_probe (git-fixes). - media: dvb-usb: Fix error handling in dvb_usb_i2c_init (git-fixes). - media: dvb-usb: fix uninit-value in dvb_usb_adapter_dvb_init (git-fixes). - media: dvb-usb: fix uninit-value in vp702x_read_mac_addr (git-fixes). - media: em28xx-input: fix refcount bug in em28xx_usb_disconnect (git-fixes). - media: go7007: fix memory leak in go7007_usb_probe (git-fixes). - media: go7007: remove redundant initialization (git-fixes). - media: rtl28xxu: fix zero-length control request (git-fixes). - media: stkwebcam: fix memory leak in stk_camera_probe (git-fixes). - media: venus: venc: Fix potential null pointer dereference on pointer fmt (git-fixes). - media: videobuf2-core: dequeue if start_streaming fails (git-fixes). - media: zr364xx: fix memory leaks in probe() (git-fixes). - media: zr364xx: propagate errors from zr364xx_start_readpipe() (git-fixes). - misc: atmel-ssc: lock with mutex instead of spinlock (git-fixes). - misc: rtsx: do not setting OC_POWER_DOWN reg in rtsx_pci_init_ocp() (git-fixes). - mm/thp: unmap_mapping_page() to fix THP truncate_cleanup_page() (bsc#1189569). - mm/vmscan: fix infinite loop in drop_slab_node (VM Functionality, bsc#1189301). - mm: fix memory_failure() handling of dax-namespace metadata (bsc#1189872). - mm: swap: properly update readahead statistics in unuse_pte_range() (bsc#1187619). - mmc: dw_mmc: Fix hang on data CRC error (git-fixes). - mmc: dw_mmc: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: moxart: Fix issue with uninitialized dma_slave_config (git-fixes). - mmc: sdhci-iproc: Cap min clock frequency on BCM2711 (git-fixes). - mmc: sdhci-iproc: Set SDHCI_QUIRK_CAP_CLOCK_BASE_BROKEN on BCM2711 (git-fixes). - mtd: cfi_cmdset_0002: fix crash when erasing/writing AMD cards (git-fixes). - nbd: Aovid double completion of a request (git-fixes). - nbd: Fix NULL pointer in flush_workqueue (git-fixes). - net/mlx5: Add ts_cqe_to_dest_cqn related bits (bsc#1188412) - net/mlx5: Properly convey driver version to firmware (git-fixes). - net/mlx5e: Add missing capability check for uplink follow (bsc#1188412) - net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (git-fixes). - net: dsa: mv88e6xxx: also read STU state in mv88e6250_g1_vtu_getnext (git-fixes). - net: stmmac: free tx skb buffer in stmmac_resume() (git-fixes). - net: usb: lan78xx: do not modify phy_device state concurrently (bsc#1188270) - nfs: fix acl memory leak of posix_acl_create() (git-fixes). - nvme-multipath: revalidate paths during rescan (bsc#1187211) - nvme-pci: Use u32 for nvme_dev.q_depth and nvme_queue.q_depth (bsc#1181972). - nvme-pci: fix NULL req in completion handler (bsc#1181972). - nvme-pci: limit maximum queue depth to 4095 (bsc#1181972). - nvme-pci: use unsigned for io queue depth (bsc#1181972). - nvme-tcp: Do not reset transport on data digest errors (bsc#1188418). - nvme-tcp: do not check blk_mq_tag_to_rq when receiving pdu data (bsc#1181972). - nvme: avoid possible double fetch in handling CQE (bsc#1181972). - nvme: code command_id with a genctr for use-after-free validation (bsc#1181972). - nvme: only call synchronize_srcu when clearing current path (bsc#1188067). - nvmet: use NVMET_MAX_NAMESPACES to set nn value (bsc#1189384). - ocfs2: fix snprintf() checking (bsc#1189581). - ocfs2: fix zero out valid data (bsc#1189579). - ocfs2: initialize ip_next_orphan (bsc#1186731). - ocfs2: issue zeroout to EOF blocks (bsc#1189582). - ovl: allow upperdir inside lowerdir (bsc#1189323). - ovl: expand warning in ovl_d_real() (bsc#1189323). - ovl: fix missing revert_creds() on error path (bsc#1189323). - ovl: perform vfs_getxattr() with mounter creds (bsc#1189323). - ovl: skip getxattr of security labels (bsc#1189323). - params: lift param_set_uint_minmax to common code (bsc#1181972). - pcmcia: i82092: fix a null pointer dereference bug (git-fixes). - perf/x86/amd: Do not touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (bsc#1189225). - pinctrl: tigerlake: Fix GPIO mapping for newer version of software (git-fixes). - platform/x86: pcengines-apuv2: Add missing terminating entries to gpio-lookup tables (git-fixes). - post.sh: detect /usr mountpoint too - power: supply: max17042: handle fails of reading status register (git-fixes). - powerpc/cacheinfo: Improve diagnostics about malformed cache lists (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Lookup cache by dt node and thread-group id (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Remove the redundant get_shared_cpu_map() (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/cacheinfo: Use name@unit instead of full DT path in debug messages (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/papr_scm: Make 'perf_stats' invisible if perf-stats unavailable (bsc#1175052 jsc#SLE-13823 bsc#1174969 jsc#SLE-12769 git-fixes). - powerpc/papr_scm: Reduce error severity if nvdimm stats inaccessible (bsc#1189197 ltc#193906). - powerpc/pseries: Fix regression while building external modules (bsc#1160010 ltc#183046 git-fixes). This changes a GPL symbol to general symbol which is kABI change but not kABI break. - powerpc/pseries: Fix update of LPAR security flavor after LPM (bsc#1188885 ltc#193722 git-fixes). - powerpc/smp: Make some symbols static (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Use existing L2 cache_map cpumask to find L3 cache siblings (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc: Fix is_kvm_guest() / kvm_para_available() (bsc#1181148 ltc#190702 git-fixes). - regulator: rt5033: Fix n_voltages settings for BUCK and LDO (git-fixes). - regulator: vctrl: Avoid lockdep warning in enable/disable ops (git-fixes). - regulator: vctrl: Use locked regulator_get_voltage in probe path (git-fixes). - rpm/kernel-binary.spec.in: Use kmod-zstd