openSUSE Updates
Threads by month
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
June 2021
- 2 participants
- 128 discussions
openSUSE-SU-2021:2214-1: important: Security update for go1.15
by opensuse-security@opensuse.org 30 Jun '21
by opensuse-security@opensuse.org 30 Jun '21
30 Jun '21
openSUSE Security Update: Security update for go1.15
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2214-1
Rating: important
References: #1175132 #1186622 #1187443 #1187444 #1187445
Cross-References: CVE-2021-33195 CVE-2021-33196 CVE-2021-33197
CVE-2021-33198
CVSS scores:
CVE-2021-33195 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
CVE-2021-33196 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33197 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-33198 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for go1.15 fixes the following issues:
Update to 1.15.13.
Includes these security fixes
- CVE-2021-33195: net: Lookup functions may return invalid host names
(bsc#1187443).
- CVE-2021-33196: archive/zip: malformed archive may cause panic or memory
exhaustion (bsc#1186622).
- CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection
headers if first one is empty (bsc#1187444)
- CVE-2021-33198: math/big: (*Rat).SetString with
"1.770p02041010010011001001" crashes with "makeslice: len out of range"
(bsc#1187445).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2214=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.15-1.15.13-1.33.1
go1.15-doc-1.15.13-1.33.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.15-race-1.15.13-1.33.1
References:
https://www.suse.com/security/cve/CVE-2021-33195.html
https://www.suse.com/security/cve/CVE-2021-33196.html
https://www.suse.com/security/cve/CVE-2021-33197.html
https://www.suse.com/security/cve/CVE-2021-33198.html
https://bugzilla.suse.com/1175132
https://bugzilla.suse.com/1186622
https://bugzilla.suse.com/1187443
https://bugzilla.suse.com/1187444
https://bugzilla.suse.com/1187445
1
0
openSUSE-SU-2021:0943-1: important: Security update for roundcubemail
by opensuse-security@opensuse.org 30 Jun '21
by opensuse-security@opensuse.org 30 Jun '21
30 Jun '21
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0943-1
Rating: important
References: #1180399 #1187706 #1187707
Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730
CVSS scores:
CVE-2020-18670 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-18671 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-35730 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for roundcubemail fixes the following issues:
Upgrade to version 1.3.16
This is a security update to the LTS version 1.3.
It fixes a recently reported stored cross-site scripting (XSS)
vulnerability via HTML or plain text messages with malicious content.
References:
- CVE-2020-18670: Cross Site Scripting (XSS) vulneraibility via database
host and user in /installer/test.php (boo#1187707)
- CVE-2020-18671: Cross Site Scripting (XSS) vulnerability via smtp config
in /installer/test.php (boo#1187706)
- CVE-2020-35730: cross-site scripting (XSS) vulnerability via HTML or
plain text messages with malicious content (boo#1180399)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2021-943=1
Package List:
- openSUSE Backports SLE-15-SP1 (noarch):
roundcubemail-1.3.16-bp151.4.6.1
References:
https://www.suse.com/security/cve/CVE-2020-18670.html
https://www.suse.com/security/cve/CVE-2020-18671.html
https://www.suse.com/security/cve/CVE-2020-35730.html
https://bugzilla.suse.com/1180399
https://bugzilla.suse.com/1187706
https://bugzilla.suse.com/1187707
1
0
openSUSE-SU-2021:2202-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 30 Jun '21
by opensuse-security@opensuse.org 30 Jun '21
30 Jun '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2202-1
Rating: important
References: #1152489 #1154353 #1174978 #1176447 #1176771
#1178134 #1178612 #1179610 #1183712 #1184259
#1184436 #1184631 #1185195 #1185570 #1185589
#1185675 #1185701 #1186155 #1186286 #1186463
#1186472 #1186672 #1186677 #1186752 #1186885
#1186928 #1186949 #1186950 #1186951 #1186952
#1186953 #1186954 #1186955 #1186956 #1186957
#1186958 #1186959 #1186960 #1186961 #1186962
#1186963 #1186964 #1186965 #1186966 #1186967
#1186968 #1186969 #1186970 #1186971 #1186972
#1186973 #1186974 #1186976 #1186977 #1186978
#1186979 #1186980 #1186981 #1186982 #1186983
#1186984 #1186985 #1186986 #1186987 #1186988
#1186989 #1186990 #1186991 #1186992 #1186993
#1186994 #1186995 #1186996 #1186997 #1186998
#1186999 #1187000 #1187001 #1187002 #1187003
#1187038 #1187039 #1187050 #1187052 #1187067
#1187068 #1187069 #1187072 #1187143 #1187144
#1187167 #1187334 #1187344 #1187345 #1187346
#1187347 #1187348 #1187349 #1187350 #1187351
#1187357 #1187711
Cross-References: CVE-2020-26558 CVE-2020-36385 CVE-2020-36386
CVE-2021-0129
CVSS scores:
CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36386 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves four vulnerabilities and has 98 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP3 azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core
Specification 2.1 may permit a nearby man-in-the-middle attacker to
identify the Passkey used during pairing by reflection of the public key
and the authentication evidence of the initiating device, potentially
permitting this attacker to complete authenticated pairing with the
responding device using the correct Passkey for the pairing session.
(bnc#1179610 bnc#1186463)
- CVE-2021-0129: Improper access control in BlueZ may have allowed an
authenticated user to potentially enable information disclosure via
adjacent access (bnc#1186463).
- CVE-2020-36385: Fixed a use-after-free in drivers/infiniband/core/ucma.c
which could be triggered if the ctx is reached via the ctx_list in some
ucma_migrate_id situations where ucma_close is called (bnc#1187050).
- CVE-2020-36386: Fixed a slab out-of-bounds read in
hci_extended_inquiry_result_evt (bnc#1187038).
The following non-security bugs were fixed:
- ACPICA: Clean up context mutex during object deletion (git-fixes).
- ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite
Dragonfly G2 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook
x360 1040 G8 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8
(git-fixes).
- ALSA: hda/realtek: headphone and mic do not work on an Acer laptop
(git-fixes).
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
- ALSA: hda: update the power_state during the direct-complete (git-fixes).
- ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes).
- ALSA: timer: Fix master timer notification (git-fixes).
- ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config
(git-fixes).
- ASoC: amd: fix for pcm_read() error (git-fixes).
- ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882
jsc#ECO-3691)
- HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes).
- HID: i2c-hid: fix format string mismatch (git-fixes).
- HID: magicmouse: fix NULL-deref on disconnect (git-fixes).
- HID: multitouch: require Finger field to mark Win8 reports as MT
(git-fixes).
- HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
- NFC: SUSE specific brutal fix for runtime PM (bsc#1185589).
- NFS: Deal correctly with attribute generation counter overflow
(git-fixes).
- NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
(git-fixes).
- NFS: Do not discard pNFS layout segments that are marked for return
(git-fixes).
- NFS: Do not gratuitously clear the inode cache when lookup failed
(git-fixes).
- NFS: Do not revalidate the directory permissions on a lookup failure
(git-fixes).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
- NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
- NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
- NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes).
- NFSv42: Copy offload should update the file size when appropriate
(git-fixes).
- NFSv4: Do not discard segments marked for return in
_pnfs_return_layout() (git-fixes).
- NFSv4: Fix a NULL pointer dereference in
pnfs_mark_matching_lsegs_return() (git-fixes).
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
(git-fixes).
- PCI/LINK: Remove bandwidth notification (bsc#1183712).
- PM: sleep: Add pm_debug_messages kernel command line option
(bsc#1186752).
- SUNRPC: Move fault injection call sites (git-fixes).
- SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes).
- UCSI fixup of array of PDOs (git-fixes).
- USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes).
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
(git-fixes).
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
(git-fixes).
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
- USB: serial: quatech2: fix control-request directions (git-fixes).
- USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
- USB: usbfs: Do not WARN about excessively large memory allocations
(git-fixes).
- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes).
- bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357).
- bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357).
- bcache: avoid oversized read request in cache missing code path
(bsc#1187357, bsc#1185570, bsc#1184631).
- bcache: do not pass BIOSET_NEED_BVECS for the 'bio_set' embedded in
'cache_set' (bsc#1187357).
- bcache: fix a regression of code compiling failure in debug.c
(bsc#1187357).
- bcache: inherit the optimal I/O size (bsc#1187357).
- bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357).
- bcache: remove PTR_CACHE (bsc#1187357).
- bcache: remove bcache device self-defined readahead (bsc#1187357,
bsc#1185570, bsc#1184631).
- bcache: use NULL instead of using plain integer as pointer (bsc#1187357).
- blk-settings: align max_sectors on "logical_block_size" boundary
(bsc#1185195).
- block: return the correct bvec when checking for gaps (bsc#1187143).
- block: return the correct bvec when checking for gaps (bsc#1187144).
- brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677).
- brcmfmac: properly check for bus register errors (git-fixes).
- btrfs: open device without device_list_mutex (bsc#1176771).
- bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act
(git-fixes).
- char: hpet: add checks after calling ioremap (git-fixes).
- chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129).
- cxgb4/ch_ktls: Clear resources when pf4 device is removed
(jsc#SLE-15129).
- cxgb4: avoid accessing registers when clearing filters (git-fixes).
- cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389).
- cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131).
- devlink: Correct VIRTUAL port to not have phys_port attributes
(jsc#SLE-15172).
- dmaengine: idxd: Use cpu_feature_enabled() (git-fixes).
- dmaengine: idxd: add missing dsa driver unregister (git-fixes).
- dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
- drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes).
- drm/amd/amdgpu: fix refcount leak (git-fixes).
- drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
- drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu: Do not query CE and UE errors (git-fixes).
- drm/amdgpu: Fix a use-after-free (git-fixes).
- drm/amdgpu: make sure we unpin the UVD BO (git-fixes).
- drm/amdgpu: stop touching sched.ready in the backend (git-fixes).
- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error
(git-fixes).
- drm/i915/selftests: Fix return value check in
live_breadcrumbs_smoketest() (git-fixes).
- drm/mcde: Fix off by 10^3 in calculation (git-fixes).
- drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650
(git-fixes).
- drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes).
- efi/libstub: prevent read overflow in find_file_option() (git-fixes).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
(git-fixes).
- efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
- fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
- gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes).
- gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes).
- gve: Add NULL pointer checks when freeing irqs (git-fixes).
