Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 13 articles for you...
217
security advisorysecurity updatesecurity fixOracle Linux 9 ELSA-2023-6744 Moderate: Samba Security Update
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-6744 https://linux.oracle.com/errata/ELSA-2023-6744.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable LinuxNetwork: x86_64: libnetapi-4.18.6-101.el9_3.i686.rpm libnetapi-4.18.6-101.el9_3.x86_64.rpm libsmbclient-4.18.6-101.el9_3.i686.rpm libsmbclient-4.18.6-101.el9_3.x86_64.rpm libwbclient-4.18.6-101.el9_3.i686.rpm libwbclient-4.18.6-101.el9_3.x86_64.rpm python3-samba-4.18.6-101.el9_3.i686.rpm python3-samba-4.18.6-101.el9_3.x86_64.rpm python3-samba-dc-4.18.6-101.el9_3.x86_64.rpm samba-4.18.6-101.el9_3.x86_64.rpm samba-client-4.18.6-101.el9_3.x86_64.rpm samba-client-libs-4.18.6-101.el9_3.i686.rpm samba-client-libs-4.18.6-101.el9_3.x86_64.rpm samba-common-4.18.6-101.el9_3.noarch.rpm samba-common-libs-4.18.6-101.el9_3.i686.rpm samba-common-libs-4.18.6-101.el9_3.x86_64.rpm samba-common-tools-4.18.6-101.el9_3.x86_64.rpm samba-dc-libs-4.18.6-101.el9_3.i686.rpm samba-dc-libs-4.18.6-101.el9_3.x86_64.rpm samba-dcerpc-4.18.6-101.el9_3.x86_64.rpm samba-krb5-printing-4.18.6-101.el9_3.x86_64.rpm samba-ldb-ldap-modules-4.18.6-101.el9_3.x86_64.rpm samba-libs-4.18.6-101.el9_3.i686.rpm samba-libs-4.18.6-101.el9_3.x86_64.rpm samba-tools-4.18.6-101.el9_3.x86_64.rpm samba-usershares-4.18.6-101.el9_3.x86_64.rpm samba-vfs-iouring-4.18.6-101.el9_3.x86_64.rpm samba-winbind-4.18.6-101.el9_3.x86_64.rpm samba-winbind-clients-4.18.6-101.el9_3.x86_64.rpm samba-winbind-krb5-locator-4.18.6-101.el9_3.x86_64.rpm samba-winbind-modules-4.18.6-101.el9_3.i686.rpm samba-winbind-modules-4.18.6-101.el9_3.x86_64.rpm samba-winexe-4.18.6-101.el9_3.x86_64.rpm libnetapi-devel-4.18.6-101.el9_3.i686.rpm libnetapi-devel-4.18.6-101.el9_3.x86_64.rpm libsmbclient-devel-4.18.6-101.el9_3.i686.rpm libsmbclient-devel-4.18.6-101.el9_3.x86_64.rpm libwbclient-devel-4.18.6-101.el9_3.i686.rpm libwbclient-devel-4.18.6-101.el9_3.x86_64.rpm python3-samba-devel-4.18.6-101.el9_3.i686.rpm python3-samba-devel-4.18.6-101.el9_3.x86_64.rpm python3-samba-test-4.18.6-101.el9_3.x86_64.rpm samba-devel-4.18.6-101.el9_3.i686.rpm samba-devel-4.18.6-101.el9_3.x86_64.rpm samba-pidl-4.18.6-101.el9_3.noarch.rpm samba-test-4.18.6-101.el9_3.x86_64.rpm samba-test-libs-4.18.6-101.el9_3.x86_64.rpm aarch64: libnetapi-4.18.6-101.el9_3.aarch64.rpm libsmbclient-4.18.6-101.el9_3.aarch64.rpm libwbclient-4.18.6-101.el9_3.aarch64.rpm python3-samba-4.18.6-101.el9_3.aarch64.rpm python3-samba-dc-4.18.6-101.el9_3.aarch64.rpm samba-4.18.6-101.el9_3.aarch64.rpm samba-client-4.18.6-101.el9_3.aarch64.rpm samba-client-libs-4.18.6-101.el9_3.aarch64.rpm samba-common-4.18.6-101.el9_3.noarch.rpm samba-common-libs-4.18.6-101.el9_3.aarch64.rpm