SUSE: 2021:599-1 ses/7/cephcsi/cephcsi Security Update | LinuxSecur...

Advisories

SUSE Container Update Advisory: ses/7/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2021:599-1
Container Tags        : ses/7/cephcsi/cephcsi:3.3.1 , ses/7/cephcsi/cephcsi:3.3.1.0.3.670 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.3.1 , ses/7/cephcsi/cephcsi:v3.3.1.0
Container Release     : 3.670
Severity              : critical
Type                  : security
References            : 1027496 1029961 1065729 1085917 1113013 1122417 1125886 1134353
                        1148868 1152489 1154353 1159886 1161276 1162581 1164548 1167773
                        1170774 1171962 1172505 1172973 1172974 1173746 1174504 1176473
                        1176940 1177100 1177460 1178236 1179416 1179898 1179899 1179900
                        1179901 1179902 1179903 1180064 1180125 1180451 1180454 1180461
                        1181291 1181299 1181306 1181309 1181371 1181452 1181535 1181536
                        1182252 1183028 1183085 1183374 1183511 1183543 1183545 1183561
                        1183632 1183659 1183818 1183858 1183909 1184439 1184517 1184519
                        1184614 1184620 1184794 1184804 1184994 1185016 1185246 1185299
                        1185302 1185524 1185588 1185677 1185726 1185748 1185762 1185768
                        1186348 1186489 1186503 1186602 1186910 1187153 1187167 1187196
                        1187224 1187270 1187273 1187338 1187425 1187466 1187512 1187654
                        1187668 1187670 1187738 1187760 1187911 1187993 1188018 1188063
                        1188067 1188156 1188291 1188344 1188435 1188548 1188571 1188623
                        1188651 1188651 1188713 1188921 1188941 1188979 1188986 1189031
                        1189173 1189206 1189241 1189287 1189297 1189465 1189465 1189480
                        1189520 1189521 1189521 1189534 1189552 1189554 1189683 1189803
                        1189841 1189841 1189884 1189929 1189983 1189984 1189996 1190023
                        1190052 1190059 1190062 1190115 1190159 1190199 1190234 1190325
                        1190356 1190358 1190373 1190374 1190406 1190432 1190440 1190465
                        1190467 1190523 1190534 1190543 1190576 1190595 1190596 1190598
                        1190598 1190620 1190626 1190645 1190679 1190705 1190712 1190717
                        1190739 1190746 1190758 1190772 1190784 1190785 1190793 1190815
                        1190858 1190915 1190933 1190984 1191019 1191172 1191193 1191200
                        1191240 1191252 1191260 1191286 1191292 1191324 1191370 1191473
                        1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191690
                        1191736 1191804 1191922 1191987 1192161 1192248 1192267 1192337
                        1192367 1192436 1192688 1192717 1192840 1193481 1193521 CVE-2016-10228
                        CVE-2019-20838 CVE-2020-12049 CVE-2020-14155 CVE-2020-16590 CVE-2020-16591
                        CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-29361
                        CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2020-3702
                        CVE-2021-20197 CVE-2021-20266 CVE-2021-20271 CVE-2021-20284 CVE-2021-20294
                        CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-3421
                        CVE-2021-3426 CVE-2021-3487 CVE-2021-35942 CVE-2021-36222 CVE-2021-3669
                        CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-3733 CVE-2021-3737
                        CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750
                        CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 CVE-2021-42771
                        CVE-2021-43618 
-----------------------------------------------------------------

The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2020:3026-1
Released:    Fri Oct 23 15:35:49 2020
Summary:     Optional update for the Public Cloud Module
Type:        optional
Severity:    moderate
References:  

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).
The following packages were included:

- python3-grpcio
- python3-protobuf
- python3-google-api-core
- python3-google-cloud-core
- python3-google-cloud-storage
- python3-google-resumable-media
- python3-googleapis-common-protos
- python3-grpcio-gcp
- python3-mock (updated to version 3.0.5)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:294-1
Released:    Wed Feb  3 12:54:28 2021
Summary:     Recommended update for libprotobuf
Type:        recommended
Severity:    moderate
References:  

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)
  
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2689-1
Released:    Mon Aug 16 10:54:52 2021
Summary:     Security update for cpio
Type:        security
Severity:    important
References:  1189206,CVE-2021-38185
This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2763-1
Released:    Tue Aug 17 17:16:22 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465
This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)
  
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2780-1
Released:    Thu Aug 19 16:09:15 2021
Summary:     Recommended update for cpio
Type:        recommended
Severity:    critical
References:  1189465,CVE-2021-38185
This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2800-1
Released:    Fri Aug 20 10:43:04 2021
Summary:     Security update for krb5
Type:        security
Severity:    important
References:  1188571,CVE-2021-36222
This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2810-1
Released:    Mon Aug 23 12:14:30 2021
Summary:     Security update for dbus-1
Type:        security
Severity:    moderate
References:  1172505,CVE-2020-12049
This update for dbus-1 fixes the following issues:

- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

-----------------------------------------------------------------
Advisory ID: SUSE-OU-2021:2816-1
Released:    Mon Aug 23 14:17:09 2021
Summary:     Optional update for python-kubernetes
Type:        optional
Severity:    low
References:  
This patch provides the python3-kubernetes package to the following modules:

- Container Module for SUSE Linux Enterprise 15 SP2
- Container Module for SUSE Linux Enterprise 15 SP3

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2830-1
Released:    Tue Aug 24 16:20:18 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    important
References:  1189520,1189521,CVE-2021-3711,CVE-2021-3712
This update for openssl-1_1 fixes the following security issues:

- CVE-2021-3711: A bug in the implementation of the SM2 decryption code
  could lead to buffer overflows. [bsc#1189520]

- CVE-2021-3712: a bug in the code for printing certificate details could
  lead to a buffer overrun that a malicious actor could exploit to crash
  the application, causing a denial-of-service attack. [bsc#1189521]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2863-1
Released:    Mon Aug 30 08:18:50 2021
Summary:     Recommended update for python-dbus-python
Type:        recommended
Severity:    moderate
References:  1183818
This update for python-dbus-python fixes the following issues:

- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

- update to 1.2.16:
  * All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

- Support builds with more than one python3 flavor
- Clean duplicate python flavor variables for configure

- Version update to version 1.2.14:
  * Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.
  * Disable -Winline.
  * Add clearer license information using SPDX-License-Identifier.
  * Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.
  * Add missing variant_level member to UnixFd type, for parity with the other dbus.types types
  * Don't reply to method calls if they have the NO_REPLY_EXPECTED flag
  * Silence '-Wcast-function-type' with gcc 8.
  * Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.
  * Consistently save and restore the exception indicator when called from C code.

- Add missing dependency for pkg-config files

- Version update to version 1.2.8:
  * Python 2.7 required or 3.4 respectively
  * Upstream dropped epydoc completely

- Add dbus-1-python3 package
- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to
- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon
- New package: dbus-1-python-devel

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2895-1
Released:    Tue Aug 31 19:40:50 2021
Summary:     Recommended update for unixODBC
Type:        recommended
Severity:    moderate
References:  
This update for unixODBC fixes the following issues:

- ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)
- Fix incorrect permission for documentation files.
- Update requires and baselibs for new libodbc2.
- Employ shared library packaging guideline: new subpacakge libodbc2. 
- Update to 2.3.9:
  * Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h

- Update to 2.3.8:
  * Add configure support for editline
  * SQLDriversW was ignoring user config
  * SQLDataSources Fix termination character
  * Fix for pooling seg fault
  * Make calling SQLSetStmtAttrW call the W function in the driver is its there
  * Try and fix race condition clearing system odbc.ini file
  * Remove trailing space from isql/iusql SQL
  * When setting connection attributes set before connect also check if the W entry poins can be used
  * Try calling the W error functions first if available in the driver
  * Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle
  * iconv handles was being lost when reusing pooled connection
  * Catch null copy in iniPropertyInsert
  * Fix a few leaks 

- Update to 2.3.7:
  * Fix for pkg-config file update on no linux platforms
  * Add W entry for GUI work
  * Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W
  * Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString
  * SQLBrowseConnect/W allow disconnecting a started browse session after error
  * Add --with-stats-ftok-name configure option to allow the selection of a file name
    used to generate the IPC id when collecting stats. Default is the system odbc.ini file
  * Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle
  * bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys
  * Connection pooling: Fix liveness check for Unicode drivers

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2938-1
Released:    Fri Sep  3 09:19:36 2021
Summary:     Recommended update for openldap2
Type:        recommended
Severity:    moderate
References:  1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:2966-1
Released:    Tue Sep  7 09:49:14 2021
Summary:     Security update for openssl-1_1
Type:        security
Severity:    low
References:  1189521,CVE-2021-3712
This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. 
  Read buffer overruns processing ASN.1 strings (bsc#1189521).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3001-1
Released:    Thu Sep  9 15:08:13 2021
Summary:     Recommended update for netcfg
Type:        recommended
Severity:    moderate
References:  1189683
This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3021-1
Released:    Mon Sep 13 10:32:31 2021
Summary:     Recommended update for ceph
Type:        recommended
Severity:    moderate
References:  1181291,1183561,1184517,1185246,1186348,1188979,1189173
This update for ceph fixes the following issues:

- cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517)
- rgw: check object locks in multi-object delete (bsc#1185246)
- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)
- mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979)
- mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173)
- qa/tasks/salt_manager: allow gatherlogs for files in subdir
- qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out
- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)
- Revert 'cephadm: default container_init to False' (bsc#1188979)
- mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291)
- mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561)
- Update _constraints: only honor physical memory, not 'any memory'  (e.g. swap). 