- gve: Correct SKB queue index validation (git-fixes).
- gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes).
- gve: Upgrade memory barrier in poll routine (git-fixes).
- hwmon: (dell-smm-hwmon) Fix index values (git-fixes).
- i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops
(git-fixes).
- ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926).
- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
(git-fixes).
- ice: Fix allowing VF to request more/less queues via virtchnl
(jsc#SLE-12878).
- ice: handle the VF VSI rebuild failure (jsc#SLE-12878).
- iommu/amd: Keep track of amd_iommu_irq_remap state
(https://bugzilla.kernel.org/show_bug.cgi?id=212133)
- iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345).
- iommu/vt-d: Remove WO permissions on second-level paging entries
(bsc#1187346).
- iommu/vt-d: Report right snoop capability when using FL for IOVA
(bsc#1187347).
- iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348).
- iommu: Fix a boundary issue to avoid performance drop (bsc#1187344).
- isdn: mISDN: correctly handle ph_info allocation failure in
hfcsusb_ph_info (git-fixes).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
(git-fixes).
- ixgbe: fix large MTU request from VF (git-fixes).
- kABI workaround for rtw88 (git-fixes).
- kABI workaround for struct lis3lv02d change (git-fixes).
- lib: crc64: fix kernel-doc warning (bsc#1187357).
- libertas: register sysfs groups properly (git-fixes).
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
(git-fixes).
- md: Fix missing unused status line of /proc/mdstat (git-fixes).
- md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357).
- md: bcache: avoid -Wempty-body warnings (bsc#1187357).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- mei: request autosuspend after sending rx flow control (git-fixes).
- mmc: sdhci: Clear unused bounce buffer at DMA mmap error path
(bsc#1187039).
- net/mlx4: Fix EEPROM dump support (git-fixes).
- net/mlx5: DR, Create multi-destination flow table with level less than
64 (jsc#SLE-8464).
- net/mlx5: Set reformat action when needed for termination rules
(jsc#SLE-15172).
- net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172).
- net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172).
- net/mlx5e: Fix incompatible casting (jsc#SLE-15172).
- net/mlx5e: Fix multipath lag activation (git-fixes).
- net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172).
- net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes).
- net/mlx5e: reset XPS on error flow if netdev isn't registered yet
(jsc#SLE-15172).
- net/sched: act_ct: Offload connections with commit action
(jsc#SLE-15172).
- net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172).
- net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172).
- net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
- net: fix iteration for sctp transport seq_files (git-fixes).
- net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes).
- net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777).
- net: hns3: put off calling register_netdev() until client initialize
complete (bsc#1154353).
- net: zero-initialize tc skb extension on allocation (bsc#1176447).
- netfilter: nf_tables: missing error reporting for not selected
expressions (bsc#1176447).
- netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to
non-AVX2 version (bsc#1176447).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed
connect (git-fixes).
- nfsd: register pernet ops last, unregister first (git-fixes).
- nvme-multipath: fix double initialization of ANA state (bsc#1178612,
bsc#1184259, bsc#1186155).
- nvme: add new line after variable declatation (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: do not check nvme_req flags for new req (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: split init identify into helper (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvmet: use new ana_log_size instead the old one (bsc#1178612,
bsc#1184259, bsc#1186155).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
(git-fixes).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
- pid: take a reference when initializing `cad_pid` (bsc#1152489).
- platform/x86: hp-wireless: add AMD's hardware id to the supported list
(git-fixes).
- platform/x86: hp_accel: Avoid invoking _INI to speed up resume
(git-fixes).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
(git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700
tablet (git-fixes).
- powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847
git-fixes).
- powerpc/kprobes: Fix validation of prefixed instructions across page
boundary (jsc#SLE-13847 git-fixes).
- regulator: core: resolve supply for boot-on/always-on regulators
(git-fixes).
- regulator: max77620: Use device_set_of_node_from_dev() (git-fixes).
- rtw88: 8822c: add LC calibration for RTL8822C (git-fixes).
- scsi: aacraid: Fix an oops in error handling (bsc#1187072).
- scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950).
- scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951).
- scsi: acornscsi: Fix an error handling path in acornscsi_probe()
(bsc#1186952).
- scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
(bsc#1186953).
- scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
(bsc#1187067).
- scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954).
- scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955).
- scsi: bnx2i: Requires MMU (bsc#1186956).
- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
(bsc#1186957).
- scsi: cumana_2: Fix different dev_id between request_irq() and
free_irq() (bsc#1186958).
- scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959).
- scsi: cxgb4i: Fix TLS dependency (bsc#1186960).
- scsi: eesox: Fix different dev_id between request_irq() and free_irq()
(bsc#1186961).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962).
- scsi: hisi_sas: Fix IRQ checks (bsc#1186963).
- scsi: hisi_sas: Remove preemptible() (bsc#1186964).
- scsi: jazz_esp: Add IRQ check (bsc#1186965).
- scsi: libfc: Fix enum-conversion warning (bsc#1186966).
- scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
(bsc#1186967).
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
(bsc#1187068).
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
(bsc#1186968).
- scsi: lpfc: Fix ancient double free (bsc#1186969).
- scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1186970).
- scsi: megaraid_sas: Clear affinity hint (bsc#1186971).
- scsi: megaraid_sas: Do not call disable_irq from process IRQ poll
(bsc#1186972).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973).
- scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974).
- scsi: mesh: Fix panic after host or bus reset (bsc#1186976).
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
(bsc#1186978).
- scsi: mpt3sas: Fix ioctl timeout (bsc#1186979).
- scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980).
- scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981).
- scsi: powertec: Fix different dev_id between request_irq() and
free_irq() (bsc#1186982).
- scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues()
(bsc#1186984).
- scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
(bsc#1186985).
- scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
- scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
(bsc#1186986).
- scsi: qla4xxx: Remove in_interrupt() (bsc#1186987).
- scsi: scsi_debug: Add check for sdebug_max_queue during module init
(bsc#1186988).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure
(bsc#1174978 bsc#1185701).
- scsi: sd: Fix Opal support (bsc#1186989).
- scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472).
- scsi: smartpqi: Add host level stream detection enable (bsc#1186472).
- scsi: smartpqi: Add new PCI IDs (bsc#1186472).
- scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472).
- scsi: smartpqi: Add stream detection (bsc#1186472).
- scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits
(bsc#1186472).
- scsi: smartpqi: Add support for RAID1 writes (bsc#1186472).
- scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472).
- scsi: smartpqi: Add support for long firmware version (bsc#1186472).
- scsi: smartpqi: Add support for new product ids (bsc#1186472).
- scsi: smartpqi: Add support for wwid (bsc#1186472).
- scsi: smartpqi: Align code with oob driver (bsc#1186472).
- scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472).
- scsi: smartpqi: Correct request leakage during reset operations
(bsc#1186472).
- scsi: smartpqi: Correct system hangs when resuming from hibernation
(bsc#1186472).
- scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472).
- scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472).
- scsi: smartpqi: Fix device pointer variable reference static checker
issue (bsc#1186472).
- scsi: smartpqi: Fix driver synchronization issues (bsc#1186472).
- scsi: smartpqi: Refactor aio submission code (bsc#1186472).
- scsi: smartpqi: Refactor scatterlist code (bsc#1186472).
- scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472).
- scsi: smartpqi: Remove unused functions (bsc#1186472).
- scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472).
- scsi: smartpqi: Update OFA management (bsc#1186472).
- scsi: smartpqi: Update RAID bypass handling (bsc#1186472).
- scsi: smartpqi: Update SAS initiator_port_protocols and
target_port_protocols (bsc#1186472).
- scsi: smartpqi: Update device scan operations (bsc#1186472).
- scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472).
- scsi: smartpqi: Update event handler (bsc#1186472).
- scsi: smartpqi: Update soft reset management for OFA (bsc#1186472).
- scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472).
- scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472).
- scsi: smartpqi: Use host-wide tag space (bsc#1186472).
- scsi: sni_53c710: Add IRQ check (bsc#1186990).
- scsi: sun3x_esp: Add IRQ check (bsc#1186991).
- scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002).
- scsi: ufs: Add quirk to disallow reset of interrupt aggregation
(bsc#1186992).
- scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993).
- scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994).
- scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995).
- scsi: ufs: Do not update urgent bkops level when toggling auto bkops
(bsc#1186997).
- scsi: ufs: Fix race between shutdown and runtime resume flow
(bsc#1186998).
- scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000).
- scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN
(bsc#1187069).
- scsi: ufs: Properly release resources if a task is aborted successfully
(bsc#1187001).
- scsi: ufs: core: Narrow down fast path in system suspend path
(bsc#1186996).
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003).
- scsi: ufshcd: use an enum for quirks (bsc#1186999).
- serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes).
- serial: max310x: unregister uart driver in case of failure and abort
(git-fixes).
- serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
(git-fixes).
- staging: rtl8723bs: Fix uninitialized variables (git-fixes).
- sunrpc: fix refcount leak for rpc auth modules (git-fixes).
- svcrdma: disable timeouts on rdma backchannel (git-fixes).
- thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID
(git-fixes).
- thunderbolt: usb4: Fix NVM read buffer bounds and offset issue
(git-fixes).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
- ttyprintk: Add TTY hangup callback (git-fixes).
- usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes).
- usb: core: reduce power-on-good delay time of root hub (git-fixes).
- usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes).
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
- usb: typec: intel_pmc_mux: Put fwnode in error case during ->probe()
(git-fixes).
- usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes).
- usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes).
- usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header
(git-fixes).
- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
(git-fixes).
- usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4
(git-fixes).
- usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
(git-fixes).
- vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
- vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
- vfio/platform: fix module_put call in error flow (git-fixes).
- vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes).
- vsock/vmci: log once the failed queue pair allocation (git-fixes).
- wireguard: allowedips: initialize list head in selftest (git-fixes).
- wireguard: do not use -O3 (git-fixes).
- wireguard: peer: allocate in kmem_cache (git-fixes).
- wireguard: peer: put frequently used members above cache lines
(git-fixes).
- wireguard: queueing: get rid of per-peer ring buffers (git-fixes).
- wireguard: selftests: make sure rp_filter is disabled on vethc
(git-fixes).
- wireguard: selftests: remove old conntrack kconfig value (git-fixes).