samba-common-tools-4.18.6-101.el9_3.aarch64.rpm samba-dc-libs-4.18.6-101.el9_3.aarch64.rpm samba-dcerpc-4.18.6-101.el9_3.aarch64.rpm samba-krb5-printing-4.18.6-101.el9_3.aarch64.rpm samba-ldb-ldap-modules-4.18.6-101.el9_3.aarch64.rpm samba-libs-4.18.6-101.el9_3.aarch64.rpm samba-tools-4.18.6-101.el9_3.aarch64.rpm samba-usershares-4.18.6-101.el9_3.aarch64.rpm samba-vfs-iouring-4.18.6-101.el9_3.aarch64.rpm samba-winbind-4.18.6-101.el9_3.aarch64.rpm samba-winbind-clients-4.18.6-101.el9_3.aarch64.rpm samba-winbind-krb5-locator-4.18.6-101.el9_3.aarch64.rpm samba-winbind-modules-4.18.6-101.el9_3.aarch64.rpm libnetapi-devel-4.18.6-101.el9_3.aarch64.rpm libsmbclient-devel-4.18.6-101.el9_3.aarch64.rpm libwbclient-devel-4.18.6-101.el9_3.aarch64.rpm python3-samba-devel-4.18.6-101.el9_3.aarch64.rpm python3-samba-test-4.18.6-101.el9_3.aarch64.rpm samba-devel-4.18.6-101.el9_3.aarch64.rpm samba-pidl-4.18.6-101.el9_3.noarch.rpm samba-test-4.18.6-101.el9_3.aarch64.rpm samba-test-libs-4.18.6-101.el9_3.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates//samba-4.18.6-101.el9_3.src.rpm Related CVEs: CVE-2023-3961 CVE-2023-4091 CVE-2023-42669 Description of changes: [4.18.6-101] - resolves: RHEL-11937 Fix CVE-2023-3961 - smbd must check the pipename - resolves: RHEL-11937 Fix CVE-2023-4091 - SMB clients can truncate files - resolves: RHEL-11937 Fix CVE-2023-42669 - Remove rpcecho server _______________________________________________ El-errata mailing list
Nov 17, 2023
•Important
Oracle
217
security advisorycriticalsambaOracle Linux 7 ELSA-2023-1090 Critical: Samba Memory Leak Issue
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2023-1090 https://linux.oracle.com/errata/ELSA-2023-1090.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable LinuxNetwork: x86_64: libsmbclient-4.10.16-24.0.1.el7_9.i686.rpm libsmbclient-4.10.16-24.0.1.el7_9.x86_64.rpm libsmbclient-devel-4.10.16-24.0.1.el7_9.i686.rpm libsmbclient-devel-4.10.16-24.0.1.el7_9.x86_64.rpm libwbclient-4.10.16-24.0.1.el7_9.i686.rpm libwbclient-4.10.16-24.0.1.el7_9.x86_64.rpm libwbclient-devel-4.10.16-24.0.1.el7_9.i686.rpm libwbclient-devel-4.10.16-24.0.1.el7_9.x86_64.rpm samba-4.10.16-24.0.1.el7_9.x86_64.rpm samba-client-4.10.16-24.0.1.el7_9.x86_64.rpm samba-client-libs-4.10.16-24.0.1.el7_9.i686.rpm samba-client-libs-4.10.16-24.0.1.el7_9.x86_64.rpm samba-common-4.10.16-24.0.1.el7_9.noarch.rpm samba-common-libs-4.10.16-24.0.1.el7_9.i686.rpm samba-common-libs-4.10.16-24.0.1.el7_9.x86_64.rpm samba-common-tools-4.10.16-24.0.1.el7_9.x86_64.rpm samba-dc-4.10.16-24.0.1.el7_9.x86_64.rpm samba-dc-libs-4.10.16-24.0.1.el7_9.x86_64.rpm samba-devel-4.10.16-24.0.1.el7_9.i686.rpm samba-devel-4.10.16-24.0.1.el7_9.x86_64.rpm samba-krb5-printing-4.10.16-24.0.1.el7_9.x86_64.rpm samba-libs-4.10.16-24.0.1.el7_9.i686.rpm samba-libs-4.10.16-24.0.1.el7_9.x86_64.rpm