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3030-1
Released:    Tue Sep 14 09:27:45 2021
Summary:     Recommended update for patterns-base
Type:        recommended
Severity:    moderate
References:  1189534,1189554

This update of patterns-base fixes the following issue:

- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3034-1
Released:    Tue Sep 14 13:49:23 2021
Summary:     Recommended update for python-pytz
Type:        recommended
Severity:    moderate
References:  1185748
This update for python-pytz fixes the following issues:

- Add %pyunittest shim for platforms where it is missing.
- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

- update to 2021.1:
  * update to IANA 2021a timezone release 

- update to 2020.5:
  * update to IANA 2020e timezone release 
  
- update to 2020.4:
  * update to IANA 2020d timezone release

- update to version 2020.1:
  * Test against Python 3.8 and Python 3.9
  * Bump version numbers to 2020.1/2020a
  * use .rst extension name
  * Make FixedOffset part of public API

- Update to 2019.3
  * IANA 2019c

- Add versioned dependency on timezone database to ensure the correct data is installed
- Add a symlink to the  system timezone database

- update to 2019.2
 *	IANA 2019b
 * 	Defer generating case-insensitive lookups


-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3182-1
Released:    Tue Sep 21 17:04:26 2021
Summary:     Recommended update for file
Type:        recommended
Severity:    moderate
References:  1189996
This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3233-1
Released:    Mon Sep 27 15:02:21 2021
Summary:     Recommended update for xfsprogs
Type:        recommended
Severity:    moderate
References:  1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552
This update for xfsprogs fixes the following issues:

- Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299)
- xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency.
- mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536)
- mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535)
- xfs_growfs: Refactor geometry reporting. (bsc#1181306)
- xfs_growfs: Allow mounted device node as argument. (bsc#1181299)
- xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309)
- xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651)
- xfs_bmap: Remove '-c' from manpage. (bsc#1189552)
- xfs_bmap: Do not reject '-e'. (bsc#1189552)
- Implement 'libhandle1' through ECO. (jsc#SLE-20360)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3274-1
Released:    Fri Oct  1 10:34:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    important
References:  1190858
This update for ca-certificates-mozilla fixes the following issues:

- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires
  September 30th 2021 and openssl certificate chain handling does not
  handle this correctly in openssl 1.0.2 and older.
  (bsc#1190858)


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3298-1
Released:    Wed Oct  6 16:54:52 2021
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1190373,1190374,CVE-2021-22946,CVE-2021-22947
This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).
- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3318-1
Released:    Wed Oct  6 19:31:19 2021
Summary:     Recommended update for sudo
Type:        recommended
Severity:    moderate
References:  1176473,1181371
This update for sudo fixes the following issues:

- Update to sudo 1.8.27 (jsc#SLE-17083).
- Fixed special handling of ipa_hostname (bsc#1181371).
- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3348-1
Released:    Tue Oct 12 13:08:06 2021
Summary:     Security update for systemd
Type:        security
Severity:    moderate
References:  1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910
This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).
- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).
- Rules weren't applied to dm devices (multipath) (bsc#1188713).
- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).
- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).
- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).
- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3382-1
Released:    Tue Oct 12 14:30:17 2021
Summary:     Recommended update for ca-certificates-mozilla
Type:        recommended
Severity:    moderate
References:  
This update for ca-certificates-mozilla fixes the following issues:

- A new sub-package for minimal base containers (jsc#SLE-22162)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3385-1
Released:    Tue Oct 12 15:54:31 2021
Summary:     Security update for glibc
Type:        security
Severity:    moderate
References:  1186489,1187911,CVE-2021-33574,CVE-2021-35942
This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)
- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3411-1
Released:    Wed Oct 13 10:42:25 2021
Summary:     Recommended update for lvm2
Type:        recommended
Severity:    moderate
References:  1191019
This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3412-1
Released:    Wed Oct 13 10:50:33 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1189841,1190598
This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3444-1
Released:    Fri Oct 15 09:03:07 2021
Summary:     Security update for rpm
Type:        security
Severity:    important
References:  1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421
This update for rpm fixes the following issues:

Security issues fixed:

- CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)
- PGP hardening changes (bsc#1185299)
- Fixed potential access of freed mem in ndb's glue code (bsc#1179416)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)
- Added ndb rofs support (bsc#1188548)
- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3447-1
Released:    Fri Oct 15 09:05:12 2021
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490


The SUSE Linux Enterprise 15 SP2 kernel was updated.


The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)
- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)
- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)
- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)
- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)
- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).
- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).
- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).
- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).
- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).
- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).
- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).
- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).
- ath9k: fix sleeping in atomic context (git-fixes).
- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).
- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).
- blk-mq: mark if one queue map uses managed irq (bsc#1185762).
- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).
- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).
- bnxt_en: Add missing DMA memory barriers (git-fixes).
- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).
- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).
- bnxt_en: Store the running firmware version code (git-fixes).
- bnxt: count Tx drops (git-fixes).
- bnxt: disable napi before canceling DIM (git-fixes).
- bnxt: do not lock the tx queue from napi poll (git-fixes).
- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).
- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).
- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).
- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).
- console: consume APC, DM, DCS (git-fixes).
- cuse: fix broken release (bsc#1190596).
- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).
- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).
- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).
- dmaengine: ioat: depends on !UML (git-fixes).
- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).
- docs: Fix infiniband uverbs minor number (git-fixes).
- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).
- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).
- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).
- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).
- drm/amdgpu: Fix BUG_ON assert (git-fixes).
- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).
- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).
- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).
- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).
- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).
- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).
- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).
- erofs: fix up erofs_lookup tracepoint (git-fixes).
- fbmem: do not allow too huge resolutions (git-fixes).
- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).
- fpga: machxo2-spi: Return an error on failure (git-fixes).
- fuse: flush extending writes (bsc#1190595).
- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).
- genirq: add device_has_managed_msi_irq (bsc#1185762).
- gpio: uniphier: Fix void functions to remove return value (git-fixes).
- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).
- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).
- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).
- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).
- hwmon: (tmp421) fix rounding for negative values (git-fixes).
- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).
- i40e: Add additional info to PHY type error (git-fixes).
- i40e: Fix firmware LLDP agent related warning (git-fixes).
- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).
- i40e: Fix logic of disabling queues (git-fixes).
- i40e: Fix queue-to-TC mapping on Tx (git-fixes).
- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).
- iavf: Set RSS LUT and key in reset handle path (git-fixes).
- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).
- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).
- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).
- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).
- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).
- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).
- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).
- ice: Prevent probing virtual functions (git-fixes).
- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).
- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).
- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).
- ionic: cleanly release devlink instance (bsc#1167773).
- ionic: count csum_none when offload enabled (bsc#1167773).
- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).
- ipc/util.c: use binary search for max_idx (bsc#1159886).
- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).
- ipvs: avoid expiring many connections from timer (bsc#1190467).
- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).
- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).
- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).
- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.
- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.
- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).
- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.
- libata: fix ata_host_start() (git-fixes).
- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).
- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).
- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).
- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).
- mac80211: mesh: fix potentially unaligned access (git-fixes).
- media: cedrus: Fix SUNXI tile size calculation (git-fixes).
- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).
- media: dib8000: rewrite the init prbs logic (git-fixes).
- media: imx258: Limit the max analogue gain to 480 (git-fixes).
- media: imx258: Rectify mismatch of VTS value (git-fixes).
- media: rc-loopback: return number of emitters rather than error (git-fixes).
- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).
- media: uvc: do not do DMA on stack (git-fixes).
- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).
- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).
- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).
- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).
- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).
- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).
- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).
- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).
- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).
- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).
- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).
- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).
- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).
- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).
- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).
- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).
- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).
- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).
- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).
- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).
- net/mlx5: Fix flow table chaining (git-fixes).
- net/mlx5: Fix return value from tracer initialization (git-fixes).
- net/mlx5: Unload device upon firmware fatal error (git-fixes).
- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).
- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).
- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).
- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).
- nfp: update ethtool reporting of pauseframe control (git-fixes).
- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).
- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).
- NFS: pass cred explicitly for access tests (bsc#1190746).
- nvme: avoid race in shutdown namespace removal (bsc#1188067).
- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).
- parport: remove non-zero check on count (git-fixes).
- PCI: aardvark: Fix checking for PIO status (git-fixes).
- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).
- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).
- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).
- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).
- PCI: Add AMD GPU multi-function power dependencies (git-fixes).
- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).
- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).
- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).
- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).
- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).
- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).
- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).
- PM: EM: Increase energy calculation precision (git-fixes).
- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).
- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).
- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).
- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).
- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).
- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).
- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).
- powerpc/perf: Fix the check for SIAR value (bsc#1065729).
- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).
- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).
- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).
- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).
- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).
- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).
- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).
- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).
- pwm: img: Do not modify HW state in .remove() callback (git-fixes).
- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).
- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).
- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).
- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).
- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).
- regmap: fix page selection for noinc reads (git-fixes).
- regmap: fix page selection for noinc writes (git-fixes).
- regmap: fix the offset of register error log (git-fixes).
- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).
- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.
- rpm/kernel-binary.spec: Use only non-empty certificates.
- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).
- rtc: rx8010: select REGMAP_I2C (git-fixes).
- rtc: tps65910: Correct driver module alias (git-fixes).
- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).
- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).
- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).
- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).
- scsi: fc: Add EDC ELS definition (bsc#1190576).
- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).
- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).
- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).
- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).
- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).
- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).
- scsi: lpfc: Add EDC ELS support (bsc#1190576).
- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).
- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).
- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).
- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).
- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).
- scsi: lpfc: Add support for the CM framework (bsc#1190576).
- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).
- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).
- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).
- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).
- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).
- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).
- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).
- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).
- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).
- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).
- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).
- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).
- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).
- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).
- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).
- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).
- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).
- scsi: lpfc: Remove unneeded variable (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).
- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).
- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).
- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).
- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).
- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).
- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).
- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).
- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).
- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).
- serial: sh-sci: fix break handling for sysrq (git-fixes).
- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).
- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).
- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).
- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).
- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).
- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).
- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).
- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).
- tty: synclink_gt, drop unneeded forward declarations (git-fixes).
- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).
- usb: core: hcd: Add support for deferring roothub registration (git-fixes).
- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).
- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).
- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).
- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).
- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).
- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).
- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).
- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).
- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).
- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).
- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).
- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).
- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).
- usb: serial: option: add Telit LN920 compositions (git-fixes).
- usb: serial: option: remove duplicate USB device ID (git-fixes).
- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).
- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).
- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).
- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).
- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).
- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).
- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).
- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).
- vmxnet3: prepare for version 6 changes (bsc#1190406).
- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).
- vmxnet3: set correct hash type based on rss information (bsc#1190406).
- vmxnet3: update to version 6 (bsc#1190406).
- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).
- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).
- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).
- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).
- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).
- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).
- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).
- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).
- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).
- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3454-1
Released:    Mon Oct 18 09:29:26 2021
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1189929,CVE-2021-37750
This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3480-1
Released:    Wed Oct 20 11:24:08 2021
Summary:     Recommended update for yast2-network
Type:        recommended
Severity:    moderate
References:  1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933
This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).
- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).
- Consider aliases sections as case insensitive (bsc#1190739).
- Display user defined device name in the devices overview (bnc#1190645).
- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).
- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).
- Fix desktop file so the control center tooltip is translated (bsc#1187270).
- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).
- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3490-1
Released:    Wed Oct 20 16:31:55 2021
Summary:     Security update for ncurses
Type:        security
Severity:    moderate
References:  1190793,CVE-2021-39537
This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3494-1
Released:    Wed Oct 20 16:48:46 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    moderate
References:  1190052
This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)
- Added new file macros.pam on request of systemd. (bsc#1190052)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3501-1
Released:    Fri Oct 22 10:42:46 2021
Summary:     Recommended update for libzypp, zypper, libsolv, protobuf
Type:        recommended
Severity:    moderate
References:  1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815
This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)
- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)
- Do not check of signatures and keys two times(redundant) (bsc#1190059)
- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)
- Show key fpr from signature when signature check fails (bsc#1187224)
- Fix solver jobs for PTFs (bsc#1186503)
- Fix purge-kernels fails (bsc#1187738)
- Fix obs:// platform guessing for Leap (bsc#1187425)
- Make sure to keep states alives while transitioning. (bsc#1190199)
- Manpage: Improve description about patch updates(bsc#1187466)
- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.
- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)
- Fix crashes in logging code when shutting down (bsc#1189031)
- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)
- Add need reboot/restart hint to XML install summary (bsc#1188435)
- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)
- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3510-1
Released:    Tue Oct 26 11:22:15 2021
Summary:     Recommended update for pam
Type:        recommended
Severity:    important
References:  1191987
This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in
  the 'securetty' file to be installed as 'macros.pam'.
  (bsc#1191987)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3515-1
Released:    Tue Oct 26 13:48:04 2021
Summary:     Recommended update for suse-module-tools
Type:        recommended
Severity:    important
References:  1191200,1191260,1191480,1191804,1191922
This update for suse-module-tools fixes the following issues:


