Explore top 10 tips to secure your open-source projects now. Read More
×An update that solves 11 vulnerabilities and has two fixes is now available. . SUSE Security Update: Security update for java-1_7_1-ibm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0166-1 Rating: moderate References: #1185055 #1188564 #1188565 #1188568 #1191905 #1191909 #1191910 #1191911 #1191913 #1191914 #1192052 #1194198 #1194232 Cross-References: CVE-2021-2163 CVE-2021-2341 CVE-2021-2369 CVE-2021-2432 CVE-2021-35556 CVE-2021-35559 CVE-2021-35564 CVE-2021-35565 CVE-2021-35586 CVE-2021-35588 CVE-2021-41035 CVSS scores: CVE-2021-2163 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2163 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-2341 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2341 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-2369 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2369 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-2432 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-2432 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35556 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35559 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35564 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35564 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-35565 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35565 (SUSE):5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35586 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-35588 (NVD) : 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-35588 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-41035 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-BCL HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This update for java-1_7_1-ibm fixes the following issues: - Update to Java 7.1 Service Refresh 5 Fix Pack 0 - CVE-2021-41035: before version 0.29.0, the openj9 JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. (bsc#1194198, bsc#1192052) - CVE-2021-35586: Excessive memory allocation in BMPImageReader. (bsc#1191914) - CVE-2021-35564: Certificates with end dates too far in the future can corrupt keystore. (bsc#1191913) - CVE-2021-35559: Excessive memory allocation in RTFReader. (bsc#1191911) - CVE-2021-35556:Excessive memory allocation in RTFParser. (bsc#1191910) - CVE-2021-35565: Loop in HttpsServer triggered during TLS session close. (bsc#1191909) - CVE-2021-35588: Incomplete validation of inner class references in ClassFileParser. (bsc#1191905) - CVE-2021-2341: Fixed a flaw inside the FtpClient. (bsc#1188564) - CVE-2021-2369: JAR file handling problem containing multiple MANIFEST.MF files. (bsc#1188565) - CVE-2021-2432: Fixed a vulnerability in the omponent JNDI. (bsc#1188568) - CVE-2021-2163: Incomplete enforcement of JAR signing disabled algorithms. (bsc#1185055) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-166=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-166=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-166=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-166=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-166=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-166=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-166=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-166=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-166=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-166=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-166=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-166=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-166=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE OpenStack Cloud 9 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE OpenStack Cloud 8 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le s390x x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 - HPE Helion Openstack 8 (x86_64): java-1_7_1-ibm-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-alsa-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-devel-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-jdbc-1.7.1_sr5.0-38.65.1 java-1_7_1-ibm-plugin-1.7.1_sr5.0-38.65.1 References: https://www.suse.com/security/cve/CVE-2021-2163.html https://www.suse.com/security/cve/CVE-2021-2341.html https://www.suse.com/security/cve/CVE-2021-2369.html https://www.suse.com/security/cve/CVE-2021-2432.html https://www.suse.com/security/cve/CVE-2021-35556.html https://www.suse.com/security/cve/CVE-2021-35559.html https://www.suse.com/security/cve/CVE-2021-35564.html https://www.suse.com/security/cve/CVE-2021-35565.html https://www.suse.com/security/cve/CVE-2021-35586.html https://www.suse.com/security/cve/CVE-2021-35588.html https://www.suse.com/security/cve/CVE-2021-41035.html https://bugzilla.suse.com/1185055 https://bugzilla.suse.com/1188564 https://bugzilla.suse.com/1188565 https://bugzilla.suse.com/1188568 https://bugzilla.suse.com/1191905 https://bugzilla.suse.com/1191909 https://bugzilla.suse.com/1191910 https://bugzilla.suse.com/1191911 https://bugzilla.suse.com/1191913 https://bugzilla.suse.com/1191914 https://bugzilla.suse.com/1192052 https://bugzilla.suse.com/1194198 https://bugzilla.suse.com/1194232 . Update available with patches for 11 vulnerabilities in java-1_7_1-ibm on SUSE with moderate severity.. SUSE Linux Security, Java Memory Issues, OpenStack Cloud Patches. . LinuxSecurity.com Team