- wireguard: use synchronize_net rather than synchronize_rcu (git-fixes).
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
(bsc#1152489).
- x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337).
- x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337).
- x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path
(jsc#SLE-14337).
- x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
(jsc#SLE-14337).
- x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
(jsc#SLE-14337).
- x86/boot/compressed/64: Cleanup exception handling before booting kernel
(jsc#SLE-14337).
- x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337).
- x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337).
- x86/boot/compressed/64: Sanity-check CPUID results in the early #VC
handler (jsc#SLE-14337).
- x86/boot/compressed/64: Setup IDT in startup_32 boot path
(jsc#SLE-14337).
- x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove
update_pasid() (bsc#1178134).
- x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489).
- x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134).
- x86/head/64: Check SEV encryption before switching to kernel page-table
(jsc#SLE-14337).
- x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337).
- x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV
(bsc#1186885).
- x86/sev-es: Do not return NULL from sev_es_get_ghcb() (bsc#1187349).
- x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337).
- x86/sev-es: Forward page-faults which happen during emulation
(bsc#1187350).
- x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate()
(jsc#SLE-14337).
- x86/sev-es: Use __put_user()/__get_user() for data accesses
(bsc#1187351).
- x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337).
- x86/sev: Do not require Hypervisor CPUID bit for SEV guests
(jsc#SLE-14337).
- x86: fix seq_file iteration for pat.c (git-fixes).
- xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype (bsc#1185675).
- xprtrdma: Avoid Receive Queue wrapping (git-fixes).
- xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2202=1
Package List:
- openSUSE Leap 15.3 (x86_64):
cluster-md-kmp-azure-5.3.18-38.8.1
cluster-md-kmp-azure-debuginfo-5.3.18-38.8.1
dlm-kmp-azure-5.3.18-38.8.1
dlm-kmp-azure-debuginfo-5.3.18-38.8.1
gfs2-kmp-azure-5.3.18-38.8.1
gfs2-kmp-azure-debuginfo-5.3.18-38.8.1
kernel-azure-5.3.18-38.8.1
kernel-azure-debuginfo-5.3.18-38.8.1
kernel-azure-debugsource-5.3.18-38.8.1
kernel-azure-devel-5.3.18-38.8.1
kernel-azure-devel-debuginfo-5.3.18-38.8.1
kernel-azure-extra-5.3.18-38.8.1
kernel-azure-extra-debuginfo-5.3.18-38.8.1
kernel-azure-livepatch-devel-5.3.18-38.8.1
kernel-azure-optional-5.3.18-38.8.1
kernel-azure-optional-debuginfo-5.3.18-38.8.1
kernel-syms-azure-5.3.18-38.8.1
kselftests-kmp-azure-5.3.18-38.8.1
kselftests-kmp-azure-debuginfo-5.3.18-38.8.1
ocfs2-kmp-azure-5.3.18-38.8.1
ocfs2-kmp-azure-debuginfo-5.3.18-38.8.1
reiserfs-kmp-azure-5.3.18-38.8.1
reiserfs-kmp-azure-debuginfo-5.3.18-38.8.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-azure-5.3.18-38.8.1
kernel-source-azure-5.3.18-38.8.1
References:
https://www.suse.com/security/cve/CVE-2020-26558.html
https://www.suse.com/security/cve/CVE-2020-36385.html
https://www.suse.com/security/cve/CVE-2020-36386.html
https://www.suse.com/security/cve/CVE-2021-0129.html
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1174978
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176771
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1178612
https://bugzilla.suse.com/1179610
https://bugzilla.suse.com/1183712
https://bugzilla.suse.com/1184259
https://bugzilla.suse.com/1184436
https://bugzilla.suse.com/1184631
https://bugzilla.suse.com/1185195
https://bugzilla.suse.com/1185570
https://bugzilla.suse.com/1185589
https://bugzilla.suse.com/1185675
https://bugzilla.suse.com/1185701
https://bugzilla.suse.com/1186155
https://bugzilla.suse.com/1186286
https://bugzilla.suse.com/1186463
https://bugzilla.suse.com/1186472
https://bugzilla.suse.com/1186672
https://bugzilla.suse.com/1186677
https://bugzilla.suse.com/1186752
https://bugzilla.suse.com/1186885
https://bugzilla.suse.com/1186928
https://bugzilla.suse.com/1186949
https://bugzilla.suse.com/1186950
https://bugzilla.suse.com/1186951
https://bugzilla.suse.com/1186952
https://bugzilla.suse.com/1186953
https://bugzilla.suse.com/1186954
https://bugzilla.suse.com/1186955
https://bugzilla.suse.com/1186956
https://bugzilla.suse.com/1186957
https://bugzilla.suse.com/1186958
https://bugzilla.suse.com/1186959
https://bugzilla.suse.com/1186960
https://bugzilla.suse.com/1186961
https://bugzilla.suse.com/1186962
https://bugzilla.suse.com/1186963
https://bugzilla.suse.com/1186964
https://bugzilla.suse.com/1186965
https://bugzilla.suse.com/1186966
https://bugzilla.suse.com/1186967
https://bugzilla.suse.com/1186968
https://bugzilla.suse.com/1186969
https://bugzilla.suse.com/1186970
https://bugzilla.suse.com/1186971
https://bugzilla.suse.com/1186972
https://bugzilla.suse.com/1186973
https://bugzilla.suse.com/1186974
https://bugzilla.suse.com/1186976
https://bugzilla.suse.com/1186977
https://bugzilla.suse.com/1186978
https://bugzilla.suse.com/1186979
https://bugzilla.suse.com/1186980
https://bugzilla.suse.com/1186981
https://bugzilla.suse.com/1186982
https://bugzilla.suse.com/1186983
https://bugzilla.suse.com/1186984
https://bugzilla.suse.com/1186985
https://bugzilla.suse.com/1186986
https://bugzilla.suse.com/1186987
https://bugzilla.suse.com/1186988
https://bugzilla.suse.com/1186989
https://bugzilla.suse.com/1186990
https://bugzilla.suse.com/1186991
https://bugzilla.suse.com/1186992
https://bugzilla.suse.com/1186993
https://bugzilla.suse.com/1186994
https://bugzilla.suse.com/1186995
https://bugzilla.suse.com/1186996
https://bugzilla.suse.com/1186997
https://bugzilla.suse.com/1186998
https://bugzilla.suse.com/1186999
https://bugzilla.suse.com/1187000
https://bugzilla.suse.com/1187001
https://bugzilla.suse.com/1187002
https://bugzilla.suse.com/1187003
https://bugzilla.suse.com/1187038
https://bugzilla.suse.com/1187039
https://bugzilla.suse.com/1187050
https://bugzilla.suse.com/1187052
https://bugzilla.suse.com/1187067
https://bugzilla.suse.com/1187068
https://bugzilla.suse.com/1187069
https://bugzilla.suse.com/1187072
https://bugzilla.suse.com/1187143
https://bugzilla.suse.com/1187144
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1187334
https://bugzilla.suse.com/1187344
https://bugzilla.suse.com/1187345
https://bugzilla.suse.com/1187346
https://bugzilla.suse.com/1187347
https://bugzilla.suse.com/1187348
https://bugzilla.suse.com/1187349
https://bugzilla.suse.com/1187350
https://bugzilla.suse.com/1187351
https://bugzilla.suse.com/1187357
https://bugzilla.suse.com/1187711
1
0
openSUSE-SU-2021:0942-1: important: Security update for roundcubemail
by opensuse-security@opensuse.org 30 Jun '21
by opensuse-security@opensuse.org 30 Jun '21
30 Jun '21
openSUSE Security Update: Security update for roundcubemail
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0942-1
Rating: important
References: #1180399 #1187706 #1187707
Cross-References: CVE-2020-18670 CVE-2020-18671 CVE-2020-35730
CVSS scores:
CVE-2020-18670 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-18671 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2020-35730 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for roundcubemail fixes the following issues:
Upgrade to version 1.3.16
This is a security update to the LTS version 1.3.
It fixes a recently reported stored cross-site scripting (XSS)
vulnerability via HTML or plain text messages with malicious content.
References:
- CVE-2020-18670: Cross Site Scripting (XSS) vulneraibility via database
host and user in /installer/test.php (boo#1187707)
- CVE-2020-18671: Cross Site Scripting (XSS) vulnerability via smtp config
in /installer/test.php (boo#1187706)
- CVE-2020-35730: cross-site scripting (XSS) vulnerability via HTML or
plain text messages with malicious content (boo#1180399)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-942=1
Package List:
- openSUSE Backports SLE-15-SP2 (noarch):
roundcubemail-1.3.16-bp152.4.6.1
References:
https://www.suse.com/security/cve/CVE-2020-18670.html
https://www.suse.com/security/cve/CVE-2020-18671.html
https://www.suse.com/security/cve/CVE-2020-35730.html
https://bugzilla.suse.com/1180399
https://bugzilla.suse.com/1187706
https://bugzilla.suse.com/1187707
1
0
openSUSE-SU-2021:0941-1: important: Security update for tor
by opensuse-security@opensuse.org 30 Jun '21
by opensuse-security@opensuse.org 30 Jun '21
30 Jun '21
openSUSE Security Update: Security update for tor
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0941-1
Rating: important
References: #1179331 #1181244 #1187322 #1187323 #1187324
#1187325
Cross-References: CVE-2021-34548 CVE-2021-34549 CVE-2021-34550
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that solves three vulnerabilities and has three
fixes is now available.
Description:
This update for tor fixes the following issues:
tor 0.4.5.9
* Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell
(CVE-2021-34548, boo#1187322)
* Detect more failure conditions from the OpenSSL RNG code (boo#1187323)
* Resist a hashtable-based CPU denial-of-service attack against relays
(CVE-2021-34549, boo#1187324)
* Fix an out-of-bounds memory access in v3 onion service descriptor
parsing (CVE-2021-34550, boo#1187325)
tor 0.4.5.8
* https://lists.torproject.org/pipermail/tor-announce/2021-May/000219.html
* allow Linux sandbox with Glibc 2.33
* work with autoconf 2.70+
* several other minor features and bugfixes (see announcement)
- Fix logging issue due to systemd picking up stdout - boo#1181244
Continue to log notices to syslog by default.