provide. This makes it possible to use kmod with ZSTD support on non-Tumbleweed. - rpm/kernel-obs-build.spec.in: make builds reproducible (bsc#1189305) - rpm/kernel-source.rpmlintrc: ignore new include/config files In 5.13, since 0e0345b77ac4, config files have no longer .h suffix. Adapt the zero-length check. Based on Martin Liska's change. - rq-qos: fix missed wake-ups in rq_qos_throttle try two (bsc#1189575). - rsi: fix an error code in rsi_probe() (git-fixes). - rsi: fix error code in rsi_load_9116_firmware() (git-fixes). - s390/ap: Fix hanging ioctl caused by wrong msg counter (bsc#1188982 LTC#193817). - s390/boot: fix use of expolines in the DMA code (bsc#1188878 ltc#193771). - scsi: blkcg: Add app identifier support for blkcg (bsc#1189385 jsc#SLE-18970). - scsi: blkcg: Fix application ID config options (bsc#1189385 jsc#SLE-18970). - scsi: cgroup: Add cgroup_get_from_id() (bsc#1189385 jsc#SLE-18970). - scsi: core: Add scsi_prot_ref_tag() helper (bsc#1189392). - scsi: ibmvfc: Do not wait for initial device scan (bsc#1127650). - scsi: libfc: Fix array index out of bound exception (bsc#1188616). - scsi: lpfc: Add 256 Gb link speed support (bsc#1189385). - scsi: lpfc: Add PCI ID support for LPe37000/LPe38000 series adapters (bsc#1189385). - scsi: lpfc: Call discovery state machine when handling PLOGI/ADISC completions (bsc#1189385). - scsi: lpfc: Clear outstanding active mailbox during PCI function reset (bsc#1189385). - scsi: lpfc: Copyright updates for 12.8.0.11 patches (bsc#1189385). - scsi: lpfc: Copyright updates for 14.0.0.0 patches (bsc#1189385). - scsi: lpfc: Delay unregistering from transport until GIDFT or ADISC completes (bsc#1189385). - scsi: lpfc: Discovery state machine fixes for LOGO handling (bsc#1189385). - scsi: lpfc: Enable adisc discovery after RSCN by default (bsc#1189385). - scsi: lpfc: Fix KASAN slab-out-of-bounds in lpfc_unreg_rpi() routine (bsc#1189385). - scsi: lpfc: Fix NULL ptr dereference with NPIV ports for RDF handling (bsc#1189385). - scsi: lpfc: Fix NVMe support reporting in log message (bsc#1189385). - scsi: lpfc: Fix build error in lpfc_scsi.c (bsc#1189385). - scsi: lpfc: Fix cq_id truncation in rq create (bsc#1189385). - scsi: lpfc: Fix function description comments for vmid routines (bsc#1189385). - scsi: lpfc: Fix memory leaks in error paths while issuing ELS RDF/SCR request (bsc#1189385). - scsi: lpfc: Fix possible ABBA deadlock in nvmet_xri_aborted() (bsc#1189385). - scsi: lpfc: Fix target reset handler from falsely returning FAILURE (bsc#1189385). - scsi: lpfc: Improve firmware download logging (bsc#1189385). - scsi: lpfc: Keep NDLP reference until after freeing the IOCB after ELS handling (bsc#1189385). - scsi: lpfc: Move initialization of phba->poll_list earlier to avoid crash (git-fixes). - scsi: lpfc: Remove REG_LOGIN check requirement to issue an ELS RDF (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer pcmd (bsc#1189385). - scsi: lpfc: Remove redundant assignment to pointer temp_hdr (bsc#1189385). - scsi: lpfc: Remove use of kmalloc() in trace event logging (bsc#1189385). - scsi: lpfc: Revise Topology and RAS support checks for new adapters (bsc#1189385). - scsi: lpfc: Skip issuing ADISC when node is in NPR state (bsc#1189385). - scsi: lpfc: Skip reg_vpi when link is down for SLI3 in ADISC cmpl path (bsc#1189385). - scsi: lpfc: Update lpfc version to 12.8.0.11 (bsc#1189385). - scsi: lpfc: Update lpfc version to 14.0.0.0 (bsc#1189385). - scsi: lpfc: Use PBDE feature enabled bit to determine PBDE support (bsc#1189385). - scsi: lpfc: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189385). - scsi: lpfc: vmid: Add QFPA and VMID timeout check in worker thread (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add datastructure for supporting VMID in lpfc (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Add support for VMID in mailbox command (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Append the VMID to the wqe before sending (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Functions to manage VMIDs (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement CT commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Implement ELS commands for appid (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Introduce VMID in I/O path (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: Timeout implementation for VMID (bsc#1189385 jsc#SLE-18970). - scsi: lpfc: vmid: VMID parameter initialization (bsc#1189385 jsc#SLE-18970). - scsi: mpt3sas: Fix ReplyPostFree pool allocation (bsc#1181006). - scsi: qla2xxx: Add heartbeat check (bsc#1189392). - scsi: qla2xxx: Fix error return code in qla82xx_write_flash_dword() (bsc#1189392). - scsi: qla2xxx: Fix spelling mistakes "allloc" -> "alloc" (bsc#1189392). - scsi: qla2xxx: Fix use after free in debug code (bsc#1189392). - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (bsc#1189392). - scsi: qla2xxx: Remove duplicate declarations (bsc#1189392). - scsi: qla2xxx: Remove redundant assignment to rval (bsc#1189392). - scsi: qla2xxx: Remove redundant continue statement in a for-loop (bsc#1189392). - scsi: qla2xxx: Remove redundant initialization of variable num_cnt (bsc#1189392). - scsi: qla2xxx: Remove unused variable 'status' (bsc#1189392). - scsi: qla2xxx: Update version to 10.02.00.107-k (bsc#1189392). - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (bsc#1189392). - scsi: qla2xxx: Use the proper SCSI midlayer interfaces for PI (bsc#1189392). - scsi: qla2xxx: edif: Add authentication pass + fail bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add detection of secure device (bsc#1189392). - scsi: qla2xxx: edif: Add doorbell notification for app (bsc#1189392). - scsi: qla2xxx: edif: Add encryption to I/O path (bsc#1189392). - scsi: qla2xxx: edif: Add extraction of auth_els from the wire (bsc#1189392). - scsi: qla2xxx: edif: Add getfcinfo and statistic bsgs (bsc#1189392). - scsi: qla2xxx: edif: Add key update (bsc#1189392). - scsi: qla2xxx: edif: Add send, receive, and accept for auth_els (bsc#1189392). - scsi: qla2xxx: edif: Add start + stop bsgs (bsc#1189392). - scsi: qla2xxx: edif: Increment command and completion counts (bsc#1189392). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (bsc#1184180). - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (bsc#1189392). - scsi: zfcp: Report port fc_security as unknown early during remote cable pull (git-fixes). - serial: 8250: Mask out floating 16/32-bit bus bits (git-fixes). - serial: 8250_mtk: fix uart corruption issue when rx power off (git-fixes). - serial: 8250_pci: Avoid irq sharing for MSI(-X) interrupts (git-fixes). - serial: 8250_pci: Enumerate Elkhart Lake UARTs via dedicated driver (git-fixes). - serial: tegra: Only print FIFO error message when an error occurs (git-fixes). - slimbus: messaging: check for valid transaction id (git-fixes). - slimbus: messaging: start transaction ids from 1 instead of zero (git-fixes). - slimbus: ngd: reset dma setup during runtime pm (git-fixes). - soc: aspeed: lpc-ctrl: Fix boundary check for mmap (git-fixes). - soc: aspeed: p2a-ctrl: Fix boundary check for mmap (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx/qmgr: fix invalid __iomem access (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: ixp4xx: fix printing resources (git-fixes). - soc: qcom: rpmhpd: Use corner in power_off (git-fixes). - soc: qcom: smsm: Fix missed interrupts if state changes while masked (git-fixes). - spi: imx: mx51-ecspi: Fix CONFIGREG delay comment (git-fixes). - spi: imx: mx51-ecspi: Fix low-speed CONFIGREG delay calculation (git-fixes). - spi: imx: mx51-ecspi: Reinstate low-speed CONFIGREG delay (git-fixes). - spi: mediatek: Fix fifo transfer (git-fixes). - spi: meson-spicc: fix memory leak in meson_spicc_remove (git-fixes). - spi: spi-fsl-dspi: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: spi-pic32: Fix issue with uninitialized dma_slave_config (git-fixes). - spi: sprd: Fix the wrong WDG_LOAD_VAL (git-fixes). - spi: stm32h7: fix full duplex irq handler handling (git-fixes). - staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb() (git-fixes). - staging: rtl8712: get rid of flush_scheduled_work (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - staging: rtl8723bs: Fix a resource leak in sd_int_dpc (git-fixes). - tracing / histogram: Fix NULL pointer dereference on strcmp() on NULL event name (git-fixes). - tracing / histogram: Give calculation hist_fields a size (git-fixes). - tracing: Reject string operand in the histogram expression (git-fixes). - tty: serial: fsl_lpuart: fix the wrong mapbase value (git-fixes). - ubifs: Fix error return code in alloc_wbufs() (bsc#1189585). - ubifs: Fix memleak in ubifs_init_authentication (bsc#1189583). - ubifs: Only check replay with inode type to judge if inode linked (bsc#1187455). - ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode (bsc#1189587). - ubifs: journal: Fix error return code in ubifs_jnl_write_inode() (bsc#1189586). - usb: bdc: Fix an error handling path in 'bdc_probe()' when no suitable DMA config is available (git-fixes). - usb: dwc3: Disable phy suspend after power-on reset (git-fixes). - usb: dwc3: Separate field holding multiple properties (git-fixes). - usb: dwc3: Stop active transfers before halting the controller (git-fixes). - usb: dwc3: Use clk_bulk_prepare_enable() (git-fixes). - usb: dwc3: Use devres to get clocks (git-fixes). - usb: dwc3: core: do not do suspend for device mode if already suspended (git-fixes). - usb: dwc3: debug: Remove newline printout (git-fixes). - usb: dwc3: gadget: Check MPS of the request length (git-fixes). - usb: dwc3: gadget: Clear DCTL.ULSTCHNGREQ before set (git-fixes). - usb: dwc3: gadget: Clear DEP flags after stop transfers in ep disable (git-fixes). - usb: dwc3: gadget: Disable gadget IRQ during pullup disable (git-fixes). - usb: dwc3: gadget: Do not send unintended link state change (git-fixes). - usb: dwc3: gadget: Do not setup more than requested (git-fixes). - usb: dwc3: gadget: Fix dwc3_calc_trbs_left() (git-fixes). - usb: dwc3: gadget: Fix handling ZLP (git-fixes). - usb: dwc3: gadget: Give back staled requests (git-fixes). - usb: dwc3: gadget: Handle ZLP for sg requests (git-fixes). - usb: dwc3: gadget: Prevent EP queuing while stopping transfers (git-fixes). - usb: dwc3: gadget: Properly track pending and queued SG (git-fixes). - usb: dwc3: gadget: Restart DWC3 gadget when enabling pullup (git-fixes). - usb: dwc3: gadget: Set BESL config parameter (git-fixes). - usb: dwc3: gadget: Set link state to RX_Detect on disconnect (git-fixes). - usb: dwc3: gadget: Stop EP0 transfers during pullup disable (git-fixes). - usb: dwc3: gadget: Workaround Mirosoft's BESL check (git-fixes). - usb: dwc3: meson-g12a: add IRQ check (git-fixes). - usb: dwc3: meson-g12a: check return of dwc3_meson_g12a_usb_init (git-fixes). - usb: dwc3: of-simple: add a shutdown (git-fixes). - usb: dwc3: st: Add of_dev_put() in probe function (git-fixes). - usb: dwc3: st: Add of_node_put() before return in probe function (git-fixes). - usb: dwc3: support continuous runtime PM with dual role (git-fixes). - usb: ehci-orion: Handle errors of clk_prepare_enable() in probe (git-fixes). - usb: gadget: Export recommended BESL values (git-fixes). - usb: gadget: f_hid: added GET_IDLE and SET_IDLE handlers (git-fixes). - usb: gadget: f_hid: fixed NULL pointer dereference (git-fixes). - usb: gadget: f_hid: idle uses the highest byte for duration (git-fixes). - usb: gadget: mv_u3d: request_irq() after initializing UDC (git-fixes). - usb: gadget: udc: at91: add IRQ check (git-fixes). - usb: gadget: udc: renesas_usb3: Fix soc_device_match() abuse (git-fixes). - usb: host: ohci-tmio: add IRQ check (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: mtu3: fix the wrong HS mult value (git-fixes). - usb: mtu3: use @mult for HS isoc or intr (git-fixes). - usb: phy: fsl-usb: add IRQ check (git-fixes). - usb: phy: tahvo: add IRQ check (git-fixes). - usb: phy: twl6030: add IRQ checks (git-fixes). - usr: Add support for zstd compressed initramfs (bsc#1187483, jsc#SLE-18766). - virt_wifi: fix error on connect (git-fixes). - wireguard: allowedips: allocate nodes in kmem_cache (git-fixes). - wireguard: allowedips: free empty intermediate nodes when removing single node (git-fixes). - wireguard: allowedips: remove nodes in O(1) (git-fixes). - writeback: fix obtain a reference to a freeing memcg css (bsc#1189577). - x86/fpu: Limit xstate copy size in xstateregs_set() (bsc#1152489). - x86/fpu: Make init_fpstate correct with optimized XSAVE (bsc#1152489). - x86/fpu: Reset state for all signal restore failures (bsc#1152489). - x86/kvm: fix vcpu-id indexed array sizes (git-fixes). - x86/sev: Make sure IRQs are disabled while GHCB is active (jsc#SLE-14337). - x86/sev: Split up runtime #VC handler for correct state tracking (jsc#SLE-14337). - x86/sev: Use "SEV: " prefix for messages from sev.c (jsc#SLE-14337). - x86/signal: Detect and prevent an alternate signal stack overflow (bsc#1152489). - x86/split_lock: Provide handle_guest_split_lock() (bsc#1187959). - xen/events: Fix race in set_evtchn_to_irq (git-fixes). - xprtrdma: Pad optimization, revisited (bsc#1189760). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3205=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-59.24.1 cluster-md-kmp-default-debuginfo-5.3.18-59.24.1 dlm-kmp-default-5.3.18-59.24.1 dlm-kmp-default-debuginfo-5.3.18-59.24.1 gfs2-kmp-default-5.3.18-59.24.1 gfs2-kmp-default-debuginfo-5.3.18-59.24.1 kernel-default-5.3.18-59.24.1 kernel-default-base-5.3.18-59.24.1.18.12.1 kernel-default-base-rebuild-5.3.18-59.24.1.18.12.1 kernel-default-debuginfo-5.3.18-59.24.1 kernel-default-debugsource-5.3.18-59.24.1 kernel-default-devel-5.3.18-59.24.1 kernel-default-devel-debuginfo-5.3.18-59.24.1 kernel-default-extra-5.3.18-59.24.1 kernel-default-extra-debuginfo-5.3.18-59.24.1 kernel-default-livepatch-5.3.18-59.24.1 kernel-default-livepatch-devel-5.3.18-59.24.1 kernel-default-optional-5.3.18-59.24.1 kernel-default-optional-debuginfo-5.3.18-59.24.1 kernel-obs-build-5.3.18-59.24.1 kernel-obs-build-debugsource-5.3.18-59.24.1 kernel-obs-qa-5.3.18-59.24.1 kernel-syms-5.3.18-59.24.1 kselftests-kmp-default-5.3.18-59.24.1 kselftests-kmp-default-debuginfo-5.3.18-59.24.1 ocfs2-kmp-default-5.3.18-59.24.1 ocfs2-kmp-default-debuginfo-5.3.18-59.24.1 reiserfs-kmp-default-5.3.18-59.24.1 reiserfs-kmp-default-debuginfo-5.3.18-59.24.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-59.24.1 kernel-debug-debuginfo-5.3.18-59.24.1 kernel-debug-debugsource-5.3.18-59.24.1 kernel-debug-devel-5.3.18-59.24.1 kernel-debug-devel-debuginfo-5.3.18-59.24.1 kernel-debug-livepatch-devel-5.3.18-59.24.1 kernel-kvmsmall-5.3.18-59.24.1 kernel-kvmsmall-debuginfo-5.3.18-59.24.1 kernel-kvmsmall-debugsource-5.3.18-59.24.1 kernel-kvmsmall-devel-5.3.18-59.24.1 kernel-kvmsmall-devel-debuginfo-5.3.18-59.24.1 kernel-kvmsmall-livepatch-devel-5.3.18-59.24.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-59.24.1 cluster-md-kmp-preempt-debuginfo-5.3.18-59.24.1 dlm-kmp-preempt-5.3.18-59.24.1 dlm-kmp-preempt-debuginfo-5.3.18-59.24.1 gfs2-kmp-preempt-5.3.18-59.24.1 gfs2-kmp-preempt-debuginfo-5.3.18-59.24.1 kernel-preempt-5.3.18-59.24.1 kernel-preempt-debuginfo-5.3.18-59.24.1 kernel-preempt-debugsource-5.3.18-59.24.1 kernel-preempt-devel-5.3.18-59.24.1 kernel-preempt-devel-debuginfo-5.3.18-59.24.1 kernel-preempt-extra-5.3.18-59.24.1 kernel-preempt-extra-debuginfo-5.3.18-59.24.1 kernel-preempt-livepatch-devel-5.3.18-59.24.1 kernel-preempt-optional-5.3.18-59.24.1 kernel-preempt-optional-debuginfo-5.3.18-59.24.1 kselftests-kmp-preempt-5.3.18-59.24.1 kselftests-kmp-preempt-debuginfo-5.3.18-59.24.1 ocfs2-kmp-preempt-5.3.18-59.24.1 ocfs2-kmp-preempt-debuginfo-5.3.18-59.24.1 reiserfs-kmp-preempt-5.3.18-59.24.1 reiserfs-kmp-preempt-debuginfo-5.3.18-59.24.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-59.24.1 cluster-md-kmp-64kb-debuginfo-5.3.18-59.24.1 dlm-kmp-64kb-5.3.18-59.24.1 dlm-kmp-64kb-debuginfo-5.3.18-59.24.1 dtb-al-5.3.18-59.24.1 dtb-allwinner-5.3.18-59.24.1 dtb-altera-5.3.18-59.24.1 dtb-amd-5.3.18-59.24.1 dtb-amlogic-5.3.18-59.24.1 dtb-apm-5.3.18-59.24.1 dtb-arm-5.3.18-59.24.1 dtb-broadcom-5.3.18-59.24.1 dtb-cavium-5.3.18-59.24.1 dtb-exynos-5.3.18-59.24.1 dtb-freescale-5.3.18-59.24.1 dtb-hisilicon-5.3.18-59.24.1 dtb-lg-5.3.18-59.24.1 dtb-marvell-5.3.18-59.24.1 dtb-mediatek-5.3.18-59.24.1 dtb-nvidia-5.3.18-59.24.1 dtb-qcom-5.3.18-59.24.1 dtb-renesas-5.3.18-59.24.1 dtb-rockchip-5.3.18-59.24.1 dtb-socionext-5.3.18-59.24.1 dtb-sprd-5.3.18-59.24.1 dtb-xilinx-5.3.18-59.24.1 dtb-zte-5.3.18-59.24.1 gfs2-kmp-64kb-5.3.18-59.24.1 gfs2-kmp-64kb-debuginfo-5.3.18-59.24.1 kernel-64kb-5.3.18-59.24.1 kernel-64kb-debuginfo-5.3.18-59.24.1 kernel-64kb-debugsource-5.3.18-59.24.1 kernel-64kb-devel-5.3.18-59.24.1 kernel-64kb-devel-debuginfo-5.3.18-59.24.1 kernel-64kb-extra-5.3.18-59.24.1 kernel-64kb-extra-debuginfo-5.3.18-59.24.1 kernel-64kb-livepatch-devel-5.3.18-59.24.1 kernel-64kb-optional-5.3.18-59.24.1 kernel-64kb-optional-debuginfo-5.3.18-59.24.1 kselftests-kmp-64kb-5.3.18-59.24.1 kselftests-kmp-64kb-debuginfo-5.3.18-59.24.1 ocfs2-kmp-64kb-5.3.18-59.24.1 ocfs2-kmp-64kb-debuginfo-5.3.18-59.24.1 reiserfs-kmp-64kb-5.3.18-59.24.1 reiserfs-kmp-64kb-debuginfo-5.3.18-59.24.