Update to version 15.2.15:

- Fix bad exit status in openQA. (bsc#1191922)
- Deal with existing certificates that should be de-enrolled. (bsc#1191804)
- Ignore kernel keyring for kernel certificates. (bsc#1191480)
- Print 'mokutil' output in verbose mode.
- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)
- Don't pass existing files to weak-modules2. (bsc#1191200)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3523-1
Released:    Tue Oct 26 15:40:13 2021
Summary:     Security update for util-linux
Type:        security
Severity:    moderate
References:  1122417,1125886,1178236,1188921,CVE-2021-37600
This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).
- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).
- mount: Fix 'mount' output for net file systems (bsc#1122417).
- ipcs: Avoid overflows (bsc#1178236)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3529-1
Released:    Wed Oct 27 09:23:32 2021
Summary:     Security update for pcre
Type:        security
Severity:    moderate
References:  1172973,1172974,CVE-2019-20838,CVE-2020-14155
This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).
- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3567-1
Released:    Wed Oct 27 22:14:01 2021
Summary:     Recommended update for apparmor
Type:        recommended
Severity:    moderate
References:  1191690
This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3616-1
Released:    Thu Nov  4 12:29:15 2021
Summary:     Security update for binutils
Type:        security
Severity:    moderate
References:  1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487
This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to
  build.
* Support for Realm Management Extension (RME) for AArch64 has been
  added.
* A new linker option '-z report-relative-reloc' for x86 ELF targets
  has been added to report dynamic relative relocations.
* A new linker option '-z start-stop-gc' has been added to disable
  special treatment of __start_*/__stop_* references when
  --gc-sections.
* A new linker options '-Bno-symbolic' has been added which will
  cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.
* The readelf tool has a new command line option which can be used to
  specify how the numeric values of symbols are reported.
  --sym-base=0|8|10|16 tells readelf to display the values in base 8,
  base 10 or base 16.  A sym base of 0 represents the default action
  of displaying values under 10000 in base 10 and values above that in
  base 16.
* A new format has been added to the nm program.  Specifying
  '--format=just-symbols' (or just using -j) will tell the program to
  only display symbol names and nothing else.
* A new command line option '--keep-section-symbols' has been added to
  objcopy and strip.  This stops the removal of unused section symbols
  when the file is copied.  Removing these symbols saves space, but
  sometimes they are needed by other tools.
* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options
  supported by objcopy now make undefined symbols weak on targets that
  support weak symbols. 
* Readelf and objdump can now display and use the contents of .debug_sup
  sections.
* Readelf and objdump will now follow links to separate debug info
  files by default.  This behaviour can be stopped via the use of the
  new '-wN' or '--debug-dump=no-follow-links' options for readelf and
  the '-WN' or '--dwarf=no-follow-links' options for objdump.  Also
  the old behaviour can be restored by the use of the
  '--enable-follow-debug-links=no' configure time option.

  The semantics of the =follow-links option have also been slightly
  changed.  When enabled, the option allows for the loading of symbol
  tables and string tables from the separate files which can be used
  to enhance the information displayed when dumping other sections,
  but it does not automatically imply that information from the
  separate files should be displayed.

  If other debug section display options are also enabled (eg
  '--debug-dump=info') then the contents of matching sections in both
  the main file and the separate debuginfo file *will* be displayed.
  This is because in most cases the debug section will only be present
  in one of the files.

  If however non-debug section display options are enabled (eg
  '--sections') then the contents of matching parts of the separate
  debuginfo file will *not* be displayed.  This is because in most
  cases the user probably only wanted to load the symbol information
  from the separate debuginfo file.  In order to change this behaviour
  a new command line option --process-links can be used.  This will
  allow di0pslay options to applied to both the main file and any
  separate debuginfo files.

* Nm has a new command line option: '--quiet'.  This suppresses 'no
  symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

   * When setting the link order attribute of ELF sections, it is now
     possible to use a numeric section index instead of symbol name.
   * Added a .nop directive to generate a single no-op instruction in
     a target neutral manner.  This instruction does have an effect on
     DWARF line number generation, if that is active.
   * Removed --reduce-memory-overheads and --hash-size as gas now
     uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

   * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key
     Locker instructions. 
   * Support non-absolute segment values for lcall and ljmp.
   * Add {disp16} pseudo prefix to x86 assembler.
   * Configure with --enable-x86-used-note by default for Linux/x86.

-  ARM/AArch64:

   * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,
     Cortex-R82, Neoverse V1, and Neoverse N2 cores.
   * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded
     Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call
     Stack Recorder Extension) and BRBE (Branch Record Buffer
     Extension) system registers.
   * Add support for Armv8-R and Armv8.7-A ISA extensions.
   * Add support for DSB memory nXS barrier, WFET and WFIT
     instruction for Armv8.7.
   * Add support for +csre feature for -march. Add CSR PDEC
     instruction for CSRE feature in AArch64.
   * Add support for +flagm feature for -march in Armv8.4 AArch64.
   * Add support for +ls64 feature for -march in Armv8.7
     AArch64. Add atomic 64-byte load/store instructions for this
     feature. 
   * Add support for +pauth (Pointer Authentication) feature for
     -march in AArch64.

New features in the Linker:

  * Add --error-handling-script= command line option to allow
    a helper script to be invoked when an undefined symbol or a
    missing library is encountered.  This option can be suppressed
    via the configure time switch: --enable-error-handling-script=no.
  * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark
    x86-64-{baseline|v[234]} ISA level as needed.
  * Add -z unique-symbol to avoid duplicated local symbol names.
  * The creation of PE format DLLs now defaults to using a more
    secure set of DLL characteristics.
  * The linker now deduplicates the types in .ctf sections.  The new 
     command-line option --ctf-share-types describes how to do this:
     its default value, share-unconflicted, produces the most compact
     output.
  * The linker now omits the 'variable section' from .ctf sections
    by default, saving space.  This is almost certainly what you
    want unless you are working on a project that has its own
    analogue of symbol tables that are not reflected in the ELF
    symtabs.