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-941=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
tor-0.4.5.9-bp152.2.12.1
References:
https://www.suse.com/security/cve/CVE-2021-34548.html
https://www.suse.com/security/cve/CVE-2021-34549.html
https://www.suse.com/security/cve/CVE-2021-34550.html
https://bugzilla.suse.com/1179331
https://bugzilla.suse.com/1181244
https://bugzilla.suse.com/1187322
https://bugzilla.suse.com/1187323
https://bugzilla.suse.com/1187324
https://bugzilla.suse.com/1187325
1
0
openSUSE-SU-2021:0940-1: moderate: Security update for bouncycastle
by opensuse-security@opensuse.org 29 Jun '21
by opensuse-security@opensuse.org 29 Jun '21
29 Jun '21
openSUSE Security Update: Security update for bouncycastle
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0940-1
Rating: moderate
References: #1186328
Cross-References: CVE-2020-15522
CVSS scores:
CVE-2020-15522 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-15522 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for bouncycastle fixes the following issues:
- CVE-2020-15522: Fixed a timing issue within the EC math library
(bsc#1186328).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-940=1
Package List:
- openSUSE Leap 15.2 (noarch):
bouncycastle-1.64-lp152.2.3.1
bouncycastle-javadoc-1.64-lp152.2.3.1
bouncycastle-mail-1.64-lp152.2.3.1
bouncycastle-pg-1.64-lp152.2.3.1
bouncycastle-pkix-1.64-lp152.2.3.1
bouncycastle-tls-1.64-lp152.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-15522.html
https://bugzilla.suse.com/1186328
1
0
openSUSE-RU-2021:0939-1: moderate: Recommended update for SUSE Manager Client Tools
by maintenance@opensuse.org 29 Jun '21
by maintenance@opensuse.org 29 Jun '21
29 Jun '21
openSUSE Recommended Update: Recommended update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: openSUSE-RU-2021:0939-1
Rating: moderate
References: #1173557 #1177884 #1177928 #1180583 #1180584
#1180585 #1185178
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that has 7 recommended fixes can now be installed.
Description:
This update fixes the following issues:
golang-github-prometheus-prometheus:
- Add tarball with vendor modules and web assets
- Read formula data from exporters map
- Add support for TLS targets
- Upgrade to upstream version 2.26.0
+ Changes
* Alerting: Using Alertmanager v2 API by default.
* Prometheus/Promtool: Binaries are now printing help and usage to
stdout instead of stderr.
* UI: Make the React UI default.
* Remote write: The following metrics were removed/renamed in remote
write. > prometheus_remote_storage_succeeded_samples_total was
removed and prometheus_remote_storage_samples_total was introduced
for all the samples attempted to send. >
prometheus_remote_storage_sent_bytes_total was removed and replaced
with prometheus_remote_storage_samples_bytes_total and
prometheus_remote_storage_metadata_bytes_total. >
prometheus_remote_storage_failed_samples_total ->
prometheus_remote_storage_samples_failed_total. >
prometheus_remote_storage_retried_samples_total ->
prometheus_remote_storage_samples_retried_total. >
prometheus_remote_storage_dropped_samples_total ->
prometheus_remote_storage_samples_dropped_total. >
prometheus_remote_storage_pending_samples ->
prometheus_remote_storage_samples_pending.
* Remote: Do not collect non-initialized timestamp metrics.
+ Features
* Remote: Add support for AWS SigV4 auth method for remote_write.
* PromQL: Allow negative offsets. Behind
--enable-feature=promql-negative-offset flag.
* UI: Add advanced auto-completion, syntax highlighting and linting to
graph page query input.
* Include a new `--enable-feature=` flag that enables experimental
features.
* Add TLS and basic authentication to HTTP endpoints.
* promtool: Add check web-config subcommand to check web config files.
* promtool: Add tsdb create-blocks-from openmetrics subcommand to
backfill metrics data from an OpenMetrics file.
+ Enhancements
* PromQL: Add last_over_time, sgn, clamp functions.
* Scrape: Add support for specifying type of Authorization header
credentials with Bearer by default.
* Scrape: Add follow_redirects option to scrape configuration.
* Remote: Allow retries on HTTP 429 response code for remote_write.
* Remote: Allow configuring custom headers for remote_read.
* UI: Hitting Enter now triggers new query.
* UI: Better handling of long rule and names on the /rules and
/targets pages.
* UI: Add collapse/expand all button on the /targets page.
* Add optional name property to testgroup for better test failure
output.
* Add warnings into React Panel on the Graph page.
* TSDB: Increase the number of buckets for the compaction duration
metric.
* Remote: Allow passing along custom remote_write HTTP headers.
* Mixins: Scope grafana configuration.
* Kubernetes SD: Add endpoint labels metadata.
* UI: Expose total number of label pairs in head in TSDB stats page.
* TSDB: Reload blocks every minute, to detect new blocks and enforce
retention more often.
* Cache basic authentication results to significantly improve
performance of HTTP endpoints.
* HTTP API: Fast-fail queries with only empty matchers.
* HTTP API: Support matchers for labels API.
* promtool: Improve checking of URLs passed on the command line.
* SD: Expose IPv6 as a label in EC2 SD.
* SD: Reuse EC2 client, reducing frequency of requesting credentials.
* TSDB: Add logging when compaction takes more than the block time
range.
* TSDB: Avoid unnecessary GC runs after compaction.
* Remote write: Added a metric
prometheus_remote_storage_max_samples_per_send for remote write.
* TSDB: Make the snapshot directory name always the same length.
* TSDB: Create a checkpoint only once at the end of all head
compactions.
* TSDB: Avoid Series API from hitting the chunks.
* TSDB: Cache label name and last value when adding series during
compactions making compactions faster.
* PromQL: Improved performance of Hash method making queries a bit
faster.
* promtool: tsdb list now prints block sizes.
* promtool: Calculate mint and maxt per test avoiding unnecessary
calculations.
* SD: Add filtering of services to Docker Swarm SD.
+ Bug fixes
* API: Fix global URL when external address has no port.
* Deprecate unused flag --alertmanager.timeout.
python-hwdata:
- Modified to build on RHEL8.
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2021-939=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
python-multidict-debugsource-4.5.2-bp152.2.6.1
python-yarl-debugsource-1.3.0-bp152.2.6.1
python3-multidict-4.5.2-bp152.2.6.1
python3-multidict-debuginfo-4.5.2-bp152.2.6.1
python3-yarl-1.3.0-bp152.2.6.1
python3-yarl-debuginfo-1.3.0-bp152.2.6.1
- openSUSE Backports SLE-15-SP2 (noarch):
ansible-2.9.21-bp152.2.3.1
ansible-doc-2.9.21-bp152.2.3.1
ansible-test-2.9.21-bp152.2.3.1
python2-pyvmomi-6.7.3-bp152.2.3.1
python2-straight-plugin-1.5.0-bp152.4.3.1
python3-pyvmomi-6.7.3-bp152.2.3.1
python3-straight-plugin-1.5.0-bp152.4.3.1
References:
https://bugzilla.suse.com/1173557
https://bugzilla.suse.com/1177884
https://bugzilla.suse.com/1177928
https://bugzilla.suse.com/1180583
https://bugzilla.suse.com/1180584
https://bugzilla.suse.com/1180585
https://bugzilla.suse.com/1185178
1
0
openSUSE-SU-2021:2186-1: important: Security update for go1.16
by opensuse-security@opensuse.org 28 Jun '21
by opensuse-security@opensuse.org 28 Jun '21
28 Jun '21
openSUSE Security Update: Security update for go1.16
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2186-1
Rating: important
References: #1182345 #1186622 #1187443 #1187444 #1187445
Cross-References: CVE-2021-33195 CVE-2021-33196 CVE-2021-33197
CVE-2021-33198
CVSS scores:
CVE-2021-33195 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N
CVE-2021-33196 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33197 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-33198 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for go1.16 fixes the following issues:
Update to 1.16.5.
Includes these security fixes
- CVE-2021-33195: net: Lookup functions may return invalid host names
(bsc#1187443).
- CVE-2021-33196: archive/zip: malformed archive may cause panic or memory
exhaustion (bsc#1186622).
- CVE-2021-33197: net/http/httputil: ReverseProxy forwards Connection
headers if first one is empty (bsc#1187444)
- CVE-2021-33198: math/big: (*Rat).SetString with
"1.770p02041010010011001001" crashes with "makeslice: len out of range"
(bsc#1187445).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2186=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.16-1.16.5-1.17.1
go1.16-doc-1.16.5-1.17.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.16-race-1.16.5-1.17.1
References:
https://www.suse.com/security/cve/CVE-2021-33195.html
https://www.suse.com/security/cve/CVE-2021-33196.html
https://www.suse.com/security/cve/CVE-2021-33197.html
https://www.suse.com/security/cve/CVE-2021-33198.html
https://bugzilla.suse.com/1182345
https://bugzilla.suse.com/1186622
https://bugzilla.suse.com/1187443
https://bugzilla.suse.com/1187444
https://bugzilla.suse.com/1187445
1
0
openSUSE-SU-2021:2184-1: important: Security update for the Linux Kernel
by opensuse-security@opensuse.org 28 Jun '21
by opensuse-security@opensuse.org 28 Jun '21
28 Jun '21
openSUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:2184-1
Rating: important
References: #1087082 #1152489 #1154353 #1174978 #1176447
#1176771 #1177666 #1178134 #1178378 #1178612
#1179610 #1182999 #1183712 #1184259 #1184436
#1184631 #1185195 #1185428 #1185497 #1185570
#1185589 #1185675 #1185701 #1186155 #1186286
#1186460 #1186463 #1186472 #1186501 #1186672
#1186677 #1186681 #1186752 #1186885 #1186928
#1186949 #1186950 #1186951 #1186952 #1186953
#1186954 #1186955 #1186956 #1186957 #1186958
#1186959 #1186960 #1186961 #1186962 #1186963
#1186964 #1186965 #1186966 #1186967 #1186968
#1186969 #1186970 #1186971 #1186972 #1186973
#1186974 #1186976 #1186977 #1186978 #1186979
#1186980 #1186981 #1186982 #1186983 #1186984
#1186985 #1186986 #1186987 #1186988 #1186989
#1186990 #1186991 #1186992 #1186993 #1186994
#1186995 #1186996 #1186997 #1186998 #1186999
#1187000 #1187001 #1187002 #1187003 #1187038
#1187039 #1187050 #1187052 #1187067 #1187068
#1187069 #1187072 #1187143 #1187144 #1187167
#1187334 #1187344 #1187345 #1187346 #1187347
#1187348 #1187349 #1187350 #1187351 #1187357
#1187711
Cross-References: CVE-2020-26558 CVE-2020-36385 CVE-2020-36386
CVE-2021-0129
CVSS scores:
CVE-2020-26558 (NVD) : 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-26558 (SUSE): 4.2 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2020-36385 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-36385 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36386 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
CVE-2021-0129 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0129 (SUSE): 6.4 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves four vulnerabilities and has 107
fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26558: Bluetooth LE and BR/EDR secure pairing in Bluetooth Core
Specification 2.1 may permit a nearby man-in-the-middle attacker to
identify the Passkey used during pairing by reflection of the public key
and the authentication evidence of the initiating device, potentially
permitting this attacker to complete authenticated pairing with the
responding device using the correct Passkey for the pairing session.