An update that solves 35 vulnerabilities and has 23 fixes is now available. . SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1596-1 Rating: important References: #1040855 #1044767 #1047233 #1065729 #1094840 #1152457 #1171078 #1173485 #1175873 #1176700 #1176720 #1176855 #1177411 #1177753 #1178181 #1179454 #1181032 #1181960 #1182194 #1182672 #1182715 #1182716 #1182717 #1183022 #1183063 #1183069 #1183509 #1183593 #1183646 #1183686 #1183696 #1183738 #1183775 #1184120 #1184167 #1184168 #1184170 #1184192 #1184193 #1184194 #1184196 #1184198 #1184208 #1184211 #1184388 #1184391 #1184393 #1184397 #1184509 #1184511 #1184512 #1184514 #1184583 #1184650 #1184942 #1185113 #1185244 #1185248 Cross-References: CVE-2020-0433 CVE-2020-25670 CVE-2020-25671 CVE-2020-25672 CVE-2020-25673 CVE-2020-27170 CVE-2020-27171 CVE-2020-27673 CVE-2020-27815 CVE-2020-35519 CVE-2020-36310 CVE-2020-36311 CVE-2020-36312 CVE-2020-36322 CVE-2021-20219 CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-28972 CVE-2021-29154 CVE-2021-29155 CVE-2021-29264 CVE-2021-29265 CVE-2021-29647 CVE-2021-29650 CVE-2021-30002 CVE-2021-3428 CVE-2021-3444 CVE-2021-3483 CVSS scores: CVE-2020-0433 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-0433 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-25670 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25671 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25672 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-25673 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2020-27170 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27170 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2020-27171 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27171 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2020-27673 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-27673 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-27815 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-35519 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-36310 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36310 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36311 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-36312 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-36322 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2021-20219 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-27363 (NVD) : 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2021-27363 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27364 (SUSE): 7.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2021-27365 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-27365 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28038 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28038 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28660 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28660 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-28688 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28688 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-28950 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28964 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28971 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-28972 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-28972 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-29155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29155 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-29264 (SUSE): 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29265 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29647 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-29650 (NVD) : 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-29650 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-30002 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3428 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-3444 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3444 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise High Availability 12-SP4 ______________________________________________________________________________ An update that solves 35 vulnerabilities and has 23 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509). - CVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208). - CVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942). - CVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512). - CVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583). - CVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391). - CVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181). - CVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181). - CVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181). - CVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511). - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a "stall on