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-59.24.1 kernel-docs-5.3.18-59.24.1 kernel-docs-html-5.3.18-59.24.1 kernel-macros-5.3.18-59.24.1 kernel-source-5.3.18-59.24.1 kernel-source-vanilla-5.3.18-59.24.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-59.24.1 kernel-zfcpdump-debuginfo-5.3.18-59.24.1 kernel-zfcpdump-debugsource-5.3.18-59.24.1 References: https://www.suse.com/security/cve/CVE-2020-12770.html https://www.suse.com/security/cve/CVE-2021-34556.html https://www.suse.com/security/cve/CVE-2021-35477.html https://www.suse.com/security/cve/CVE-2021-3640.html https://www.suse.com/security/cve/CVE-2021-3653.html https://www.suse.com/security/cve/CVE-2021-3656.html https://www.suse.com/security/cve/CVE-2021-3679.html https://www.suse.com/security/cve/CVE-2021-3732.html https://www.suse.com/security/cve/CVE-2021-3739.html https://www.suse.com/security/cve/CVE-2021-3743.html https://www.suse.com/security/cve/CVE-2021-3753.html https://www.suse.com/security/cve/CVE-2021-3759.html https://www.suse.com/security/cve/CVE-2021-38160.html https://www.suse.com/security/cve/CVE-2021-38166.html https://www.suse.com/security/cve/CVE-2021-38198.html https://www.suse.com/security/cve/CVE-2021-38204.html https://www.suse.com/security/cve/CVE-2021-38205.html https://www.suse.com/security/cve/CVE-2021-38206.html https://www.suse.com/security/cve/CVE-2021-38207.html https://www.suse.com/security/cve/CVE-2021-38209.html https://bugzilla.suse.com/1040364 https://bugzilla.suse.com/1127650 https://bugzilla.suse.com/1135481 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1160010 https://bugzilla.suse.com/1168202 https://bugzilla.suse.com/1171420 https://bugzilla.suse.com/1174969 https://bugzilla.suse.com/1175052 https://bugzilla.suse.com/1175543 https://bugzilla.suse.com/1177399 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1180141 https://bugzilla.suse.com/1180347 https://bugzilla.suse.com/1181006 https://bugzilla.suse.com/1181148 https://bugzilla.suse.com/1181972 https://bugzilla.suse.com/1184180 https://bugzilla.suse.com/1185902 https://bugzilla.suse.com/1186264 https://bugzilla.suse.com/1186731 https://bugzilla.suse.com/1187211 https://bugzilla.suse.com/1187455 https://bugzilla.suse.com/1187468 https://bugzilla.suse.com/1187483 https://bugzilla.suse.com/1187619 https://bugzilla.suse.com/1187959 https://bugzilla.suse.com/1188067 https://bugzilla.suse.com/1188172 https://bugzilla.suse.com/1188231 https://bugzilla.suse.com/1188270 https://bugzilla.suse.com/1188412 https://bugzilla.suse.com/1188418 https://bugzilla.suse.com/1188616 https://bugzilla.suse.com/1188700 https://bugzilla.suse.com/1188780 https://bugzilla.suse.com/1188781 https://bugzilla.suse.com/1188782 https://bugzilla.suse.com/1188783 https://bugzilla.suse.com/1188784 https://bugzilla.suse.com/1188786 https://bugzilla.suse.com/1188787 https://bugzilla.suse.com/1188788 https://bugzilla.suse.com/1188790 https://bugzilla.suse.com/1188878 https://bugzilla.suse.com/1188885 https://bugzilla.suse.com/1188924 https://bugzilla.suse.com/1188982 https://bugzilla.suse.com/1188983 https://bugzilla.suse.com/1188985 https://bugzilla.suse.com/1189021 https://bugzilla.suse.com/1189057 https://bugzilla.suse.com/1189077 https://bugzilla.suse.com/1189153 https://bugzilla.suse.com/1189197 https://bugzilla.suse.com/1189209 https://bugzilla.suse.com/1189210 https://bugzilla.suse.com/1189212 https://bugzilla.suse.com/1189213 https://bugzilla.suse.com/1189214 https://bugzilla.suse.com/1189215 https://bugzilla.suse.com/1189216 https://bugzilla.suse.com/1189217 https://bugzilla.suse.com/1189218 https://bugzilla.suse.com/1189219 https://bugzilla.suse.com/1189220 https://bugzilla.suse.com/1189221 https://bugzilla.suse.com/1189222 https://bugzilla.suse.com/1189225 https://bugzilla.suse.com/1189229 https://bugzilla.suse.com/1189233 https://bugzilla.suse.com/1189262 https://bugzilla.suse.com/1189291 https://bugzilla.suse.com/1189292 https://bugzilla.suse.com/1189296 https://bugzilla.suse.com/1189298 https://bugzilla.suse.com/1189301 https://bugzilla.suse.com/1189305 https://bugzilla.suse.com/1189323 https://bugzilla.suse.com/1189384 https://bugzilla.suse.com/1189385 https://bugzilla.suse.com/1189392 https://bugzilla.suse.com/1189393 https://bugzilla.suse.com/1189399 https://bugzilla.suse.com/1189400 https://bugzilla.suse.com/1189427 https://bugzilla.suse.com/1189503 https://bugzilla.suse.com/1189504 https://bugzilla.suse.com/1189505 https://bugzilla.suse.com/1189506 https://bugzilla.suse.com/1189507 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1189563 https://bugzilla.suse.com/1189564 https://bugzilla.suse.com/1189565 https://bugzilla.suse.com/1189566 https://bugzilla.suse.com/1189567 https://bugzilla.suse.com/1189568 https://bugzilla.suse.com/1189569 https://bugzilla.suse.com/1189573 https://bugzilla.suse.com/1189574 https://bugzilla.suse.com/1189575 https://bugzilla.suse.com/1189576 https://bugzilla.suse.com/1189577 https://bugzilla.suse.com/1189579 https://bugzilla.suse.com/1189581 https://bugzilla.suse.com/1189582 https://bugzilla.suse.com/1189583 https://bugzilla.suse.com/1189585 https://bugzilla.suse.com/1189586 https://bugzilla.suse.com/1189587 https://bugzilla.suse.com/1189706 https://bugzilla.suse.com/1189760 https://bugzilla.suse.com/1189762 https://bugzilla.suse.com/1189832 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1189870 https://bugzilla.suse.com/1189872 https://bugzilla.suse.com/1189883 https://bugzilla.suse.com/1190022 https://bugzilla.suse.com/1190025 https://bugzilla.suse.com/1190115 https://bugzilla.suse.com/1190117 https://bugzilla.suse.com/1190412 https://bugzilla.suse.com/1190413 https://bugzilla.suse.com/1190428