(bnc#1179610 bnc#1186463)
- CVE-2021-0129: Improper access control in BlueZ may have allowed an
authenticated user to potentially enable information disclosure via
adjacent access (bnc#1186463).
- CVE-2020-36385: Fixed a use-after-free in drivers/infiniband/core/ucma.c
which could be triggered if the ctx is reached via the ctx_list in some
ucma_migrate_id situations where ucma_close is called (bnc#1187050).
- CVE-2020-36386: Fixed a slab out-of-bounds read in
hci_extended_inquiry_result_evt (bnc#1187038).
The following non-security bugs were fixed:
- ACPICA: Clean up context mutex during object deletion (git-fixes).
- ALSA: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes).
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
- ALSA: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP EliteBook
x360 1040 G8 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs and speaker for HP Elite
Dragonfly G2 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP EliteBook 840 Aero G8
(git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power G8
(git-fixes).
- ALSA: hda/realtek: headphone and mic do not work on an Acer laptop
(git-fixes).
- ALSA: hda: update the power_state during the direct-complete (git-fixes).
- ALSA: seq: Fix race of snd_seq_timer_open() (git-fixes).
- ALSA: timer: Fix master timer notification (git-fixes).
- arm64: Add missing ISB after invalidating TLB in __primary_switch
(git-fixes).
- arm64: avoid -Woverride-init warning (git-fixes).
- arm64: kasan: fix page_alloc tagging with DEBUG_VIRTUAL (git-fixes).
- arm64: kdump: update ppos when reading elfcorehdr (git-fixes).
- arm64: kexec_file: fix memory leakage in create_dtb() when
fdt_open_into() fails (git-fixes).
- arm64: link with -z norelro for LLD or aarch64-elf (git-fixes).
- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (git-fixes).
- arm64/mm: Fix pfn_valid() for ZONE_DEVICE based memory (git-fixes).
- arm64: ptrace: Fix seccomp of traced syscall -1 (NO_SYSCALL) (git-fixes).
- arm64: ptrace: Use NO_SYSCALL instead of -1 in syscall_trace_enter()
(git-fixes).
- ARM64: vdso32: Install vdso32 from vdso_install (git-fixes).
- arm64: vdso32: make vdso32 install conditional (git-fixes).
- arm: mm: use __pfn_to_section() to get mem_section (git-fixes).
- ASoC: amd: fix for pcm_read() error (git-fixes).
- ASoC: cs43130: handle errors in cs43130_probe() properly (git-fixes).
- ASoC: Intel: soc-acpi: remove TGL RVP mixed SoundWire/TDM config
(git-fixes).
- ASoC: max98088: fix ni clock divider calculation (git-fixes).
- ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes).
- bcache: avoid oversized read request in cache missing code path
(bsc#1187357, bsc#1185570, bsc#1184631).
- bcache: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1187357).
- bcache: do not pass BIOSET_NEED_BVECS for the 'bio_set' embedded in
'cache_set' (bsc#1187357).
- bcache: fix a regression of code compiling failure in debug.c
(bsc#1187357).
- bcache: inherit the optimal I/O size (bsc#1187357).
- bcache: reduce redundant code in bch_cached_dev_run() (bsc#1187357).
- bcache: remove bcache device self-defined readahead (bsc#1187357,
bsc#1185570, bsc#1184631).
- bcache: remove PTR_CACHE (bsc#1187357).
- bcache: Use 64-bit arithmetic instead of 32-bit (bsc#1187357).
- bcache: use NULL instead of using plain integer as pointer (bsc#1187357).
- blk-mq: Swap two calls in blk_mq_exit_queue() (git-fixes).
- blk-settings: align max_sectors on "logical_block_size" boundary
(bsc#1185195).
- block/genhd: use atomic_t for disk_event->block (bsc#1185497).
- block: return the correct bvec when checking for gaps (bsc#1187143).
- block: return the correct bvec when checking for gaps (bsc#1187144).
- Bluetooth: fix the erroneous flush_work() order (git-fixes).
- brcmfmac: Add clm_blob firmware files to modinfo (bsc#1186677).
- brcmfmac: properly check for bus register errors (git-fixes).
- btrfs: open device without device_list_mutex (bsc#1176771).
- bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act
(git-fixes).
- cdrom: gdrom: deallocate struct gdrom_unit fields in remove_gdrom
(git-fixes).
- cdrom: gdrom: initialize global variable at init time (git-fixes).
- ceph: do not clobber i_snap_caps on non-I_NEW inode (bsc#1186501).
- ceph: fix inode leak on getattr error in __fh_to_dentry (bsc#1186501).
- ceph: fix up error handling with snapdirs (bsc#1186501).
- ceph: only check pool permissions for regular files (bsc#1186501).
- char: hpet: add checks after calling ioremap (git-fixes).
- chelsio/chtls: unlock on error in chtls_pt_recvmsg() (jsc#SLE-15129).
- cxgb4: avoid accessing registers when clearing filters (git-fixes).
- cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389).
- cxgb4/ch_ktls: Clear resources when pf4 device is removed
(jsc#SLE-15129).
- cxgb4: fix regression with HASH tc prio value update (jsc#SLE-15131).
- devlink: Correct VIRTUAL port to not have phys_port attributes
(jsc#SLE-15172).
- dmaengine: idxd: add missing dsa driver unregister (git-fixes).
- dmaengine: idxd: Use cpu_feature_enabled() (git-fixes).
- dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
- drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes).
- drm/amd/amdgpu: fix refcount leak (git-fixes).
- drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
- drm/amdgpu: Do not query CE and UE errors (git-fixes).
- drm/amdgpu: Fix a use-after-free (git-fixes).
- drm/amdgpu/jpeg2.0: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/jpeg2.5: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/jpeg3: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu: make sure we unpin the UVD BO (git-fixes).
- drm/amdgpu: stop touching sched.ready in the backend (git-fixes).
- drm/amdgpu/vcn1: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn2.0: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn2.5: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdgpu/vcn3: add cancel_delayed_work_sync before power gate
(git-fixes).
- drm/amdkfd: correct sienna_cichlid SDMA RLC register offset error
(git-fixes).
- drm/i915/selftests: Fix return value check in
live_breadcrumbs_smoketest() (git-fixes).
- drm/mcde: Fix off by 10^3 in calculation (git-fixes).
- drm/meson: fix shutdown crash when component not probed (git-fixes).
- drm/msm/a6xx: fix incorrectly set uavflagprd_inv field for A650
(git-fixes).
- drm/msm/a6xx: update/fix CP_PROTECT initialization (git-fixes).
- efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared
(git-fixes).
- efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
- efi/libstub: prevent read overflow in find_file_option() (git-fixes).
- Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#SLE-17882
jsc#ECO-3691)
- fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
- gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes).
- gpio: wcd934x: Fix shift-out-of-bounds error (git-fixes).
- gve: Add NULL pointer checks when freeing irqs (git-fixes).
- gve: Correct SKB queue index validation (git-fixes).
- gve: Update mgmt_msix_idx if num_ntfy changes (git-fixes).
- gve: Upgrade memory barrier in poll routine (git-fixes).
- HID: i2c-hid: fix format string mismatch (git-fixes).
- HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes).
- HID: magicmouse: fix NULL-deref on disconnect (git-fixes).
- HID: multitouch: require Finger field to mark Win8 reports as MT
(git-fixes).
- HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
- hwmon: (dell-smm-hwmon) Fix index values (git-fixes).
- i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
- i2c: imx: fix reference leak when pm_runtime_get_sync fails (git-fixes).
- i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops
(git-fixes).
- i2c: s3c2410: fix possible NULL pointer deref on read message after
write (git-fixes).
- i2c: sh_mobile: Use new clock calculation formulas for RZ/G2E
(git-fixes).
- ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926).
- ice: Fix allowing VF to request more/less queues via virtchnl
(jsc#SLE-12878).
- ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared
(git-fixes).
- ice: handle the VF VSI rebuild failure (jsc#SLE-12878).
- iio: adc: ad7124: Fix missbalanced regulator enable / disable on error
(git-fixes).
- iio: adc: ad7124: Fix potential overflow due to non sequential channel
numbers (git-fixes).
- iio: adc: ad7768-1: Fix too small buffer passed to
iio_push_to_buffers_with_timestamp() (git-fixes).
- iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
- iio: gyro: fxas21002c: balance runtime power in error path (git-fixes).
- iommu/amd: Keep track of amd_iommu_irq_remap state
(https://bugzilla.kernel.org/show_bug.cgi?id=212133)
- iommu: Fix a boundary issue to avoid performance drop (bsc#1187344).
- iommu/virtio: Add missing MODULE_DEVICE_TABLE (bsc#1187345).
- iommu/vt-d: Remove WO permissions on second-level paging entries
(bsc#1187346).
- iommu/vt-d: Report right snoop capability when using FL for IOVA
(bsc#1187347).
- iommu/vt-d: Use user privilege for RID2PASID translation (bsc#1187348).
- isdn: mISDN: correctly handle ph_info allocation failure in
hfcsusb_ph_info (git-fixes).
- isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
(git-fixes).
- ixgbe: fix large MTU request from VF (git-fixes).
- kABI workaround for rtw88 (git-fixes).
- kABI workaround for struct lis3lv02d change (git-fixes).
- lib: crc64: fix kernel-doc warning (bsc#1187357).
- libertas: register sysfs groups properly (git-fixes).
- locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
(git-fixes).
- md: bcache: avoid -Wempty-body warnings (bsc#1187357).