CPU" could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211). - CVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211). - CVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120). - CVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393). - CVE-2021-20219: Fixed a denialof service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397). - CVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193). - CVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170). - CVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196). - CVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646). - CVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167). - CVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause asystem crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168). - CVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\0' termination (bnc#1184198). - CVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192). - CVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775). - CVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775). - CVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593). - CVE-2020-35519: Update patch reference for x25 fix (bsc#1183696). - CVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509). - CVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened. This could have ledto local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720). - CVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069). - CVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454). - CVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715). - CVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716). - CVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717). The following non-security bugs were fixed: - Revert "rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514)" This turned out to be a bad idea: the kernel-$flavor-devel package must be usablewithout kernel-$flavor, e.g. at the build of a KMP. And this change brought superfluous installation of kernel-preempt when a system had kernel-syms (bsc#1185113). - Xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367). - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775). - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775). - coredump: fix crash when umh is disabled (bsc#1177753, bsc#1182194). - dm: fix redundant IO accounting for bios that need splitting (bsc#1183738). - ext4: check journal inode extents more carefully (bsc#1173485). - ext4: do not allow overlapping system zones (bsc#1173485). - ext4: handle error of ext4_setup_system_zone() on remount (bsc#1173485). - handle also the opposite type of race condition - hv: clear ring_buffer pointer during cleanup (part of ae6935ed) (bsc#1181032). - hv_netvsc: remove ndo_poll_controller (bsc#1185248). - ibmvnic fix NULL tx_pools and rx_tools issue at do_reset (bsc#1175873 ltc#187922). - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997). - ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140). - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes). - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes). - ibmvnic: enhance resetting status check during module exit (bsc#1065729). - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes). - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293). - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes). - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes). - macros.kernel-source: Use spec_install_pre for certificateinstallation (boo#1182672). - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - rpm/kernel-obs-build.spec.in: Include essiv with dm-crypt (boo#1183063). - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issues/2439) - rpm/macros.kernel-source: fix KMP failure in %install (bsc#1185244) - rpm/mkspec: Use tilde instead of dot for version string with rc (bsc#1184650) - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1596=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-1596=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1596=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1596=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1596=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1596=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-default-devel-debuginfo-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSEOpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-default-devel-debuginfo-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.74.1 kernel-default-base-4.12.14-95.74.1 kernel-default-base-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 kernel-default-devel-4.12.14-95.74.1 kernel-syms-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.74.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.74.1 kernel-macros-4.12.14-95.74.1 kernel-source-4.12.14-95.74.1 - SUSE Linux Enterprise Server12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.74.