New features in other binary tools:

  * The ar tool's previously unused l modifier is now used for
    specifying dependencies of a static library. The arguments of
    this option (or --record-libdeps long form option) will be
    stored verbatim in the __.LIBDEP member of the archive, which
    the linker may read at link time.
  * Readelf can now display the contents of LTO symbol table
    sections when asked to do so via the --lto-syms command line
    option.
  * Readelf now accepts the -C command line option to enable the
    demangling of symbol names.  In addition the --demangle=

SUSE: 2021:599-1 ses/7/cephcsi/cephcsi Security Update

December 25, 2021
The container ses/7/cephcsi/cephcsi was updated

Summary

Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:49 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-SU-2021:2810-1 Released: Mon Aug 23 12:14:30 2021 Summary: Security update for dbus-1 Type: security Severity: moderate Advisory ID: SUSE-OU-2021:2816-1 Released: Mon Aug 23 14:17:09 2021 Summary: Optional update for python-kubernetes Type: optional Severity: low Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2021:2863-1 Released: Mon Aug 30 08:18:50 2021 Summary: Recommended update for python-dbus-python Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:2895-1 Released: Tue Aug 31 19:40:50 2021 Summary: Recommended update for unixODBC Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3021-1 Released: Mon Sep 13 10:32:31 2021 Summary: Recommended update for ceph Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3034-1 Released: Tue Sep 14 13:49:23 2021 Summary: Recommended update for python-pytz Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3233-1 Released: Mon Sep 27 15:02:21 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3274-1 Released: Fri Oct 1 10:34:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3318-1 Released: Wed Oct 6 19:31:19 2021 Summary: Recommended update for sudo Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3382-1 Released: Tue Oct 12 14:30:17 2021 Summary: Recommended update for ca-certificates-mozilla Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3411-1 Released: Wed Oct 13 10:42:25 2021 Summary: Recommended update for lvm2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3412-1 Released: Wed Oct 13 10:50:33 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important Advisory ID: SUSE-SU-2021:3447-1 Released: Fri Oct 15 09:05:12 2021 Summary: Security update for the Linux Kernel Type: security Severity: important Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:08 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important Advisory ID: SUSE-RU-2021:3515-1 Released: Tue Oct 26 13:48:04 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: important Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3567-1 Released: Wed Oct 27 22:14:01 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3616-1 Released: Thu Nov 4 12:29:15 2021 Summary: Security update for binutils Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3643-1 Released: Tue Nov 9 19:32:18 2021 Summary: Security update for binutils Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3883-1 Released: Thu Dec 2 11:47:07 2021 Summary: Recommended update for timezone Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate Advisory ID: SUSE-SU-2021:3945-1 Released: Mon Dec 6 14:56:55 2021 Summary: Security update for python-Babel Type: security Severity: important Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate Advisory ID: SUSE-RU-2021:3986-1 Released: Fri Dec 10 06:09:11 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4013-1 Released: Mon Dec 13 13:56:44 2021 Summary: Recommended update for apparmor Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4015-1 Released: Mon Dec 13 17:16:00 2021 Summary: Security update for python3 Type: security Severity: moderate Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate Advisory ID: SUSE-RU-2021:4187-1 Released: Thu Dec 23 15:31:00 2021 Summary: Recommended update for ceph, ceph-iscsi, nfs-ganesha Type: recommended Severity: moderate

References

References : 1027496 1029961 1065729 1085917 1113013 1122417 1125886 1134353

1148868 1152489 1154353 1159886 1161276 1162581 1164548 1167773

1170774 1171962 1172505 1172973 1172974 1173746 1174504 1176473

1176940 1177100 1177460 1178236 1179416 1179898 1179899 1179900

1179901 1179902 1179903 1180064 1180125 1180451 1180454 1180461

1181291 1181299 1181306 1181309 1181371 1181452 1181535 1181536

1182252 1183028 1183085 1183374 1183511 1183543 1183545 1183561

1183632 1183659 1183818 1183858 1183909 1184439 1184517 1184519

1184614 1184620 1184794 1184804 1184994 1185016 1185246 1185299

1185302 1185524 1185588 1185677 1185726 1185748 1185762 1185768

1186348 1186489 1186503 1186602 1186910 1187153 1187167 1187196

1187224 1187270 1187273 1187338 1187425 1187466 1187512 1187654

1187668 1187670 1187738 1187760 1187911 1187993 1188018 1188063

1188067 1188156 1188291 1188344 1188435 1188548 1188571 1188623

1188651 1188651 1188713 1188921 1188941 1188979 1188986 1189031

1189173 1189206 1189241 1189287 1189297 1189465 1189465 1189480

1189520 1189521 1189521 1189534 1189552 1189554 1189683 1189803

1189841 1189841 1189884 1189929 1189983 1189984 1189996 1190023

1190052 1190059 1190062 1190115 1190159 1190199 1190234 1190325

1190356 1190358 1190373 1190374 1190406 1190432 1190440 1190465

1190467 1190523 1190534 1190543 1190576 1190595 1190596 1190598

1190598 1190620 1190626 1190645 1190679 1190705 1190712 1190717

1190739 1190746 1190758 1190772 1190784 1190785 1190793 1190815

1190858 1190915 1190933 1190984 1191019 1191172 1191193 1191200

1191240 1191252 1191260 1191286 1191292 1191324 1191370 1191473

1191480 1191500 1191563 1191566 1191609 1191675 1191690 1191690

1191736 1191804 1191922 1191987 1192161 1192248 1192267 1192337

1192367 1192436 1192688 1192717 1192840 1193481 1193521 CVE-2016-10228

CVE-2019-20838 CVE-2020-12049 CVE-2020-14155 CVE-2020-16590 CVE-2020-16591

CVE-2020-16592 CVE-2020-16593 CVE-2020-16598 CVE-2020-16599 CVE-2020-29361

CVE-2020-35448 CVE-2020-35493 CVE-2020-35496 CVE-2020-35507 CVE-2020-3702

CVE-2021-20197 CVE-2021-20266 CVE-2021-20271 CVE-2021-20284 CVE-2021-20294

CVE-2021-22946 CVE-2021-22947 CVE-2021-33574 CVE-2021-33910 CVE-2021-3421

CVE-2021-3426 CVE-2021-3487 CVE-2021-35942 CVE-2021-36222 CVE-2021-3669

CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-3733 CVE-2021-3737

CVE-2021-3744 CVE-2021-3752 CVE-2021-37600 CVE-2021-3764 CVE-2021-37750

CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-40490 CVE-2021-42771

CVE-2021-43618

This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398).

The following packages were included:

- python3-grpcio

- python3-protobuf

- python3-google-api-core

- python3-google-cloud-core

- python3-google-cloud-storage

- python3-google-resumable-media

- python3-googleapis-common-protos

- python3-grpcio-gcp

- python3-mock (updated to version 3.0.5)

libprotobuf was updated to fix:

- ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911)

1189206,CVE-2021-38185

This update for cpio fixes the following issues:

It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206)

1189465

This update for cpio fixes the following issues:

- A regression in last update would cause builds to hang on various architectures(bsc#1189465)

1189465,CVE-2021-38185

This update for cpio fixes the following issues:

- A regression in the previous update could lead to crashes (bsc#1189465)

1188571,CVE-2021-36222

This update for krb5 fixes the following issues:

- CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571)

1172505,CVE-2020-12049

This update for dbus-1 fixes the following issues:

- CVE-2020-12049: truncated messages lead to resource exhaustion. (bsc#1172505)

This patch provides the python3-kubernetes package to the following modules:

- Container Module for SUSE Linux Enterprise 15 SP2

- Container Module for SUSE Linux Enterprise 15 SP3

1189520,1189521,CVE-2021-3711,CVE-2021-3712

This update for openssl-1_1 fixes the following security issues:

- CVE-2021-3711: A bug in the implementation of the SM2 decryption code

could lead to buffer overflows. [bsc#1189520]

- CVE-2021-3712: a bug in the code for printing certificate details could

lead to a buffer overrun that a malicious actor could exploit to crash

the application, causing a denial-of-service attack. [bsc#1189521]

1183818

This update for python-dbus-python fixes the following issues:

- Update to latest version from tumbleweed. (jsc#ECO-3589, bsc#1183818)

- update to 1.2.16:

* All tests are run even if the 'tap.py' module is not available, althoug diagnostics for failing tests will be better if it is present.

- Support builds with more than one python3 flavor

- Clean duplicate python flavor variables for configure

- Version update to version 1.2.14:

* Ensure that the numeric types from dbus.types get the same str() under Python 3.8 that they did under previous versions.

* Disable -Winline.

* Add clearer license information using SPDX-License-Identifier.

* Include inherited methods and properties when documenting objects, which regressed when migrating from epydoc to sphinx.

* Add missing variant_level member to UnixFd type, for parity with the other dbus.types types

* Don't reply to method calls if they have the NO_REPLY_EXPECTED flag

* Silence '-Wcast-function-type' with gcc 8.

* Fix distcheck with python3.7 by deleting '__pycache__' during uninstall.

* Consistently save and restore the exception indicator when called from C code.

- Add missing dependency for pkg-config files

- Version update to version 1.2.8:

* Python 2.7 required or 3.4 respectively

* Upstream dropped epydoc completely

- Add dbus-1-python3 package

- Make BusConnection.list_activatable_names actually call struct entries than the signature allows with libdbus 1.4 imports dbus, is finalized, is re-initialized, and re-imports - When removing signal matches, clean up internal state, avoiding a memory leak in long-lived Python processes that connect to

- When setting the sender of a message, allow it to be org.freedesktop.DBus so you can implement a D-Bus daemon

- New package: dbus-1-python-devel

This update for unixODBC fixes the following issues:

- ECO: Update unixODBC to 2.3.9 in SLE 15. (jsc#SLE-18004)

- Fix incorrect permission for documentation files.

- Update requires and baselibs for new libodbc2.

- Employ shared library packaging guideline: new subpacakge libodbc2.

- Update to 2.3.9:

* Remove '#define UNIXODBC_SOURCE' from unixodbc_conf.h

- Update to 2.3.8:

* Add configure support for editline

* SQLDriversW was ignoring user config

* SQLDataSources Fix termination character

* Fix for pooling seg fault

* Make calling SQLSetStmtAttrW call the W function in the driver is its there

* Try and fix race condition clearing system odbc.ini file

* Remove trailing space from isql/iusql SQL

* When setting connection attributes set before connect also check if the W entry poins can be used

* Try calling the W error functions first if available in the driver

* Add iconvperdriver configure option to allow calling unicode_setup in SQLAllocHandle

* iconv handles was being lost when reusing pooled connection

* Catch null copy in iniPropertyInsert

* Fix a few leaks

- Update to 2.3.7:

* Fix for pkg-config file update on no linux platforms

* Add W entry for GUI work

* Various fixes for SQLBrowseConnect/W, SQLGetConnectAttr/W,and SQLSetConnectAttr/W

* Fix buffer overflows in SQLConnect/W and refine behaviour of SQLGet/WritePrivateProfileString

* SQLBrowseConnect/W allow disconnecting a started browse session after error

* Add --with-stats-ftok-name configure option to allow the selection of a file name

used to generate the IPC id when collecting stats. Default is the system odbc.ini file

* Improve diag record handling with the behavior of Windows DM and export SQLCancelHandle

* bug fix when SQLGetPrivateProfileString() is called to get a list of sections or a list of keys

* Connection pooling: Fix liveness check for Unicode drivers

1184614

This update for openldap2 fixes the following issue:

- openldap2-contrib is shipped to the Legacy Module. (bsc#1184614)

1189521,CVE-2021-3712

This update for openssl-1_1 fixes the following issues:

- CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712.