- md: bcache: Trivial typo fixes in the file journal.c (bsc#1187357).
- md: Fix missing unused status line of /proc/mdstat (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: dvb: Add check on sp8870_readreg return (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
- media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- media: gspca: properly check for errors in po1030_probe() (git-fixes).
- mei: request autosuspend after sending rx flow control (git-fixes).
- misc/uss720: fix memory leak in uss720_probe (git-fixes).
- mmc: sdhci: Clear unused bounce buffer at DMA mmap error path
(bsc#1187039).
- net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
- netfilter: nf_tables: missing error reporting for not selected
expressions (bsc#1176447).
- netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to
non-AVX2 version (bsc#1176447).
- net: fix iteration for sctp transport seq_files (git-fixes).
- net: hns3: fix incorrect resp_msg issue (jsc#SLE-14777).
- net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes).
- net: hns3: put off calling register_netdev() until client initialize
complete (bsc#1154353).
- net/mlx4: Fix EEPROM dump support (git-fixes).
- net/mlx5: DR, Create multi-destination flow table with level less than
64 (jsc#SLE-8464).
- net/mlx5e: Fix error path of updating netdev queues (jsc#SLE-15172).
- net/mlx5e: Fix incompatible casting (jsc#SLE-15172).
- net/mlx5e: Fix multipath lag activation (git-fixes).
- net/mlx5e: Fix null deref accessing lag dev (jsc#SLE-15172).
- net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes).
- net/mlx5e: reset XPS on error flow if netdev isn't registered yet
(jsc#SLE-15172).
- net/mlx5: Set reformat action when needed for termination rules
(jsc#SLE-15172).
- net/mlx5: Set term table as an unmanaged flow table (jsc#SLE-15172).
- net/sched: act_ct: Offload connections with commit action
(jsc#SLE-15172).
- net/sched: fq_pie: fix OOB access in the traffic path (jsc#SLE-15172).
- net/sched: fq_pie: re-factor fix for fq_pie endless loop (jsc#SLE-15172).
- net: usb: fix memory leak in smsc75xx_bind (git-fixes).
- net: zero-initialize tc skb extension on allocation (bsc#1176447).
- nfc: fix NULL ptr dereference in llcp_sock_getname() after failed
connect (git-fixes).
- NFC: SUSE specific brutal fix for runtime PM (bsc#1185589).
- NFS: Deal correctly with attribute generation counter overflow
(git-fixes).
- NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
(git-fixes).
- NFS: Do not discard pNFS layout segments that are marked for return
(git-fixes).
- NFS: Do not gratuitously clear the inode cache when lookup failed
(git-fixes).
- NFS: Do not revalidate the directory permissions on a lookup failure
(git-fixes).
- nfsd: register pernet ops last, unregister first (git-fixes).
- NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
- NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
- NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
- NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
- NFSv42: Copy offload should update the file size when appropriate
(git-fixes).
- NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
- NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes).
- NFSv4: Do not discard segments marked for return in
_pnfs_return_layout() (git-fixes).
- NFSv4: Fix a NULL pointer dereference in
pnfs_mark_matching_lsegs_return() (git-fixes).
- NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
(git-fixes).
- nvme: add new line after variable declatation (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: document nvme controller states (git-fixes).
- nvme: do not check nvme_req flags for new req (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: fix deadlock in disconnect during scan_work and/or ana_work
(git-fixes).
- nvme: mark nvme_setup_passsthru() inline (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme-multipath: fix double initialization of ANA state (bsc#1178612,
bsc#1184259, bsc#1186155).
- nvme-pci: align io queue count with allocted nvme_queue in (git-fixes).
- nvme-pci: avoid race between nvme_reap_pending_cqes() and nvme_poll()
(git-fixes).
- nvme-pci: dma read memory barrier for completions (git-fixes).
- nvme-pci: fix "slimmer CQ head update" (git-fixes).
- nvme-pci: make sure write/poll_queues less or equal then cpu (git-fixes).
- nvme-pci: remove last_sq_tail (git-fixes).
- nvme-pci: Remove tag from process cq (git-fixes).
- nvme-pci: Remove two-pass completions (git-fixes).
- nvme-pci: remove volatile cqes (git-fixes).
- nvme-pci: Simplify nvme_poll_irqdisable (git-fixes).
- nvme-pci: slimmer CQ head update (git-fixes).
- nvme-pci: use simple suspend when a HMB is enabled (git-fixes).
- nvme: reduce checks for zero command effects (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: rename nvme_init_identify() (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvme: split init identify into helper (bsc#1184259, bsc#1178612,
bsc#1186155).
- nvmet: use new ana_log_size instead the old one (bsc#1178612,
bsc#1184259, bsc#1186155).
- nvme: use NVME_CTRL_CMIC_ANA macro (bsc#1184259, bsc#1178612,
bsc#1186155).
- nxp-i2c: restore includes for kABI (bsc#1185589).
- nxp-nci: add NXP1002 id (bsc#1185589).
- PCI/LINK: Remove bandwidth notification (bsc#1183712).
- pid: take a reference when initializing `cad_pid` (bsc#1152489).
- platform/x86: hp_accel: Avoid invoking _INI to speed up resume
(git-fixes).
- platform/x86: hp-wireless: add AMD's hardware id to the supported list
(git-fixes).
- platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
(git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700
tablet (git-fixes).
- PM: sleep: Add pm_debug_messages kernel command line option
(bsc#1186752).
- pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
- pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
(git-fixes).
- powerpc/32: Fix boot failure with CONFIG_STACKPROTECTOR (jsc#SLE-13847
git-fixes).
- powerpc/kprobes: Fix validation of prefixed instructions across page
boundary (jsc#SLE-13847 git-fixes).
- regulator: core: resolve supply for boot-on/always-on regulators
(git-fixes).
- regulator: max77620: Use device_set_of_node_from_dev() (git-fixes).
- rtw88: 8822c: add LC calibration for RTL8822C (git-fixes).
- scsi: aacraid: Fix an oops in error handling (bsc#1187072).
- scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950).
- scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951).
- scsi: acornscsi: Fix an error handling path in acornscsi_probe()
(bsc#1186952).
- scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs()
(bsc#1186953).
- scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
(bsc#1187067).
- scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954).
- scsi: bnx2fc: Fix Kconfig warning & CNIC build errors (bsc#1186955).
- scsi: bnx2i: Requires MMU (bsc#1186956).
- scsi: csiostor: Fix wrong return value in csio_hw_prep_fw()
(bsc#1186957).
- scsi: cumana_2: Fix different dev_id between request_irq() and
free_irq() (bsc#1186958).
- scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959).
- scsi: cxgb4i: Fix TLS dependency (bsc#1186960).
- scsi: eesox: Fix different dev_id between request_irq() and free_irq()
(bsc#1186961).
- scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962).
- scsi: hisi_sas: Fix IRQ checks (bsc#1186963).
- scsi: hisi_sas: Remove preemptible() (bsc#1186964).
- scsi: jazz_esp: Add IRQ check (bsc#1186965).
- scsi: libfc: Fix enum-conversion warning (bsc#1186966).
- scsi: libsas: Fix error path in sas_notify_lldd_dev_found()
(bsc#1186967).
- scsi: libsas: Reset num_scatter if libata marks qc as NODATA
(bsc#1187068).
- scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA
(bsc#1186968).
- scsi: lpfc: Fix ancient double free (bsc#1186969).
- scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
- scsi: megaraid_sas: Check user-provided offsets (bsc#1186970).
- scsi: megaraid_sas: Clear affinity hint (bsc#1186971).
- scsi: megaraid_sas: Do not call disable_irq from process IRQ poll
(bsc#1186972).
- scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973).
- scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974).
- scsi: mesh: Fix panic after host or bus reset (bsc#1186976).
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977).
- scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
(bsc#1186978).
- scsi: mpt3sas: Fix ioctl timeout (bsc#1186979).
- scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980).
- scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981).
- scsi: powertec: Fix different dev_id between request_irq() and
free_irq() (bsc#1186982).
- scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983).
- scsi: qedi: Fix error return code of qedi_alloc_global_queues()
(bsc#1186984).
- scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe
(bsc#1186985).
- scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
- scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
(bsc#1186986).
- scsi: qla4xxx: Remove in_interrupt() (bsc#1186987).
- scsi: scsi_debug: Add check for sdebug_max_queue during module init
(bsc#1186988).
- scsi: scsi_dh_alua: Retry RTPG on a different path after failure
(bsc#1174978 bsc#1185701).
- scsi: sd: Fix Opal support (bsc#1186989).
- scsi: smartpqi: Add additional logging for LUN resets (bsc#1186472).
- scsi: smartpqi: Add host level stream detection enable (bsc#1186472).
- scsi: smartpqi: Add new PCI IDs (bsc#1186472).
- scsi: smartpqi: Add phy ID support for the physical drives (bsc#1186472).
- scsi: smartpqi: Add stream detection (bsc#1186472).
- scsi: smartpqi: Add support for BMIC sense feature cmd and feature bits
(bsc#1186472).
- scsi: smartpqi: Add support for long firmware version (bsc#1186472).
- scsi: smartpqi: Add support for new product ids (bsc#1186472).
- scsi: smartpqi: Add support for RAID1 writes (bsc#1186472).
- scsi: smartpqi: Add support for RAID5 and RAID6 writes (bsc#1186472).
- scsi: smartpqi: Add support for wwid (bsc#1186472).
- scsi: smartpqi: Align code with oob driver (bsc#1186472).
- scsi: smartpqi: Convert snprintf() to scnprintf() (bsc#1186472).
- scsi: smartpqi: Correct request leakage during reset operations
(bsc#1186472).
- scsi: smartpqi: Correct system hangs when resuming from hibernation
(bsc#1186472).
- scsi: smartpqi: Disable WRITE SAME for HBA NVMe disks (bsc#1186472).
- scsi: smartpqi: Fix blocks_per_row static checker issue (bsc#1186472).
- scsi: smartpqi: Fix device pointer variable reference static checker
issue (bsc#1186472).
- scsi: smartpqi: Fix driver synchronization issues (bsc#1186472).
- scsi: smartpqi: Refactor aio submission code (bsc#1186472).
- scsi: smartpqi: Refactor scatterlist code (bsc#1186472).
- scsi: smartpqi: Remove timeouts from internal cmds (bsc#1186472).