1 0

openSUSE-SU-2021:3211-1: important: Security update for nodejs14
by opensuse-security＠opensuse.org 23 Sep '21

23 Sep '21

openSUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3211-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3211=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.17.5-5.15.5 nodejs14-debuginfo-14.17.5-5.15.5 nodejs14-debugsource-14.17.5-5.15.5 nodejs14-devel-14.17.5-5.15.5 npm14-14.17.5-5.15.5 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.17.5-5.15.5 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370

1 0

openSUSE-SU-2021:3193-1: important: Security update for ffmpeg
by opensuse-security＠opensuse.org 23 Sep '21

23 Sep '21

openSUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3193-1 Rating: important References: #1189724 Cross-References: CVE-2021-38171 CVSS scores: CVE-2021-38171 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2021-38171: Fixed adts_decode_extradata in libavformat/adtsenc.c to check the init_get_bits return value (bsc#1189724). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3193=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-11.11.1 ffmpeg-debuginfo-3.4.2-11.11.1 ffmpeg-debugsource-3.4.2-11.11.1 ffmpeg-private-devel-3.4.2-11.11.1 libavcodec-devel-3.4.2-11.11.1 libavcodec57-3.4.2-11.11.1 libavcodec57-debuginfo-3.4.2-11.11.1 libavdevice-devel-3.4.2-11.11.1 libavdevice57-3.4.2-11.11.1 libavdevice57-debuginfo-3.4.2-11.11.1 libavfilter-devel-3.4.2-11.11.1 libavfilter6-3.4.2-11.11.1 libavfilter6-debuginfo-3.4.2-11.11.1 libavformat-devel-3.4.2-11.11.1 libavformat57-3.4.2-11.11.1 libavformat57-debuginfo-3.4.2-11.11.1 libavresample-devel-3.4.2-11.11.1 libavresample3-3.4.2-11.11.1 libavresample3-debuginfo-3.4.2-11.11.1 libavutil-devel-3.4.2-11.11.1 libavutil55-3.4.2-11.11.1 libavutil55-debuginfo-3.4.2-11.11.1 libpostproc-devel-3.4.2-11.11.1 libpostproc54-3.4.2-11.11.1 libpostproc54-debuginfo-3.4.2-11.11.1 libswresample-devel-3.4.2-11.11.1 libswresample2-3.4.2-11.11.1 libswresample2-debuginfo-3.4.2-11.11.1 libswscale-devel-3.4.2-11.11.1 libswscale4-3.4.2-11.11.1 libswscale4-debuginfo-3.4.2-11.11.1 - openSUSE Leap 15.3 (x86_64): libavcodec57-32bit-3.4.2-11.11.1 libavcodec57-32bit-debuginfo-3.4.2-11.11.1 libavdevice57-32bit-3.4.2-11.11.1 libavdevice57-32bit-debuginfo-3.4.2-11.11.1 libavfilter6-32bit-3.4.2-11.11.1 libavfilter6-32bit-debuginfo-3.4.2-11.11.1 libavformat57-32bit-3.4.2-11.11.1 libavformat57-32bit-debuginfo-3.4.2-11.11.1 libavresample3-32bit-3.4.2-11.11.1 libavresample3-32bit-debuginfo-3.4.2-11.11.1 libavutil55-32bit-3.4.2-11.11.1 libavutil55-32bit-debuginfo-3.4.2-11.11.1 libpostproc54-32bit-3.4.2-11.11.1 libpostproc54-32bit-debuginfo-3.4.2-11.11.1 libswresample2-32bit-3.4.2-11.11.1 libswresample2-32bit-debuginfo-3.4.2-11.11.1 libswscale4-32bit-3.4.2-11.11.1 libswscale4-32bit-debuginfo-3.4.2-11.11.1 References: https://www.suse.com/security/cve/CVE-2021-38171.html https://bugzilla.suse.com/1189724

1 0

openSUSE-SU-2021:3202-1: moderate: Security update for linuxptp
by opensuse-security＠opensuse.org 23 Sep '21

23 Sep '21

openSUSE Security Update: Security update for linuxptp ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3202-1 Rating: moderate References: #1187646 Cross-References: CVE-2021-3570 CVSS scores: CVE-2021-3570 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3570 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for linuxptp fixes the following issues: - CVE-2021-3570: Fixed messageLength validation field of incoming messages (bsc#1187646). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3202=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): linuxptp-3.1.1-3.3.1 linuxptp-debuginfo-3.1.1-3.3.1 linuxptp-debugsource-3.1.1-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3570.html https://bugzilla.suse.com/1187646

1 0

openSUSE-SU-2021:3194-1: important: Security update for grilo
by opensuse-security＠opensuse.org 23 Sep '21

23 Sep '21

openSUSE Security Update: Security update for grilo ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3194-1 Rating: important References: #1189839 Cross-References: CVE-2021-39365 CVSS scores: CVE-2021-39365 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for grilo fixes the following issues: - CVE-2021-39365: Fixed missing TLS certificate verification (bsc#1189839). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3194=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grilo-debuginfo-0.3.12-3.3.1 grilo-debugsource-0.3.12-3.3.1 grilo-devel-0.3.12-3.3.1 grilo-tools-0.3.12-3.3.1 grilo-tools-debuginfo-0.3.12-3.3.1 libgrilo-0_3-0-0.3.12-3.3.1 libgrilo-0_3-0-debuginfo-0.3.12-3.3.1 libgrlnet-0_3-0-0.3.12-3.3.1 libgrlnet-0_3-0-debuginfo-0.3.12-3.3.1 libgrlpls-0_3-0-0.3.12-3.3.1 libgrlpls-0_3-0-debuginfo-0.3.12-3.3.1 typelib-1_0-Grl-0_3-0.3.12-3.3.1 typelib-1_0-GrlNet-0_3-0.3.12-3.3.1 typelib-1_0-GrlPls-0_3-0.3.12-3.3.1 - openSUSE Leap 15.3 (noarch): grilo-lang-0.3.12-3.3.1 References: https://www.suse.com/security/cve/CVE-2021-39365.html https://bugzilla.suse.com/1189839