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.74.1 kernel-default-kgraft-devel-4.12.14-95.74.1 kgraft-patch-4_12_14-95_74-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.74.1 cluster-md-kmp-default-debuginfo-4.12.14-95.74.1 dlm-kmp-default-4.12.14-95.74.1 dlm-kmp-default-debuginfo-4.12.14-95.74.1 gfs2-kmp-default-4.12.14-95.74.1 gfs2-kmp-default-debuginfo-4.12.14-95.74.1 kernel-default-debuginfo-4.12.14-95.74.1 kernel-default-debugsource-4.12.14-95.74.1 ocfs2-kmp-default-4.12.14-95.74.1 ocfs2-kmp-default-debuginfo-4.12.14-95.74.1 References: https://www.suse.com/security/cve/CVE-2020-0433.html https://www.suse.com/security/cve/CVE-2020-25670.html https://www.suse.com/security/cve/CVE-2020-25671.html https://www.suse.com/security/cve/CVE-2020-25672.html https://www.suse.com/security/cve/CVE-2020-25673.html https://www.suse.com/security/cve/CVE-2020-27170.html https://www.suse.com/security/cve/CVE-2020-27171.html https://www.suse.com/security/cve/CVE-2020-27673.html https://www.suse.com/security/cve/CVE-2020-27815.html https://www.suse.com/security/cve/CVE-2020-35519.html https://www.suse.com/security/cve/CVE-2020-36310.html https://www.suse.com/security/cve/CVE-2020-36311.html https://www.suse.com/security/cve/CVE-2020-36312.html https://www.suse.com/security/cve/CVE-2020-36322.html https://www.suse.com/security/cve/CVE-2021-20219.html https://www.suse.com/security/cve/CVE-2021-27363.html https://www.suse.com/security/cve/CVE-2021-27364.html https://www.suse.com/security/cve/CVE-2021-27365.html https://www.suse.com/security/cve/CVE-2021-28038.html https://www.suse.com/security/cve/CVE-2021-28660.html https://www.suse.com/security/cve/CVE-2021-28688.html https://www.suse.com/security/cve/CVE-2021-28950.html https://www.suse.com/security/cve/CVE-2021-28964.html https://www.suse.com/security/cve/CVE-2021-28971.html https://www.suse.com/security/cve/CVE-2021-28972.html https://www.suse.com/security/cve/CVE-2021-29154.html https://www.suse.com/security/cve/CVE-2021-29155.html https://www.suse.com/security/cve/CVE-2021-29264.html https://www.suse.com/security/cve/CVE-2021-29265.html https://www.suse.com/security/cve/CVE-2021-29647.html https://www.suse.com/security/cve/CVE-2021-29650.html https://www.suse.com/security/cve/CVE-2021-30002.html https://www.suse.com/security/cve/CVE-2021-3428.html https://www.suse.com/security/cve/CVE-2021-3444.html https://www.suse.com/security/cve/CVE-2021-3483.html https://bugzilla.suse.com/1040855 https://bugzilla.suse.com/1044767 https://bugzilla.suse.com/1047233 https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1094840 https://bugzilla.suse.com/1152457 https://bugzilla.suse.com/1171078 https://bugzilla.suse.com/1173485 https://bugzilla.suse.com/1175873 https://bugzilla.suse.com/1176700 https://bugzilla.suse.com/1176720 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1177411 https://bugzilla.suse.com/1177753 https://bugzilla.suse.com/1178181 https://bugzilla.suse.com/1179454 https://bugzilla.suse.com/1181032 https://bugzilla.suse.com/1181960 https://bugzilla.suse.com/1182194 https://bugzilla.suse.com/1182672 https://bugzilla.suse.com/1182715 https://bugzilla.suse.com/1182716 https://bugzilla.suse.com/1182717 https://bugzilla.suse.com/1183022 https://bugzilla.suse.com/1183063 https://bugzilla.suse.com/1183069 https://bugzilla.suse.com/1183509 https://bugzilla.suse.com/1183593 https://bugzilla.suse.com/1183646 https://bugzilla.suse.com/1183686 https://bugzilla.suse.com/1183696 https://bugzilla.suse.com/1183738 https://bugzilla.suse.com/1183775 https://bugzilla.suse.com/1184120 https://bugzilla.suse.com/1184167 https://bugzilla.suse.com/1184168 https://bugzilla.suse.com/1184170 https://bugzilla.suse.com/1184192 https://bugzilla.suse.com/1184193 https://bugzilla.suse.com/1184194 https://bugzilla.suse.com/1184196 https://bugzilla.suse.com/1184198 https://bugzilla.suse.com/1184208 https://bugzilla.suse.com/1184211 https://bugzilla.suse.com/1184388 https://bugzilla.suse.com/1184391 https://bugzilla.suse.com/1184393 https://bugzilla.suse.com/1184397 https://bugzilla.suse.com/1184509 https://bugzilla.suse.com/1184511 https://bugzilla.suse.com/1184512 https://bugzilla.suse.com/1184514 https://bugzilla.suse.com/1184583 https://bugzilla.suse.com/1184650 https://bugzilla.suse.com/1184942 https://bugzilla.suse.com/1185113 https://bugzilla.suse.com/1185244 https://bugzilla.suse.com/1185248 . Red Hat Security Update resolves 40 vulnerabilities in the Linux Kernel, correcting critical bugs and improving overall system protection.. SUSE Security Update, Linux Kernel Fix, Service Denial Protection, Memory Leak Repair. . Severity: Important. LinuxSecurity.com Team
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for rubygem-actionpack-4_2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:1162-1 Rating: moderate References: #1159548 Cross-References: CVE-2019-16782 CVSS scores: CVE-2019-16782 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-actionpack-4_2 fixes the following issues: - CVE-2019-16782: Possible Information Leak / Session Hijack Vulnerability in Rack (bsc#1159548) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1162=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-1162=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-1162=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 - SUSE OpenStack Cloud 7 (aarch64 s390x x86_64): ruby2.1-rubygem-actionpack-4_2-4.2.9-7.9.1 References: https://www.suse.com/security/cve/CVE-2019-16782.html https://bugzilla.suse.com/1159548 . SUSE Security Bulletin for rubygem-actionview-4_2 addresses data exposure vulnerability. Advisory ID: SUSE-SU-2021:1154-3.. SUSE OpenStack Cloud,rubygem actionpack, info leak patch, security update. . LinuxSecurity.com Team