- scsi: smartpqi: Remove unused functions (bsc#1186472).
- scsi: smartpqi: Synchronize device resets with mutex (bsc#1186472).
- scsi: smartpqi: Update device scan operations (bsc#1186472).
- scsi: smartpqi: Update enclosure identifier in sysfs (bsc#1186472).
- scsi: smartpqi: Update event handler (bsc#1186472).
- scsi: smartpqi: Update OFA management (bsc#1186472).
- scsi: smartpqi: Update RAID bypass handling (bsc#1186472).
- scsi: smartpqi: Update SAS initiator_port_protocols and
target_port_protocols (bsc#1186472).
- scsi: smartpqi: Update soft reset management for OFA (bsc#1186472).
- scsi: smartpqi: Update suspend/resume and shutdown (bsc#1186472).
- scsi: smartpqi: Update version to 2.1.8-045 (bsc#1186472).
- scsi: smartpqi: Use host-wide tag space (bsc#1186472).
- scsi: sni_53c710: Add IRQ check (bsc#1186990).
- scsi: sun3x_esp: Add IRQ check (bsc#1186991).
- scsi: ufs: Add quirk to disallow reset of interrupt aggregation
(bsc#1186992).
- scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993).
- scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994).
- scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995).
- scsi: ufs: core: Narrow down fast path in system suspend path
(bsc#1186996).
- scsi: ufs: Do not update urgent bkops level when toggling auto bkops
(bsc#1186997).
- scsi: ufs: Fix race between shutdown and runtime resume flow
(bsc#1186998).
- scsi: ufshcd: use an enum for quirks (bsc#1186999).
- scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000).
- scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN
(bsc#1187069).
- scsi: ufs: Properly release resources if a task is aborted successfully
(bsc#1187001).
- scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002).
- scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003).
- serial: 8250_pci: handle FL_NOIRQ board flag (git-fixes).
- serial: core: fix suspicious security_locked_down() call (git-fixes).
- serial: max310x: unregister uart driver in case of failure and abort
(git-fixes).
- serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
(git-fixes).
- serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
- serial: tegra: Fix a mask operation that is always true (git-fixes).
- staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
- staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
- staging: rtl8723bs: Fix uninitialized variables (git-fixes).
- sunrpc: fix refcount leak for rpc auth modules (git-fixes).
- SUNRPC: More fixes for backlog congestion (bsc#1185428).
- SUNRPC: Move fault injection call sites (git-fixes).
- SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes).
- svcrdma: disable timeouts on rdma backchannel (git-fixes).
- thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID
(git-fixes).
- thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
- thunderbolt: usb4: Fix NVM read buffer bounds and offset issue
(git-fixes).
- tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
- ttyprintk: Add TTY hangup callback (git-fixes).
- UCSI fixup of array of PDOs (git-fixes).
- usb: chipidea: imx: Fix Battery Charger 1.2 CDP detection (git-fixes).
- usb: core: reduce power-on-good delay time of root hub (git-fixes).
- usb: dwc3: gadget: Enable suspend events (git-fixes).
- usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes).
- USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen()
(git-fixes).
- usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
- usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
- USB: serial: cp210x: fix alternate function for CP2102N QFN20
(git-fixes).
- USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
- USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
(git-fixes).
- USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
- USB: serial: quatech2: fix control-request directions (git-fixes).
- USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
- USB: trancevibrator: fix control-request direction (git-fixes).
- usb: typec: intel_pmc_mux: Put fwnode in error case during ->probe()
(git-fixes).
- usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes).
- usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes).
- usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header
(git-fixes).
- usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
(git-fixes).
- usb: typec: ucsi: Retrieve all the PDOs instead of just the first 4
(git-fixes).
- usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
(git-fixes).
- USB: usbfs: Do not WARN about excessively large memory allocations
(git-fixes).
- vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
- vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
- vfio/platform: fix module_put call in error flow (git-fixes).
- vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes).
- vsock/vmci: log once the failed queue pair allocation (git-fixes).
- wireguard: allowedips: initialize list head in selftest (git-fixes).
- wireguard: do not use -O3 (git-fixes).
- wireguard: peer: allocate in kmem_cache (git-fixes).
- wireguard: peer: put frequently used members above cache lines
(git-fixes).
- wireguard: queueing: get rid of per-peer ring buffers (git-fixes).
- wireguard: selftests: make sure rp_filter is disabled on vethc
(git-fixes).
- wireguard: selftests: remove old conntrack kconfig value (git-fixes).
- wireguard: use synchronize_net rather than synchronize_rcu (git-fixes).
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing
(bsc#1152489).
- x86/boot/64: Explicitly map boot_params and command line (jsc#SLE-14337).
- x86/boot/compressed/64: Add 32-bit boot #VC handler (jsc#SLE-14337).
- x86/boot/compressed/64: Add CPUID sanity check to 32-bit boot-path
(jsc#SLE-14337).
- x86/boot/compressed/64: Check SEV encryption in 64-bit boot-path
(jsc#SLE-14337).
- x86/boot/compressed/64: Check SEV encryption in the 32-bit boot-path
(jsc#SLE-14337).
- x86/boot/compressed/64: Cleanup exception handling before booting kernel
(jsc#SLE-14337).
- x86/boot/compressed/64: Introduce sev_status (jsc#SLE-14337).
- x86/boot/compressed/64: Reload CS in startup_32 (jsc#SLE-14337).
- x86/boot/compressed/64: Sanity-check CPUID results in the early #VC
handler (jsc#SLE-14337).
- x86/boot/compressed/64: Setup IDT in startup_32 boot path
(jsc#SLE-14337).
- x86/cpufeatures: Force disable X86_FEATURE_ENQCMD and remove
update_pasid() (bsc#1178134).
- x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported
(bsc#1152489).
- x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489).
- x86: fix seq_file iteration for pat.c (git-fixes).
- x86/fpu: Prevent state corruption in __fpu__restore_sig() (bsc#1178134).
- x86/head/64: Check SEV encryption before switching to kernel page-table
(jsc#SLE-14337).
- x86/head/64: Disable stack protection for head$(BITS).o (jsc#SLE-14337).
- x86/ioremap: Map efi_mem_reserve() memory as encrypted for SEV
(bsc#1186885).
- x86/sev: Check SME/SEV support in CPUID first (jsc#SLE-14337).
- x86/sev: Do not require Hypervisor CPUID bit for SEV guests
(jsc#SLE-14337).
- x86/sev-es: Do not return NULL from sev_es_get_ghcb() (bsc#1187349).
- x86/sev-es: Do not support MMIO to/from encrypted memory (jsc#SLE-14337).
- x86/sev-es: Forward page-faults which happen during emulation
(bsc#1187350).
- x86/sev-es: Replace open-coded hlt-loops with sev_es_terminate()
(jsc#SLE-14337).
- x86/sev-es: Use __put_user()/__get_user() for data accesses
(bsc#1187351).
- xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype (bsc#1185675).
- xprtrdma: Avoid Receive Queue wrapping (git-fixes).
- xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-2184=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-59.10.1
cluster-md-kmp-default-debuginfo-5.3.18-59.10.1
dlm-kmp-default-5.3.18-59.10.1
dlm-kmp-default-debuginfo-5.3.18-59.10.1
gfs2-kmp-default-5.3.18-59.10.1
gfs2-kmp-default-debuginfo-5.3.18-59.10.1
kernel-default-5.3.18-59.10.1
kernel-default-base-5.3.18-59.10.1.18.4.2
kernel-default-base-rebuild-5.3.18-59.10.1.18.4.2
kernel-default-debuginfo-5.3.18-59.10.1
kernel-default-debugsource-5.3.18-59.10.1
kernel-default-devel-5.3.18-59.10.1
kernel-default-devel-debuginfo-5.3.18-59.10.1
kernel-default-extra-5.3.18-59.10.1
kernel-default-extra-debuginfo-5.3.18-59.10.1
kernel-default-livepatch-5.3.18-59.10.1
kernel-default-livepatch-devel-5.3.18-59.10.1
kernel-default-optional-5.3.18-59.10.1
kernel-default-optional-debuginfo-5.3.18-59.10.1
kernel-obs-build-5.3.18-59.10.1
kernel-obs-build-debugsource-5.3.18-59.10.1
kernel-obs-qa-5.3.18-59.10.1
kernel-syms-5.3.18-59.10.1
kselftests-kmp-default-5.3.18-59.10.1
kselftests-kmp-default-debuginfo-5.3.18-59.10.1
ocfs2-kmp-default-5.3.18-59.10.1
ocfs2-kmp-default-debuginfo-5.3.18-59.10.1
reiserfs-kmp-default-5.3.18-59.10.1
reiserfs-kmp-default-debuginfo-5.3.18-59.10.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-59.10.1
kernel-debug-debuginfo-5.3.18-59.10.1
kernel-debug-debugsource-5.3.18-59.10.1
kernel-debug-devel-5.3.18-59.10.1
kernel-debug-devel-debuginfo-5.3.18-59.10.1
kernel-debug-livepatch-devel-5.3.18-59.10.1
kernel-kvmsmall-5.3.18-59.10.1
kernel-kvmsmall-debuginfo-5.3.18-59.10.1
kernel-kvmsmall-debugsource-5.3.18-59.10.1
kernel-kvmsmall-devel-5.3.18-59.10.1
kernel-kvmsmall-devel-debuginfo-5.3.18-59.10.1
kernel-kvmsmall-livepatch-devel-5.3.18-59.10.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-59.10.1