1 0

openSUSE-SU-2021:3201-1: moderate: Security update for hivex
by opensuse-security＠opensuse.org 23 Sep '21

23 Sep '21

openSUSE Security Update: Security update for hivex ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3201-1 Rating: moderate References: #1189060 Cross-References: CVE-2021-3622 CVSS scores: CVE-2021-3622 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for hivex fixes the following issues: - CVE-2021-3622: Fixed stack overflow due to recursive call of _get_children() (bsc#1189060). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3201=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): hivex-1.3.14-5.6.1 hivex-debuginfo-1.3.14-5.6.1 hivex-debugsource-1.3.14-5.6.1 hivex-devel-1.3.14-5.6.1 libhivex0-1.3.14-5.6.1 libhivex0-debuginfo-1.3.14-5.6.1 ocaml-hivex-1.3.14-5.6.1 ocaml-hivex-debuginfo-1.3.14-5.6.1 ocaml-hivex-devel-1.3.14-5.6.1 perl-Win-Hivex-1.3.14-5.6.1 perl-Win-Hivex-debuginfo-1.3.14-5.6.1 python-hivex-1.3.14-5.6.1 python-hivex-debuginfo-1.3.14-5.6.1 - openSUSE Leap 15.3 (noarch): hivex-lang-1.3.14-5.6.1 References: https://www.suse.com/security/cve/CVE-2021-3622.html https://bugzilla.suse.com/1189060

1 0

openSUSE-SU-2021:1303-1: important: Security update for chromium
by opensuse-security＠opensuse.org 22 Sep '21

22 Sep '21

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1303-1 Rating: important References: #1190096 #1190476 Cross-References: CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 93.0.4577.63 (boo#1190096): * CVE-2021-30606: Use after free in Blink * CVE-2021-30607: Use after free in Permissions * CVE-2021-30608: Use after free in Web Share * CVE-2021-30609: Use after free in Sign-In * CVE-2021-30610: Use after free in Extensions API * CVE-2021-30611: Use after free in WebRTC * CVE-2021-30612: Use after free in WebRTC * CVE-2021-30613: Use after free in Base internals * CVE-2021-30614: Heap buffer overflow in TabStrip * CVE-2021-30615: Cross-origin data leak in Navigation * CVE-2021-30616: Use after free in Media * CVE-2021-30617: Policy bypass in Blink * CVE-2021-30618: Inappropriate implementation in DevTools * CVE-2021-30619: UI Spoofing in Autofill * CVE-2021-30620: Insufficient policy enforcement in Blink * CVE-2021-30621: UI Spoofing in Autofill * CVE-2021-30622: Use after free in WebApp Installs * CVE-2021-30623: Use after free in Bookmarks * CVE-2021-30624: Use after free in Autofill Chromium 93.0.4577.82 (boo#1190476): * CVE-2021-30625: Use after free in Selection API * CVE-2021-30626: Out of bounds memory access in ANGLE * CVE-2021-30627: Type Confusion in Blink layout * CVE-2021-30628: Stack buffer overflow in ANGLE * CVE-2021-30629: Use after free in Permissions * CVE-2021-30630: Inappropriate implementation in Blink * CVE-2021-30631: Type Confusion in Blink layout * CVE-2021-30632: Out of bounds write in V8 * CVE-2021-30633: Use after free in Indexed DB API Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1303=1 Package List: - openSUSE Leap 15.2 (x86_64): chromedriver-93.0.4577.82-lp152.2.125.1 chromedriver-debuginfo-93.0.4577.82-lp152.2.125.1 chromium-93.0.4577.82-lp152.2.125.1 chromium-debuginfo-93.0.4577.82-lp152.2.125.1 References: https://www.suse.com/security/cve/CVE-2021-30606.html https://www.suse.com/security/cve/CVE-2021-30607.html https://www.suse.com/security/cve/CVE-2021-30608.html https://www.suse.com/security/cve/CVE-2021-30609.html https://www.suse.com/security/cve/CVE-2021-30610.html https://www.suse.com/security/cve/CVE-2021-30611.html https://www.suse.com/security/cve/CVE-2021-30612.html https://www.suse.com/security/cve/CVE-2021-30613.html https://www.suse.com/security/cve/CVE-2021-30614.html https://www.suse.com/security/cve/CVE-2021-30615.html https://www.suse.com/security/cve/CVE-2021-30616.html https://www.suse.com/security/cve/CVE-2021-30617.html https://www.suse.com/security/cve/CVE-2021-30618.html https://www.suse.com/security/cve/CVE-2021-30619.html https://www.suse.com/security/cve/CVE-2021-30620.html https://www.suse.com/security/cve/CVE-2021-30621.html https://www.suse.com/security/cve/CVE-2021-30622.html https://www.suse.com/security/cve/CVE-2021-30623.html https://www.suse.com/security/cve/CVE-2021-30624.html https://www.suse.com/security/cve/CVE-2021-30625.html https://www.suse.com/security/cve/CVE-2021-30626.html https://www.suse.com/security/cve/CVE-2021-30627.html https://www.suse.com/security/cve/CVE-2021-30628.html https://www.suse.com/security/cve/CVE-2021-30629.html https://www.suse.com/security/cve/CVE-2021-30630.html https://www.suse.com/security/cve/CVE-2021-30631.html https://www.suse.com/security/cve/CVE-2021-30632.html https://www.suse.com/security/cve/CVE-2021-30633.html https://bugzilla.suse.com/1190096 https://bugzilla.suse.com/1190476

1 0

openSUSE-SU-2021:3187-1: important: Security update for samba
by opensuse-security＠opensuse.org 22 Sep '21