Read buffer overruns processing ASN.1 strings (bsc#1189521).

1189683

This update for netcfg fixes the following issues:

- add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683]

1181291,1183561,1184517,1185246,1186348,1188979,1189173

This update for ceph fixes the following issues:

- cls/rgw: look for plane entries in non-ascii plain namespace too (bsc#1184517)

- rgw: check object locks in multi-object delete (bsc#1185246)

- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)

- mgr/cephadm: pass --container-init to 'cephadm deploy' if specified (bsc#1188979)

- mgr/dashboard: Downstream branding: Adapt latest upstream changes to branded navigation component (bsc#1189173)

- qa/tasks/salt_manager: allow gatherlogs for files in subdir

- qa/tasks/ceph_salt: gather /var/log/ceph/cephadm.out

- mgr/zabbix: adapt zabbix_sender default path (bsc#1186348)

- Revert 'cephadm: default container_init to False' (bsc#1188979)

- mgr/cephadm: alias rgw-nfs -> nfs (bsc#1181291)

- mgr/cephadm: on ssh connection error, advice chmod 0600 (bsc#1183561)

- Update _constraints: only honor physical memory, not 'any memory' (e.g. swap).

1189534,1189554

This update of patterns-base fixes the following issue:

- The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534)

1185748

This update for python-pytz fixes the following issues:

- Add %pyunittest shim for platforms where it is missing.

- Remove real directory of %{python_sitelib}/pytz/zoneinfo when upgrading, before it is replaced by a symlink. (bsc#1185748)

- update to 2021.1:

* update to IANA 2021a timezone release

- update to 2020.5:

* update to IANA 2020e timezone release

- update to 2020.4:

* update to IANA 2020d timezone release

- update to version 2020.1:

* Test against Python 3.8 and Python 3.9

* Bump version numbers to 2020.1/2020a

* use .rst extension name

* Make FixedOffset part of public API

- Update to 2019.3

* IANA 2019c

- Add versioned dependency on timezone database to ensure the correct data is installed

- Add a symlink to the system timezone database

- update to 2019.2

* IANA 2019b

* Defer generating case-insensitive lookups

1189996

This update for file fixes the following issues:

- Fixes exception thrown by memory allocation problem (bsc#1189996)

1085917,1181299,1181306,1181309,1181535,1181536,1188651,1189552

This update for xfsprogs fixes the following issues:

- Fixes an issue when 'fstests' with 'xfs' fail. (bsc#1181309, bsc#1181299)

- xfsprogs: Split 'libhandle1' into a separate package, since nothing within xfsprogs dynamically links against it. The shared library is still required by xfsdump as a runtime dependency.

- mkfs.xfs: Fix 'ASSERT' on too-small device with stripe geometry. (bsc#1181536)

- mkfs.xfs: If either 'sunit' or 'swidth' is not zero, the other must be as well. (bsc#1085917, bsc#1181535)

- xfs_growfs: Refactor geometry reporting. (bsc#1181306)

- xfs_growfs: Allow mounted device node as argument. (bsc#1181299)

- xfs_repair: Rebuild directory when non-root leafn blocks claim block 0. (bsc#1181309)

- xfs_repair: Check plausibility of root dir pointer before trashing it. (bsc#1188651)

- xfs_bmap: Remove '-c' from manpage. (bsc#1189552)

- xfs_bmap: Do not reject '-e'. (bsc#1189552)

- Implement 'libhandle1' through ECO. (jsc#SLE-20360)

1190858

This update for ca-certificates-mozilla fixes the following issues:

- remove one of the Letsencrypt CAs DST_Root_CA_X3.pem, as it expires

September 30th 2021 and openssl certificate chain handling does not

handle this correctly in openssl 1.0.2 and older.

(bsc#1190858)

1190373,1190374,CVE-2021-22946,CVE-2021-22947

This update for curl fixes the following issues:

- CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374).

- CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373).

1176473,1181371

This update for sudo fixes the following issues:

- Update to sudo 1.8.27 (jsc#SLE-17083).

- Fixed special handling of ipa_hostname (bsc#1181371).

- Restore sudo ldap behavior to ignore expire dates when SUDOERS_TIMED option is not set in /etc/ldap.conf (bsc#1176473).

1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910

This update for systemd fixes the following issues:

- CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063).

- logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018).

- Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353).

- Rules weren't applied to dm devices (multipath) (bsc#1188713).

- Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234).

- Make sure the versions of both udev and systemd packages are always the same (bsc#1189480).

- Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291).

- Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962).

This update for ca-certificates-mozilla fixes the following issues:

- A new sub-package for minimal base containers (jsc#SLE-22162)

1186489,1187911,CVE-2021-33574,CVE-2021-35942

This update for glibc fixes the following issues:

- CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911)

- CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489)

1191019

This update for lvm2 fixes the following issues:

- Do not crash vgextend when extending VG with missing PV. (bsc#1191019)

1189841,1190598

This update for suse-module-tools fixes the following issues:

- Fixed an issue where the queuing of secure boot certificates did not happen (bsc#1189841, bsc#1190598)

1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421

This update for rpm fixes the following issues:

Security issues fixed:

- CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)

- PGP hardening changes (bsc#1185299)

- Fixed potential access of freed mem in ndb's glue code (bsc#1179416)

Maintaince issues fixed:

- Fixed zstd detection (bsc#1187670)

- Added ndb rofs support (bsc#1188548)

- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)

1065729,1148868,1152489,1154353,1159886,1167773,1170774,1173746,1176940,1184439,1184804,1185302,1185677,1185726,1185762,1187167,1188067,1188651,1188986,1189297,1189841,1189884,1190023,1190062,1190115,1190159,1190358,1190406,1190432,1190467,1190523,1190534,1190543,1190576,1190595,1190596,1190598,1190620,1190626,1190679,1190705,1190717,1190746,1190758,1190784,1190785,1191172,1191193,1191240,1191292,CVE-2020-3702,CVE-2021-3669,CVE-2021-3744,CVE-2021-3752,CVE-2021-3764,CVE-2021-40490

The SUSE Linux Enterprise 15 SP2 kernel was updated.

The following security bugs were fixed:

- CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure. (bnc#1191193)

- CVE-2021-3752: Fixed a use after free vulnerability in the Linux kernel's bluetooth module. (bsc#1190023)

- CVE-2021-40490: Fixed a race condition discovered in the ext4 subsystem that could leat to local priviledge escalation. (bnc#1190159)

- CVE-2021-3744: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1189884)

- CVE-2021-3764: Fixed a bug which could allows attackers to cause a denial of service. (bsc#1190534)

- CVE-2021-3669: Fixed a bug that doesn't allow /proc/sysvipc/shm to scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (bsc#1188986)

The following non-security bugs were fixed:

- ALSA: firewire-motu: fix truncated bytes in message tracepoints (git-fixes).

- apparmor: remove duplicate macro list_entry_is_head() (git-fixes).

- ASoC: fsl_micfil: register platform component before registering cpu dai (git-fixes).

- ASoC: mediatek: common: handle NULL case in suspend/resume function (git-fixes).

- ASoC: rockchip: i2s: Fix regmap_ops hang (git-fixes).

- ASoC: rockchip: i2s: Fixup config for DAIFMT_DSP_A/B (git-fixes).

- ASoC: SOF: Fix DSP oops stack dump output contents (git-fixes).

- ath9k: fix OOB read ar9300_eeprom_restore_internal (git-fixes).

- ath9k: fix sleeping in atomic context (git-fixes).

- blk-mq: do not deactivate hctx if managed irq isn't used (bsc#1185762).

- blk-mq: kABI fixes for blk_mq_queue_map (bsc#1185762).

- blk-mq: mark if one queue map uses managed irq (bsc#1185762).

- Bluetooth: skip invalid hci_sync_conn_complete_evt (git-fixes).

- bnx2x: fix an error code in bnx2x_nic_load() (git-fixes).

- bnxt_en: Add missing DMA memory barriers (git-fixes).

- bnxt_en: Disable aRFS if running on 212 firmware (git-fixes).

- bnxt_en: Do not enable legacy TX push on older firmware (git-fixes).

- bnxt_en: Store the running firmware version code (git-fixes).

- bnxt: count Tx drops (git-fixes).

- bnxt: disable napi before canceling DIM (git-fixes).

- bnxt: do not lock the tx queue from napi poll (git-fixes).

- bnxt: make sure xmit_more + errors does not miss doorbells (git-fixes).

- btrfs: prevent rename2 from exchanging a subvol with a directory from different parents (bsc#1190626).

- clk: at91: clk-generated: Limit the requested rate to our range (git-fixes).

- clk: at91: clk-generated: pass the id of changeable parent at registration (git-fixes).

- console: consume APC, DM, DCS (git-fixes).

- cuse: fix broken release (bsc#1190596).

- cxgb4: dont touch blocked freelist bitmap after free (git-fixes).

- debugfs: Return error during {full/open}_proxy_open() on rmmod (bsc#1173746).

- devlink: Break parameter notification sequence to be before/after unload/load driver (bsc#1154353).

- dmaengine: ioat: depends on !UML (git-fixes).

- dmaengine: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).

- dmaengine: xilinx_dma: Set DMA mask for coherent APIs (git-fixes).

- docs: Fix infiniband uverbs minor number (git-fixes).

- drivers: gpu: amd: Initialize amdgpu_dm_backlight_caps object to 0 in amdgpu_dm_update_backlight_caps (git-fixes).

- drm: avoid blocking in drm_clients_info's rcu section (git-fixes).

- drm/amd/amdgpu: Update debugfs link_settings output link_rate field in hex (git-fixes).

- drm/amd/display: Fix timer_per_pixel unit error (git-fixes).

- drm/amdgpu: Fix BUG_ON assert (git-fixes).

- drm/gma500: Fix end of loop tests for list_for_each_entry (git-fixes).