cluster-md-kmp-preempt-debuginfo-5.3.18-59.10.1
dlm-kmp-preempt-5.3.18-59.10.1
dlm-kmp-preempt-debuginfo-5.3.18-59.10.1
gfs2-kmp-preempt-5.3.18-59.10.1
gfs2-kmp-preempt-debuginfo-5.3.18-59.10.1
kernel-preempt-5.3.18-59.10.1
kernel-preempt-debuginfo-5.3.18-59.10.1
kernel-preempt-debugsource-5.3.18-59.10.1
kernel-preempt-devel-5.3.18-59.10.1
kernel-preempt-devel-debuginfo-5.3.18-59.10.1
kernel-preempt-extra-5.3.18-59.10.1
kernel-preempt-extra-debuginfo-5.3.18-59.10.1
kernel-preempt-livepatch-devel-5.3.18-59.10.1
kernel-preempt-optional-5.3.18-59.10.1
kernel-preempt-optional-debuginfo-5.3.18-59.10.1
kselftests-kmp-preempt-5.3.18-59.10.1
kselftests-kmp-preempt-debuginfo-5.3.18-59.10.1
ocfs2-kmp-preempt-5.3.18-59.10.1
ocfs2-kmp-preempt-debuginfo-5.3.18-59.10.1
reiserfs-kmp-preempt-5.3.18-59.10.1
reiserfs-kmp-preempt-debuginfo-5.3.18-59.10.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-59.10.1
cluster-md-kmp-64kb-debuginfo-5.3.18-59.10.1
dlm-kmp-64kb-5.3.18-59.10.1
dlm-kmp-64kb-debuginfo-5.3.18-59.10.1
gfs2-kmp-64kb-5.3.18-59.10.1
gfs2-kmp-64kb-debuginfo-5.3.18-59.10.1
kernel-64kb-5.3.18-59.10.1
kernel-64kb-debuginfo-5.3.18-59.10.1
kernel-64kb-debugsource-5.3.18-59.10.1
kernel-64kb-devel-5.3.18-59.10.1
kernel-64kb-devel-debuginfo-5.3.18-59.10.1
kernel-64kb-extra-5.3.18-59.10.1
kernel-64kb-extra-debuginfo-5.3.18-59.10.1
kernel-64kb-livepatch-devel-5.3.18-59.10.1
kernel-64kb-optional-5.3.18-59.10.1
kernel-64kb-optional-debuginfo-5.3.18-59.10.1
kselftests-kmp-64kb-5.3.18-59.10.1
kselftests-kmp-64kb-debuginfo-5.3.18-59.10.1
ocfs2-kmp-64kb-5.3.18-59.10.1
ocfs2-kmp-64kb-debuginfo-5.3.18-59.10.1
reiserfs-kmp-64kb-5.3.18-59.10.1
reiserfs-kmp-64kb-debuginfo-5.3.18-59.10.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-59.10.1
kernel-docs-5.3.18-59.10.1
kernel-docs-html-5.3.18-59.10.1
kernel-macros-5.3.18-59.10.1
kernel-source-5.3.18-59.10.1
kernel-source-vanilla-5.3.18-59.10.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-59.10.1
kernel-zfcpdump-debuginfo-5.3.18-59.10.1
kernel-zfcpdump-debugsource-5.3.18-59.10.1
References:
https://www.suse.com/security/cve/CVE-2020-26558.html
https://www.suse.com/security/cve/CVE-2020-36385.html
https://www.suse.com/security/cve/CVE-2020-36386.html
https://www.suse.com/security/cve/CVE-2021-0129.html
https://bugzilla.suse.com/1087082
https://bugzilla.suse.com/1152489
https://bugzilla.suse.com/1154353
https://bugzilla.suse.com/1174978
https://bugzilla.suse.com/1176447
https://bugzilla.suse.com/1176771
https://bugzilla.suse.com/1177666
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1178378
https://bugzilla.suse.com/1178612
https://bugzilla.suse.com/1179610
https://bugzilla.suse.com/1182999
https://bugzilla.suse.com/1183712
https://bugzilla.suse.com/1184259
https://bugzilla.suse.com/1184436
https://bugzilla.suse.com/1184631
https://bugzilla.suse.com/1185195
https://bugzilla.suse.com/1185428
https://bugzilla.suse.com/1185497
https://bugzilla.suse.com/1185570
https://bugzilla.suse.com/1185589
https://bugzilla.suse.com/1185675
https://bugzilla.suse.com/1185701
https://bugzilla.suse.com/1186155
https://bugzilla.suse.com/1186286
https://bugzilla.suse.com/1186460
https://bugzilla.suse.com/1186463
https://bugzilla.suse.com/1186472
https://bugzilla.suse.com/1186501
https://bugzilla.suse.com/1186672
https://bugzilla.suse.com/1186677
https://bugzilla.suse.com/1186681
https://bugzilla.suse.com/1186752
https://bugzilla.suse.com/1186885
https://bugzilla.suse.com/1186928
https://bugzilla.suse.com/1186949
https://bugzilla.suse.com/1186950
https://bugzilla.suse.com/1186951
https://bugzilla.suse.com/1186952
https://bugzilla.suse.com/1186953
https://bugzilla.suse.com/1186954
https://bugzilla.suse.com/1186955
https://bugzilla.suse.com/1186956
https://bugzilla.suse.com/1186957
https://bugzilla.suse.com/1186958
https://bugzilla.suse.com/1186959
https://bugzilla.suse.com/1186960
https://bugzilla.suse.com/1186961
https://bugzilla.suse.com/1186962
https://bugzilla.suse.com/1186963
https://bugzilla.suse.com/1186964
https://bugzilla.suse.com/1186965
https://bugzilla.suse.com/1186966
https://bugzilla.suse.com/1186967
https://bugzilla.suse.com/1186968
https://bugzilla.suse.com/1186969
https://bugzilla.suse.com/1186970
https://bugzilla.suse.com/1186971
https://bugzilla.suse.com/1186972
https://bugzilla.suse.com/1186973
https://bugzilla.suse.com/1186974
https://bugzilla.suse.com/1186976
https://bugzilla.suse.com/1186977
https://bugzilla.suse.com/1186978
https://bugzilla.suse.com/1186979
https://bugzilla.suse.com/1186980
https://bugzilla.suse.com/1186981
https://bugzilla.suse.com/1186982
https://bugzilla.suse.com/1186983
https://bugzilla.suse.com/1186984
https://bugzilla.suse.com/1186985
https://bugzilla.suse.com/1186986
https://bugzilla.suse.com/1186987
https://bugzilla.suse.com/1186988
https://bugzilla.suse.com/1186989
https://bugzilla.suse.com/1186990
https://bugzilla.suse.com/1186991
https://bugzilla.suse.com/1186992
https://bugzilla.suse.com/1186993
https://bugzilla.suse.com/1186994
https://bugzilla.suse.com/1186995
https://bugzilla.suse.com/1186996
https://bugzilla.suse.com/1186997
https://bugzilla.suse.com/1186998
https://bugzilla.suse.com/1186999
https://bugzilla.suse.com/1187000
https://bugzilla.suse.com/1187001
https://bugzilla.suse.com/1187002
https://bugzilla.suse.com/1187003
https://bugzilla.suse.com/1187038
https://bugzilla.suse.com/1187039
https://bugzilla.suse.com/1187050
https://bugzilla.suse.com/1187052
https://bugzilla.suse.com/1187067
https://bugzilla.suse.com/1187068
https://bugzilla.suse.com/1187069
https://bugzilla.suse.com/1187072
https://bugzilla.suse.com/1187143
https://bugzilla.suse.com/1187144
https://bugzilla.suse.com/1187167
https://bugzilla.suse.com/1187334
https://bugzilla.suse.com/1187344
https://bugzilla.suse.com/1187345
https://bugzilla.suse.com/1187346
https://bugzilla.suse.com/1187347
https://bugzilla.suse.com/1187348
https://bugzilla.suse.com/1187349
https://bugzilla.suse.com/1187350
https://bugzilla.suse.com/1187351
https://bugzilla.suse.com/1187357
https://bugzilla.suse.com/1187711
1
0
openSUSE-SU-2021:0938-1: important: Security update for chromium
by opensuse-security@opensuse.org 28 Jun '21
by opensuse-security@opensuse.org 28 Jun '21
28 Jun '21
openSUSE Security Update: Security update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0938-1
Rating: important
References: #1187141 #1187481
Cross-References: CVE-2021-30544 CVE-2021-30545 CVE-2021-30546
CVE-2021-30547 CVE-2021-30548 CVE-2021-30549
CVE-2021-30550 CVE-2021-30551 CVE-2021-30552
CVE-2021-30553 CVE-2021-30554 CVE-2021-30555
CVE-2021-30556 CVE-2021-30557
CVSS scores:
CVE-2021-30544 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30545 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30546 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30547 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30548 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30549 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30550 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30551 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30552 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-30553 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________
An update that fixes 14 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
Chromium 91.0.4472.114 (boo#1187481)
* CVE-2021-30554: Use after free in WebGL
* CVE-2021-30555: Use after free in Sharing
* CVE-2021-30556: Use after free in WebAudio
* CVE-2021-30557: Use after free in TabGroups
* CVE-2021-30544: Use after free in BFCache
* CVE-2021-30545: Use after free in Extensions
* CVE-2021-30546: Use after free in Autofill
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-30548: Use after free in Loader
* CVE-2021-30549: Use after free in Spell check
* CVE-2021-30550: Use after free in Accessibility
* CVE-2021-30551: Type Confusion in V8
* CVE-2021-30552: Use after free in Extensions
* CVE-2021-30553: Use after free in Network service
* Fix use-after-free in SendTabToSelfSubMenuModel
* Destroy system-token NSSCertDatabase on the IO thread
* Various fixes from internal audits, fuzzing and other initiatives
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2021-938=1
Package List:
- openSUSE Backports SLE-15-SP3 (aarch64 x86_64):
chromedriver-91.0.4472.114-bp153.2.13.1
chromedriver-debuginfo-91.0.4472.114-bp153.2.13.1
chromium-91.0.4472.114-bp153.2.13.1
chromium-debuginfo-91.0.4472.114-bp153.2.13.1
References:
https://www.suse.com/security/cve/CVE-2021-30544.html
https://www.suse.com/security/cve/CVE-2021-30545.html
https://www.suse.com/security/cve/CVE-2021-30546.html
https://www.suse.com/security/cve/CVE-2021-30547.html
https://www.suse.com/security/cve/CVE-2021-30548.html
https://www.suse.com/security/cve/CVE-2021-30549.html
https://www.suse.com/security/cve/CVE-2021-30550.html
https://www.suse.com/security/cve/CVE-2021-30551.html
https://www.suse.com/security/cve/CVE-2021-30552.html
https://www.suse.com/security/cve/CVE-2021-30553.html
https://www.suse.com/security/cve/CVE-2021-30554.html
https://www.suse.com/security/cve/CVE-2021-30555.html
https://www.suse.com/security/cve/CVE-2021-30556.html
https://www.suse.com/security/cve/CVE-2021-30557.html
https://bugzilla.suse.com/1187141
https://bugzilla.suse.com/1187481
1
0