22 Sep '21

openSUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3187-1 Rating: important References: #1182830 #1183572 #1183574 #1184677 #1189875 Cross-References: CVE-2020-27840 CVE-2021-20254 CVE-2021-20277 CVSS scores: CVE-2020-27840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20254 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-20277 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). - CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). - Spec file fixes around systemd and requires (bsc#1182830) - Fix dependency problem upgrading from libndr0 to libndr1 (bsc#1189875) - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2 (bsc#1189875) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3187=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ctdb-4.13.6+git.211.555d60b24ba-3.7.1 ctdb-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 ctdb-pcp-pmda-4.13.6+git.211.555d60b24ba-3.7.1 ctdb-pcp-pmda-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 ctdb-tests-4.13.6+git.211.555d60b24ba-3.7.1 ctdb-tests-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-binding0-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-binding0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-devel-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr-devel-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr0-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard-devel-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi-devel-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy-python3-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy0-python3-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy0-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient0-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap-devel-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util-devel-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient-devel-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-4.13.6+git.211.555d60b24ba-3.7.1 samba-ad-dc-4.13.6+git.211.555d60b24ba-3.7.1 samba-ad-dc-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-client-4.13.6+git.211.555d60b24ba-3.7.1 samba-client-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-core-devel-4.13.6+git.211.555d60b24ba-3.7.1 samba-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-debugsource-4.13.6+git.211.555d60b24ba-3.7.1 samba-dsdb-modules-4.13.6+git.211.555d60b24ba-3.7.1 samba-dsdb-modules-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-python3-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-python3-4.13.6+git.211.555d60b24ba-3.7.1 samba-python3-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-test-4.13.6+git.211.555d60b24ba-3.7.1 samba-test-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 - openSUSE Leap 15.3 (aarch64 x86_64): samba-ceph-4.13.6+git.211.555d60b24ba-3.7.1 samba-ceph-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 - openSUSE Leap 15.3 (x86_64): libdcerpc-binding0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-binding0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc-samr0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libdcerpc0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr-krb5pac0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr-nbt0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr-standard0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libndr1-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi-devel-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libnetapi0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-credentials0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-errors0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-hostconfig0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-passdb0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy0-python3-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-policy0-python3-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamba-util0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsamdb0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsmbclient0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsmbconf0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libsmbldap2-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libtevent-util0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-32bit-4.13.6+git.211.555d60b24ba-3.7.1 libwbclient0-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-ad-dc-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-ad-dc-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-client-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-client-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-python3-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-libs-python3-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-32bit-4.13.6+git.211.555d60b24ba-3.7.1 samba-winbind-32bit-debuginfo-4.13.6+git.211.555d60b24ba-3.7.1 - openSUSE Leap 15.3 (noarch): samba-doc-4.13.6+git.211.555d60b24ba-3.7.1 References: https://www.suse.com/security/cve/CVE-2020-27840.html https://www.suse.com/security/cve/CVE-2021-20254.html https://www.suse.com/security/cve/CVE-2021-20277.html https://bugzilla.suse.com/1182830 https://bugzilla.suse.com/1183572 https://bugzilla.suse.com/1183574 https://bugzilla.suse.com/1184677 https://bugzilla.suse.com/1189875

1 0

openSUSE-SU-2021:1300-1: important: Security update for chromium
by opensuse-security＠opensuse.org 22 Sep '21

22 Sep '21

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1300-1 Rating: important References: #1190096 #1190476 Cross-References: CVE-2021-30606 CVE-2021-30607 CVE-2021-30608 CVE-2021-30609 CVE-2021-30610 CVE-2021-30611 CVE-2021-30612 CVE-2021-30613 CVE-2021-30614 CVE-2021-30615 CVE-2021-30616 CVE-2021-30617 CVE-2021-30618 CVE-2021-30619 CVE-2021-30620 CVE-2021-30621 CVE-2021-30622 CVE-2021-30623 CVE-2021-30624 CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30629 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes 28 vulnerabilities is now available. Description: This update for chromium fixes the following issues: Chromium 93.0.4577.63 (boo#1190096): * CVE-2021-30606: Use after free in Blink * CVE-2021-30607: Use after free in Permissions * CVE-2021-30608: Use after free in Web Share * CVE-2021-30609: Use after free in Sign-In * CVE-2021-30610: Use after free in Extensions API * CVE-2021-30611: Use after free in WebRTC * CVE-2021-30612: Use after free in WebRTC * CVE-2021-30613: Use after free in Base internals * CVE-2021-30614: Heap buffer overflow in TabStrip * CVE-2021-30615: Cross-origin data leak in Navigation * CVE-2021-30616: Use after free in Media * CVE-2021-30617: Policy bypass in Blink * CVE-2021-30618: Inappropriate implementation in DevTools * CVE-2021-30619: UI Spoofing in Autofill * CVE-2021-30620: Insufficient policy enforcement in Blink * CVE-2021-30621: UI Spoofing in Autofill * CVE-2021-30622: Use after free in WebApp Installs * CVE-2021-30623: Use after free in Bookmarks * CVE-2021-30624: Use after free in Autofill Chromium 93.0.4577.82 (boo#1190476): * CVE-2021-30625: Use after free in Selection API * CVE-2021-30626: Out of bounds memory access in ANGLE * CVE-2021-30627: Type Confusion in Blink layout * CVE-2021-30628: Stack buffer overflow in ANGLE * CVE-2021-30629: Use after free in Permissions * CVE-2021-30630: Inappropriate implementation in Blink * CVE-2021-30631: Type Confusion in Blink layout * CVE-2021-30632: Out of bounds write in V8 * CVE-2021-30633: Use after free in Indexed DB API Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2021-1300=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 x86_64): chromedriver-93.0.4577.82-bp153.2.28.1 chromium-93.0.4577.82-bp153.2.28.1 References: https://www.suse.com/security/cve/CVE-2021-30606.html https://www.suse.com/security/cve/CVE-2021-30607.html https://www.suse.com/security/cve/CVE-2021-30608.html https://www.suse.com/security/cve/CVE-2021-30609.html https://www.suse.com/security/cve/CVE-2021-30610.html https://www.suse.com/security/cve/CVE-2021-30611.html https://www.suse.com/security/cve/CVE-2021-30612.html https://www.suse.com/security/cve/CVE-2021-30613.html https://www.suse.com/security/cve/CVE-2021-30614.html https://www.suse.com/security/cve/CVE-2021-30615.html https://www.suse.com/security/cve/CVE-2021-30616.html https://www.suse.com/security/cve/CVE-2021-30617.html https://www.suse.com/security/cve/CVE-2021-30618.html https://www.suse.com/security/cve/CVE-2021-30619.html https://www.suse.com/security/cve/CVE-2021-30620.html https://www.suse.com/security/cve/CVE-2021-30621.html https://www.suse.com/security/cve/CVE-2021-30622.html https://www.suse.com/security/cve/CVE-2021-30623.html https://www.suse.com/security/cve/CVE-2021-30624.html https://www.suse.com/security/cve/CVE-2021-30625.html https://www.suse.com/security/cve/CVE-2021-30626.html https://www.suse.com/security/cve/CVE-2021-30627.html https://www.suse.com/security/cve/CVE-2021-30628.html https://www.suse.com/security/cve/CVE-2021-30629.html https://www.suse.com/security/cve/CVE-2021-30630.html https://www.suse.com/security/cve/CVE-2021-30631.html https://www.suse.com/security/cve/CVE-2021-30632.html https://www.suse.com/security/cve/CVE-2021-30633.html https://bugzilla.suse.com/1190096 https://bugzilla.suse.com/1190476

1 0