- drm/nouveau/nvkm: Replace -ENOSYS with -ENODEV (git-fixes).

- drm/panfrost: Clamp lock region to Bifrost minimum (git-fixes).

- e1000e: Do not take care about recovery NVM checksum (jsc#SLE-8100).

- e1000e: Fix the max snoop/no-snoop latency for 10M (git-fixes).

- EDAC/i10nm: Fix NVDIMM detection (bsc#1152489).

- EDAC/synopsys: Fix wrong value type assignment for edac_mode (bsc#1152489).

- erofs: fix up erofs_lookup tracepoint (git-fixes).

- fbmem: do not allow too huge resolutions (git-fixes).

- fpga: machxo2-spi: Fix missing error code in machxo2_write_complete() (git-fixes).

- fpga: machxo2-spi: Return an error on failure (git-fixes).

- fuse: flush extending writes (bsc#1190595).

- fuse: truncate pagecache on atomic_o_trunc (bsc#1190705).

- genirq: add device_has_managed_msi_irq (bsc#1185762).

- gpio: uniphier: Fix void functions to remove return value (git-fixes).

- gpu: drm: amd: amdgpu: amdgpu_i2c: fix possible uninitialized-variable access in amdgpu_i2c_router_select_ddc_port() (git-fixes).

- gve: fix the wrong AdminQ buffer overflow check (bsc#1176940).

- hv_netvsc: Make netvsc/VF binding check both MAC and serial number (jsc#SLE-18779, bsc#1185726).

- hv: mana: remove netdev_lockdep_set_classes usage (jsc#SLE-18779, bsc#1185726).

- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (git-fixes).

- hwmon: (tmp421) fix rounding for negative values (git-fixes).

- hwmon: (tmp421) report /PVLD condition as fault (git-fixes).

- i40e: Add additional info to PHY type error (git-fixes).

- i40e: Fix firmware LLDP agent related warning (git-fixes).

- i40e: Fix log TC creation failure when max num of queues is exceeded (git-fixes).

- i40e: Fix logic of disabling queues (git-fixes).

- i40e: Fix queue-to-TC mapping on Tx (git-fixes).

- iavf: Fix ping is lost after untrusted VF had tried to change MAC (jsc#SLE-7940).

- iavf: Set RSS LUT and key in reset handle path (git-fixes).

- ibmvnic: check failover_pending in login response (bsc#1190523 ltc#194510).

- ibmvnic: Consolidate code in replenish_rx_pool() (bsc#1190758 ltc#191943).

- ibmvnic: Fix up some comments and messages (bsc#1190758 ltc#191943).

- ibmvnic: init_tx_pools move loop-invariant code (bsc#1190758 ltc#191943).

- ibmvnic: Reuse LTB when possible (bsc#1190758 ltc#191943).

- ibmvnic: Reuse rx pools when possible (bsc#1190758 ltc#191943).

- ibmvnic: Reuse tx pools when possible (bsc#1190758 ltc#191943).

- ibmvnic: Use bitmap for LTB map_ids (bsc#1190758 ltc#191943).

- ibmvnic: Use/rename local vars in init_rx_pools (bsc#1190758 ltc#191943).

- ibmvnic: Use/rename local vars in init_tx_pools (bsc#1190758 ltc#191943).

- ice: Prevent probing virtual functions (git-fixes).

- iio: dac: ad5624r: Fix incorrect handling of an optional regulator (git-fixes).

- include/linux/list.h: add a macro to test if entry is pointing to the head (git-fixes).

- iomap: Fix negative assignment to unsigned sis->pages in iomap_swapfile_activate (bsc#1190784).

- ionic: cleanly release devlink instance (bsc#1167773).

- ionic: count csum_none when offload enabled (bsc#1167773).

- ipc: remove memcg accounting for sops objects in do_semtimedop() (bsc#1190115).

- ipc/util.c: use binary search for max_idx (bsc#1159886).

- ipvs: allow connection reuse for unconfirmed conntrack (bsc#1190467).

- ipvs: avoid expiring many connections from timer (bsc#1190467).

- ipvs: Fix up kabi for expire_nodest_conn_work addition (bsc#1190467).

- ipvs: queue delayed work to expire no destination connections if expire_nodest_conn=1 (bsc#1190467).

- iwlwifi: mvm: fix a memory leak in iwl_mvm_mac_ctxt_beacon_changed (git-fixes).

- kernel-binary.spec: Check for no kernel signing certificates. Also remove unused variable.

- kernel-binary.spec: Do not fail silently when KMP is empty (bsc#1190358). Copy the code from kernel-module-subpackage that deals with empty KMPs.

- kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716).

- kernel-binary.spec.in Stop templating the scriptlets for subpackages (bsc#1190358). The script part for base package case is completely separate from the part for subpackages. Remove the part for subpackages from the base package script and use the KMP scripts for subpackages instead.

- libata: fix ata_host_start() (git-fixes).

- mac80211-hwsim: fix late beacon hrtimer handling (git-fixes).

- mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug (git-fixes).

- mac80211: fix use-after-free in CCMP/GCMP RX (git-fixes).

- mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap (git-fixes).

- mac80211: mesh: fix potentially unaligned access (git-fixes).

- media: cedrus: Fix SUNXI tile size calculation (git-fixes).

- media: coda: fix frame_mem_ctrl for YUV420 and YVU420 formats (git-fixes).

- media: dib8000: rewrite the init prbs logic (git-fixes).

- media: imx258: Limit the max analogue gain to 480 (git-fixes).

- media: imx258: Rectify mismatch of VTS value (git-fixes).

- media: rc-loopback: return number of emitters rather than error (git-fixes).

- media: TDA1997x: fix tda1997x_query_dv_timings() return value (git-fixes).

- media: uvc: do not do DMA on stack (git-fixes).

- media: v4l2-dv-timings.c: fix wrong condition in two for-loops (git-fixes).

- mfd: Do not use irq_create_mapping() to resolve a mapping (git-fixes).

- mlx4: Fix missing error code in mlx4_load_one() (git-fixes).

- mm: always have io_remap_pfn_range() set pgprot_decrypted() (git-fixes).

- mm/swap: consider max pages in iomap_swapfile_add_extent (bsc#1190785).

- mmc: core: Return correct emmc response in case of ioctl error (git-fixes).

- mmc: rtsx_pci: Fix long reads when clock is prescaled (git-fixes).

- mmc: sdhci-of-arasan: Check return value of non-void funtions (git-fixes).

- net: mana: Add a driver for Microsoft Azure Network Adapter (MANA) (jsc#SLE-18779, bsc#1185726).

- net: mana: Add support for EQ sharing (jsc#SLE-18779, bsc#1185726).

- net: mana: Add WARN_ON_ONCE in case of CQE read overflow (jsc#SLE-18779, bsc#1185726).

- net: mana: Fix a memory leak in an error handling path in (jsc#SLE-18779, bsc#1185726).

- net: mana: fix PCI_HYPERV dependency (jsc#SLE-18779, bsc#1185726).

- net: mana: Move NAPI from EQ to CQ (jsc#SLE-18779, bsc#1185726).

- net: mana: Prefer struct_size over open coded arithmetic (jsc#SLE-18779, bsc#1185726).

- net: mana: remove redundant initialization of variable err (jsc#SLE-18779, bsc#1185726).

- net: mana: Use int to check the return value of mana_gd_poll_cq() (jsc#SLE-18779, bsc#1185726).

- net: mana: Use struct_size() in kzalloc() (jsc#SLE-18779, bsc#1185726).

- net: qlcnic: add missed unlock in qlcnic_83xx_flash_read32 (git-fixes).

- net: sched: sch_teql: fix null-pointer dereference (bsc#1190717).

- net/mlx5: E-Switch, handle devcom events only for ports on the same device (git-fixes).

- net/mlx5: Fix flow table chaining (git-fixes).

- net/mlx5: Fix return value from tracer initialization (git-fixes).

- net/mlx5: Unload device upon firmware fatal error (git-fixes).

- net/mlx5e: Avoid creating tunnel headers for local route (git-fixes).

- net/mlx5e: Fix nullptr in mlx5e_hairpin_get_mdev() (git-fixes).

- net/mlx5e: Prohibit inner indir TIRs in IPoIB (git-fixes).

- netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state (bsc#1190062).

- nfp: update ethtool reporting of pauseframe control (git-fixes).

- NFS: change nfs_access_get_cached to only report the mask (bsc#1190746).

- NFS: do not store 'struct cred *' in struct nfs_access_entry (bsc#1190746).

- NFS: pass cred explicitly for access tests (bsc#1190746).

- nvme: avoid race in shutdown namespace removal (bsc#1188067).

- nvme: fix refcounting imbalance when all paths are down (bsc#1188067).

- parport: remove non-zero check on count (git-fixes).

- PCI: aardvark: Fix checking for PIO status (git-fixes).

- PCI: aardvark: Fix masking and unmasking legacy INTx interrupts (git-fixes).

- PCI: aardvark: Increase polling delay to 1.5s while waiting for PIO response (git-fixes).

- PCI: Add ACS quirks for Cavium multi-function devices (git-fixes).

- PCI: Add ACS quirks for NXP LX2xx0 and LX2xx2 platforms (git-fixes).

- PCI: Add AMD GPU multi-function power dependencies (git-fixes).

- PCI: ibmphp: Fix double unmap of io_mem (git-fixes).

- PCI: pci-bridge-emul: Add PCIe Root Capabilities Register (git-fixes).

- PCI: pci-bridge-emul: Fix array overruns, improve safety (git-fixes).

- PCI: pci-bridge-emul: Fix big-endian support (git-fixes).

- PCI: Restrict ASMedia ASM1062 SATA Max Payload Size Supported (git-fixes).

- PCI: Use pci_update_current_state() in pci_enable_device_flags() (git-fixes).

- PM: base: power: do not try to use non-existing RTC for storing data (git-fixes).

- PM: EM: Increase energy calculation precision (git-fixes).

- power: supply: axp288_fuel_gauge: Report register-address on readb / writeb errors (git-fixes).

- power: supply: max17042_battery: fix typo in MAx17042_TOFF (git-fixes).

- powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15289).

- powerpc: fix function annotations to avoid section mismatch warnings with gcc-10 (bsc#1148868).

- powerpc/drmem: Make LMB walk a bit more flexible (bsc#1190543 ltc#194523).

- powerpc/perf: Drop the case of returning 0 as instruction pointer (bsc#1065729).

- powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set (bsc#1065729).

- powerpc/perf: Fix the check for SIAR value (bsc#1065729).

- powerpc/perf: Use regs->nip when SIAR is zero (bsc#1065729).

- powerpc/perf: Use stack siar instead of mfspr (bsc#1065729).

- powerpc/perf: Use the address from SIAR register to set cpumode flags (bsc#1065729).

- powerpc/perf/hv-gpci: Fix counter value parsing (bsc#1065729).

- powerpc/powernv: Fix machine check reporting of async store errors (bsc#1065729).

- powerpc/pseries: Prevent free CPU ids being reused on another node (bsc#1190620 ltc#194498).

- powerpc/pseries/dlpar: use rtas_get_sensor() (bsc#1065729).

- pseries/drmem: update LMBs after LPM (bsc#1190543 ltc#194523).

- pwm: img: Do not modify HW state in .remove() callback (git-fixes).

- pwm: rockchip: Do not modify HW state in .remove() callback (git-fixes).

- pwm: stm32-lp: Do not modify HW state in .remove() callback (git-fixes).

- qlcnic: Remove redundant unlock in qlcnic_pinit_from_rom (git-fixes).

- RDMA/bnxt_re: Remove unpaired rtnl unlock in bnxt_re_dev_init() (bsc#1170774).

- Re-enable UAS for LaCie Rugged USB3-FW with fk quirk (git-fixes).

- regmap: fix page selection for noinc reads (git-fixes).

- regmap: fix page selection for noinc writes (git-fixes).

- regmap: fix the offset of register error log (git-fixes).

- Restore kabi after NFS: pass cred explicitly for access tests (bsc#1190746).

- rpm: Abolish scritplet templating (bsc#1189841). Outsource kernel-binary and KMP scriptlets to suse-module-tools. This allows fixing bugs in the scriptlets as well as defining initrd regeneration policy independent of the kernel packages.

- rpm/kernel-binary.spec: Use only non-empty certificates.

- rpm/kernel-binary.spec.in: avoid conflicting suse-release suse-release had arbitrary values in staging, we can't use it for dependencies. The filesystem one has to be enough (boo#1184804).

- rtc: rx8010: select REGMAP_I2C (git-fixes).

- rtc: tps65910: Correct driver module alias (git-fixes).

- s390/unwind: use current_frame_address() to unwind current task (bsc#1185677).

- sched/fair: Add ancestors of unthrottled undecayed cfs_rq (bsc#1191292).

- scsi: core: Add helper to return number of logical blocks in a request (bsc#1190576).

- scsi: core: Introduce the scsi_cmd_to_rq() function (bsc#1190576).

- scsi: fc: Add EDC ELS definition (bsc#1190576).

- scsi: fc: Update formal FPIN descriptor definitions (bsc#1190576).

- scsi: lpfc: Add bsg support for retrieving adapter cmf data (bsc#1190576).

- scsi: lpfc: Add cm statistics buffer support (bsc#1190576).

- scsi: lpfc: Add cmf_info sysfs entry (bsc#1190576).

- scsi: lpfc: Add cmfsync WQE support (bsc#1190576).

- scsi: lpfc: Add debugfs support for cm framework buffers (bsc#1190576).

- scsi: lpfc: Add EDC ELS support (bsc#1190576).

- scsi: lpfc: Add MIB feature enablement support (bsc#1190576).

- scsi: lpfc: Add rx monitoring statistics (bsc#1190576).

- scsi: lpfc: Add SET_HOST_DATA mbox cmd to pass date/time info to firmware (bsc#1190576).

- scsi: lpfc: Add support for cm enablement buffer (bsc#1190576).

- scsi: lpfc: Add support for maintaining the cm statistics buffer (bsc#1190576).

- scsi: lpfc: Add support for the CM framework (bsc#1190576).

- scsi: lpfc: Adjust bytes received vales during cmf timer interval (bsc#1190576).

- scsi: lpfc: Copyright updates for 14.0.0.1 patches (bsc#1190576).

- scsi: lpfc: Do not release final kref on Fport node while ABTS outstanding (bsc#1190576).

- scsi: lpfc: Do not remove ndlp on PRLI errors in P2P mode (bsc#1190576).

- scsi: lpfc: Expand FPIN and RDF receive logging (bsc#1190576).

- scsi: lpfc: Fix compilation errors on kernels with no CONFIG_DEBUG_FS (bsc#1190576).

- scsi: lpfc: Fix CPU to/from endian warnings introduced by ELS processing (bsc#1190576).

- scsi: lpfc: Fix EEH support for NVMe I/O (bsc#1190576).

- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (bsc#1190576).

- scsi: lpfc: Fix gcc -Wstringop-overread warning, again (bsc#1190576).

- scsi: lpfc: Fix hang on unload due to stuck fport node (bsc#1190576).

- scsi: lpfc: Fix I/O block after enabling managed congestion mode (bsc#1190576).

- scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() (bsc#1190576).

- scsi: lpfc: Fix NVMe I/O failover to non-optimized path (bsc#1190576).

- scsi: lpfc: Fix premature rpi release for unsolicited TPLS and LS_RJT (bsc#1190576).

- scsi: lpfc: Fix rediscovery of tape device after LIP (bsc#1190576).

- scsi: lpfc: Fix sprintf() overflow in lpfc_display_fpin_wwpn() (bsc#1190576).

- scsi: lpfc: Improve PBDE checks during SGL processing (bsc#1190576).

- scsi: lpfc: Remove unneeded variable (bsc#1190576).

- scsi: lpfc: Update lpfc version to 14.0.0.1 (bsc#1190576).

- scsi: lpfc: Update lpfc version to 14.0.0.2 (bsc#1190576).

- scsi: lpfc: Use correct scnprintf() limit (bsc#1190576).

- scsi: lpfc: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190576).

- scsi: lpfc: Use the proper SCSI midlayer interfaces for PI (bsc#1190576).

- scsi: lpfc: Zero CGN stats only during initial driver load and stat reset (bsc#1190576).

- scsi: scsi_devinfo: Add blacklist entry for HPE OPEN-V (bsc#1189297).

- serial: 8250_pci: make setup_port() parameters explicitly unsigned (git-fixes).

- serial: 8250: Define RX trigger levels for OxSemi 950 devices (git-fixes).

- serial: mvebu-uart: fix driver's tx_empty callback (git-fixes).

- serial: sh-sci: fix break handling for sysrq (git-fixes).

- spi: Fix tegra20 build with CONFIG_PM=n (git-fixes).

- staging: board: Fix uninitialized spinlock when attaching genpd (git-fixes).

- staging: ks7010: Fix the initialization of the 'sleep_status' structure (git-fixes).

- staging: rts5208: Fix get_ms_information() heap buffer size (git-fixes).

- thermal/core: Potential buffer overflow in thermal_build_list_of_policies() (git-fixes).

- time: Handle negative seconds correctly in timespec64_to_ns() (git-fixes).

- tty: Fix data race between tiocsti() and flush_to_ldisc() (git-fixes).

- tty: serial: jsm: hold port lock when reporting modem line changes (git-fixes).

- tty: synclink_gt, drop unneeded forward declarations (git-fixes).

- usb-storage: Add quirk for ScanLogic SL11R-IDE older than 2.6c (git-fixes).

- usb: core: hcd: Add support for deferring roothub registration (git-fixes).

- usb: dwc2: Add missing cleanups when usb_add_gadget_udc() fails (git-fixes).

- usb: dwc2: Avoid leaving the error_debugfs label unused (git-fixes).

- usb: dwc2: gadget: Fix ISOC flow for BDMA and Slave (git-fixes).

- usb: dwc2: gadget: Fix ISOC transfer complete handling for DDMA (git-fixes).

- usb: EHCI: ehci-mv: improve error handling in mv_ehci_enable() (git-fixes).

- usb: gadget: r8a66597: fix a loop in set_feature() (git-fixes).

- usb: gadget: u_ether: fix a potential null pointer dereference (git-fixes).

- usb: host: fotg210: fix the actual_length of an iso packet (git-fixes).

- usb: host: fotg210: fix the endpoint's transactional opportunities calculation (git-fixes).

- usb: musb: musb_dsps: request_irq() after initializing musb (git-fixes).

- usb: musb: tusb6010: uninitialized data in tusb_fifo_write_unaligned() (git-fixes).

- usb: serial: cp210x: add ID for GW Instek GDM-834x Digital Multimeter (git-fixes).

- usb: serial: option: add device id for Foxconn T99W265 (git-fixes).

- usb: serial: option: add Telit LN920 compositions (git-fixes).

- usb: serial: option: remove duplicate USB device ID (git-fixes).

- usbip: give back URBs for unsent unlink requests during cleanup (git-fixes).

- usbip:vhci_hcd USB port can get stuck in the disabled state (git-fixes).

- video: fbdev: asiliantfb: Error out if 'pixclock' equals zero (git-fixes).

- video: fbdev: kyro: Error out if 'pixclock' equals zero (git-fixes).

- video: fbdev: kyro: fix a DoS bug by restricting user input (git-fixes).

- video: fbdev: riva: Error out if 'pixclock' equals zero (git-fixes).

- vmxnet3: add support for 32 Tx/Rx queues (bsc#1190406).

- vmxnet3: add support for ESP IPv6 RSS (bsc#1190406).

- vmxnet3: increase maximum configurable mtu to 9190 (bsc#1190406).

- vmxnet3: prepare for version 6 changes (bsc#1190406).

- vmxnet3: remove power of 2 limitation on the queues (bsc#1190406).

- vmxnet3: set correct hash type based on rss information (bsc#1190406).

- vmxnet3: update to version 6 (bsc#1190406).

- watchdog/sb_watchdog: fix compilation problem due to COMPILE_TEST (git-fixes).