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0080-1 Rating: important References: #1180623 Cross-References: CVE-2020-16044 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.6.1 ESR * Fixed: Critical security issue MFSA 2021-01 (bsc#1180623) * CVE-2020-16044 Use-after-free write when handling a malicious COOKIE-ECHO SCTP chunk Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patchSUSE-OpenStack-Cloud-Crowbar-9-2021-80=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-80=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-80=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-80=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2021-80=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-80=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2021-80=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2021-80=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2021-80=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-80=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-80=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-80=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-80=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-80=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-80=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2021-80=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-80=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE OpenStack Cloud 7 (s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-78.6.1-112.42.1 MozillaFirefox-debuginfo-78.6.1-112.42.1 MozillaFirefox-debugsource-78.6.1-112.42.1 MozillaFirefox-devel-78.6.1-112.42.1 MozillaFirefox-translations-common-78.6.1-112.42.1 References: https://www.suse.com/security/cve/CVE-2020-16044.html https://bugzilla.suse.com/1180623 . Crucial SUSE security patch addresses a serious Firefox vulnerability impacting several distributions. Update without delay.. SUSE Linux, MozillaFirefox, Security Update, OpenStack, Critical Issue. . Severity: Important. LinuxSecurity.com Team
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:2331-1 Rating: moderate References: #1174633 #1174635 #1174638 Cross-References: CVE-2020-14345 CVE-2020-14346 CVE-2020-14347 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 7 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP2 SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP2-LTSS SUSE Linux Enterprise Server 12-SP2-BCL SUSE Enterprise Storage 5 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for xorg-x11-server fixes the following issues: - CVE-2020-14347: Leak of uninitialized heap memory from the X server to clients on pixmap allocation (bsc#1174633, ZDI-CAN-11426). - CVE-2020-14346: XIChangeHierarchy Integer Underflow Privilege Escalation Vulnerability (bsc#1174638, ZDI-CAN-11429). - CVE-2020-14345: XKB out-of-bounds access privilege escalation vulnerability (bsc#1174635, ZDI-CAN-11428). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-2331=1 - SUSE OpenStack Cloud 8: zypper in -t patchSUSE-OpenStack-Cloud-8-2020-2331=1 - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-2331=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2020-2331=1 - SUSE Linux Enterprise Server for SAP 12-SP2: zypper in -t patch SUSE-SLE-SAP-12-SP2-2020-2331=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2020-2331=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2020-2331=1 - SUSE Linux Enterprise Server 12-SP2-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP2-2020-2331=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2020-2331=1 - SUSE Enterprise Storage 5: zypper in -t patch SUSE-Storage-5-2020-2331=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-2331=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE OpenStack Cloud 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE OpenStack Cloud 7 (s390x x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server for SAP 12-SP2 (ppc64le x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP2-LTSS (ppc64le s390x x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - SUSE Enterprise Storage 5 (aarch64 x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 - HPE HelionOpenstack 8 (x86_64): xorg-x11-server-7.6_1.18.3-76.26.1 xorg-x11-server-debuginfo-7.6_1.18.3-76.26.1 xorg-x11-server-debugsource-7.6_1.18.3-76.26.1 xorg-x11-server-extra-7.6_1.18.3-76.26.1 xorg-x11-server-extra-debuginfo-7.6_1.18.3-76.26.1 References: https://www.suse.com/security/cve/CVE-2020-14345.html https://www.suse.com/security/cve/CVE-2020-14346.html https://www.suse.com/security/cve/CVE-2020-14347.html https://bugzilla.suse.com/1174633 https://bugzilla.suse.com/1174635 https://bugzilla.suse.com/1174638 _______________________________________________ sle-security-updates mailing list
Get the latest Linux and open source security news straight to your inbox.