- x86/alternatives: Teach text_poke_bp() to emulate instructions (bsc#1185302).

- x86/apic/msi: Plug non-maskable MSI affinity race (bsc#1184439).

- x86/cpu: Fix core name for Sapphire Rapids (jsc#SLE-15289).

- x86/mm: Fix kern_addr_valid() to cope with existing but not present entries (bsc#1152489).

- x86/resctrl: Fix a maybe-uninitialized build warning treated as error (bsc#1152489).

- x86/resctrl: Fix default monitoring groups reporting (bsc#1152489).

- xfs: allow mount/remount when stripe width alignment is zero (bsc#1188651).

- xfs: sync lazy sb accounting on quiesce of read-only mounts (bsc#1190679).

- xgene-v2: Fix a resource leak in the error handling path of 'xge_probe()' (git-fixes).

- xhci: Set HCD flag to defer primary roothub registration (git-fixes).

1189929,CVE-2021-37750

This update for krb5 fixes the following issues:

- CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929).

1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933

This update for yast2-network fixes the following issues:

- Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915).

- Fix the shown description using the interface friendly name when it is empty (bsc#1190933).

- Consider aliases sections as case insensitive (bsc#1190739).

- Display user defined device name in the devices overview (bnc#1190645).

- Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344).

- Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910).

- Fix desktop file so the control center tooltip is translated (bsc#1187270).

- Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016).

- Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512).

1190793,CVE-2021-39537

This update for ncurses fixes the following issues:

- CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793)

1190052

This update for pam fixes the following issues:

- Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638)

- Added new file macros.pam on request of systemd. (bsc#1190052)

1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815

This update for libzypp, zypper, libsolv and protobuf fixes the following issues:

- Choice rules: treat orphaned packages as newest (bsc#1190465)

- Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602)

- Do not check of signatures and keys two times(redundant) (bsc#1190059)

- Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760)

- Show key fpr from signature when signature check fails (bsc#1187224)

- Fix solver jobs for PTFs (bsc#1186503)

- Fix purge-kernels fails (bsc#1187738)

- Fix obs:// platform guessing for Leap (bsc#1187425)

- Make sure to keep states alives while transitioning. (bsc#1190199)

- Manpage: Improve description about patch updates(bsc#1187466)

- Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested.

- Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815)

- Fix crashes in logging code when shutting down (bsc#1189031)

- Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712)

- Add need reboot/restart hint to XML install summary (bsc#1188435)

- Prompt: choose exact match if prompt options are not prefix free (bsc#1188156)

- Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862)

1191987

This update for pam fixes the following issues:

- Fixed a bad directive file which resulted in

the 'securetty' file to be installed as 'macros.pam'.

(bsc#1191987)

1191200,1191260,1191480,1191804,1191922

This update for suse-module-tools fixes the following issues:

Update to version 15.2.15:

- Fix bad exit status in openQA. (bsc#1191922)

- Deal with existing certificates that should be de-enrolled. (bsc#1191804)

- Ignore kernel keyring for kernel certificates. (bsc#1191480)

- Print 'mokutil' output in verbose mode.

- Skip certificate scriptlet on non-UEFI systems. (bsc#1191260)

- Don't pass existing files to weak-modules2. (bsc#1191200)

1122417,1125886,1178236,1188921,CVE-2021-37600

This update for util-linux fixes the following issues:

Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2:

- CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921).

- agetty: Fix 8-bit processing in get_logname() (bsc#1125886).

- mount: Fix 'mount' output for net file systems (bsc#1122417).

- ipcs: Avoid overflows (bsc#1178236)

1172973,1172974,CVE-2019-20838,CVE-2020-14155

This update for pcre fixes the following issues:

Update pcre to version 8.45:

- CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974).

- CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973)

1191690

This update for apparmor fixes the following issues:

- Fixed an issue when apparmor provides python2 and python3 libraries with the same name. (bsc#1191690)

1179898,1179899,1179900,1179901,1179902,1179903,1180451,1180454,1180461,1181452,1182252,1183511,1184620,1184794,CVE-2020-16590,CVE-2020-16591,CVE-2020-16592,CVE-2020-16593,CVE-2020-16598,CVE-2020-16599,CVE-2020-35448,CVE-2020-35493,CVE-2020-35496,CVE-2020-35507,CVE-2021-20197,CVE-2021-20284,CVE-2021-3487

This update for binutils fixes the following issues:

Update to binutils 2.37:

* The GNU Binutils sources now requires a C99 compiler and library to

build.

* Support for Realm Management Extension (RME) for AArch64 has been

added.

* A new linker option '-z report-relative-reloc' for x86 ELF targets

has been added to report dynamic relative relocations.

* A new linker option '-z start-stop-gc' has been added to disable

special treatment of __start_*/__stop_* references when

--gc-sections.

* A new linker options '-Bno-symbolic' has been added which will

cancel the '-Bsymbolic' and '-Bsymbolic-functions' options.

* The readelf tool has a new command line option which can be used to

specify how the numeric values of symbols are reported.

--sym-base=0|8|10|16 tells readelf to display the values in base 8,

base 10 or base 16. A sym base of 0 represents the default action

of displaying values under 10000 in base 10 and values above that in

base 16.

* A new format has been added to the nm program. Specifying

'--format=just-symbols' (or just using -j) will tell the program to

only display symbol names and nothing else.

* A new command line option '--keep-section-symbols' has been added to

objcopy and strip. This stops the removal of unused section symbols

when the file is copied. Removing these symbols saves space, but

sometimes they are needed by other tools.

* The '--weaken', '--weaken-symbol' and '--weaken-symbols' options

supported by objcopy now make undefined symbols weak on targets that

support weak symbols.

* Readelf and objdump can now display and use the contents of .debug_sup

sections.

* Readelf and objdump will now follow links to separate debug info

files by default. This behaviour can be stopped via the use of the

new '-wN' or '--debug-dump=no-follow-links' options for readelf and

the '-WN' or '--dwarf=no-follow-links' options for objdump. Also

the old behaviour can be restored by the use of the

'--enable-follow-debug-links=no' configure time option.

The semantics of the =follow-links option have also been slightly

changed. When enabled, the option allows for the loading of symbol

tables and string tables from the separate files which can be used

to enhance the information displayed when dumping other sections,

but it does not automatically imply that information from the

separate files should be displayed.

If other debug section display options are also enabled (eg

'--debug-dump=info') then the contents of matching sections in both

the main file and the separate debuginfo file *will* be displayed.

This is because in most cases the debug section will only be present

in one of the files.

If however non-debug section display options are enabled (eg

'--sections') then the contents of matching parts of the separate

debuginfo file will *not* be displayed. This is because in most

cases the user probably only wanted to load the symbol information

from the separate debuginfo file. In order to change this behaviour

a new command line option --process-links can be used. This will

allow di0pslay options to applied to both the main file and any

separate debuginfo files.

* Nm has a new command line option: '--quiet'. This suppresses 'no

symbols' diagnostic.

Update to binutils 2.36:

New features in the Assembler:

- General:

* When setting the link order attribute of ELF sections, it is now

possible to use a numeric section index instead of symbol name.

* Added a .nop directive to generate a single no-op instruction in

a target neutral manner. This instruction does have an effect on

DWARF line number generation, if that is active.

* Removed --reduce-memory-overheads and --hash-size as gas now

uses hash tables that can be expand and shrink automatically.

- X86/x86_64:

* Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key

Locker instructions.

* Support non-absolute segment values for lcall and ljmp.

* Add {disp16} pseudo prefix to x86 assembler.

* Configure with --enable-x86-used-note by default for Linux/x86.

- ARM/AArch64:

* Add support for Cortex-A78, Cortex-A78AE and Cortex-X1,

Cortex-R82, Neoverse V1, and Neoverse N2 cores.

* Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded

Trace Extension), TRBE (Trace Buffer Extension), CSRE (Call

Stack Recorder Extension) and BRBE (Branch Record Buffer

Extension) system registers.

* Add support for Armv8-R and Armv8.7-A ISA extensions.

* Add support for DSB memory nXS barrier, WFET and WFIT

instruction for Armv8.7.

* Add support for +csre feature for -march. Add CSR PDEC

instruction for CSRE feature in AArch64.

* Add support for +flagm feature for -march in Armv8.4 AArch64.

* Add support for +ls64 feature for -march in Armv8.7

AArch64. Add atomic 64-byte load/store instructions for this

feature.

* Add support for +pauth (Pointer Authentication) feature for

-march in AArch64.

New features in the Linker:

* Add --error-handling-script= command line option to allow

a helper script to be invoked when an undefined symbol or a

missing library is encountered. This option can be suppressed

via the configure time switch: --enable-error-handling-script=no.

* Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark

x86-64-{baseline|v[234]} ISA level as needed.

* Add -z unique-symbol to avoid duplicated local symbol names.

* The creation of PE format DLLs now defaults to using a more

secure set of DLL characteristics.

* The linker now deduplicates the types in .ctf sections. The new

command-line option --ctf-share-types describes how to do this:

its default value, share-unconflicted, produces the most compact

output.

* The linker now omits the 'variable section' from .ctf sections

by default, saving space. This is almost certainly what you

want unless you are working on a project that has its own

analogue of symbol tables that are not reflected in the ELF

symtabs.

New features in other binary tools:

* The ar tool's previously unused l modifier is now used for

specifying dependencies of a static library. The arguments of

this option (or --record-libdeps long form option) will be

stored verbatim in the __.LIBDEP member of the archive, which

the linker may read at link time.

* Readelf can now display the contents of LTO symbol table

sections when asked to do so via the --lto-syms command line

option.

* Readelf now accepts the -C command line option to enable the

demangling of symbol names. In addition the --demangle=

Severity
Container Advisory ID : SUSE-CU-2021:599-1
Container Tags : ses/7/cephcsi/cephcsi:3.3.1 , ses/7/cephcsi/cephcsi:3.3.1.0.3.670 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.3.1 , ses/7/cephcsi/cephcsi:v3.3.1.0
Container Release : 3.670
Severity : critical
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.