samba-pidl-4.10.16-24.0.1.el7_9.noarch.rpm samba-python-4.10.16-24.0.1.el7_9.i686.rpm samba-python-4.10.16-24.0.1.el7_9.x86_64.rpm samba-python-test-4.10.16-24.0.1.el7_9.x86_64.rpm samba-test-4.10.16-24.0.1.el7_9.x86_64.rpm samba-test-libs-4.10.16-24.0.1.el7_9.i686.rpm samba-test-libs-4.10.16-24.0.1.el7_9.x86_64.rpm samba-vfs-glusterfs-4.10.16-24.0.1.el7_9.x86_64.rpm samba-winbind-4.10.16-24.0.1.el7_9.x86_64.rpm samba-winbind-clients-4.10.16-24.0.1.el7_9.x86_64.rpm samba-winbind-krb5-locator-4.10.16-24.0.1.el7_9.x86_64.rpm samba-winbind-modules-4.10.16-24.0.1.el7_9.i686.rpm samba-winbind-modules-4.10.16-24.0.1.el7_9.x86_64.rpm ctdb-4.10.16-24.0.1.el7_9.x86_64.rpm ctdb-tests-4.10.16-24.0.1.el7_9.x86_64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates//samba-4.10.16-24.0.1.el7_9.src.rpm Related CVEs: CVE-2022-38023 Description of changes: [4.10.16-24.0.1] - Fix memory leak in _nss_winbind_initgroups_dyn [Orabug: 34228871] [4.10.16-24] -related: #2154364 - Add additional patches for CVE-2022-38023 [4.10.16-23] - resolves: #2154364 - Fix CVE-2022-38023 _______________________________________________ El-errata mailing list
Mar 08, 2023
•Critical
Oracle
219
security advisorybug fixmoderate severityRocky Linux 8 RLSA-2022:2074 Moderate Samba Security Issue
Moderate: samba security, bug fix, and enhancement update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2022:2074', 'synopsis': 'Moderate: samba security, bug fix, and enhancement update', 'severity': 'Moderate', 'topic': 'An update for samba is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.\nThe following packages have been upgraded to a later upstream version: samba (4.15.5). (BZ#2013596)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nAdditional Changes:\nFor detailed information on changes in this release, see the Rocky Linux 8.6 Release Notes linked from the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1979959', '1995849', '1999294', '2009673', '2013596', '2019461', '2028029', '2035528', '2038148', '2038796', '2043154', '2044404', '2046120', '2049602', '2057503', '2064325'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20316.json:::CVE-2021-20316', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44141.json:::CVE-2021-44141'], 'references': [], 'publishedAt': '2022-05-18T19:44:08.471041Z', 'rpms': ['ctdb-4.15.5-5.el8.aarch64.rpm', 'ctdb-4.15.5-5.el8.x86_64.rpm', 'ctdb-debuginfo-4.15.5-5.el8.aarch64.rpm', 'ctdb-debuginfo-4.15.5-5.el8.x86_64.rpm', 'libsmbclient-4.15.5-5.el8.aarch64.rpm', 'libsmbclient-4.15.5-5.el8.i686.rpm','libsmbclient-4.15.5-5.el8.x86_64.rpm', 'libsmbclient-debuginfo-4.15.5-5.el8.aarch64.rpm', 'libsmbclient-debuginfo-4.15.5-5.el8.i686.rpm', 'libsmbclient-debuginfo-4.15.5-5.el8.x86_64.rpm', 'libsmbclient-devel-4.15.5-5.el8.aarch64.rpm', 'libsmbclient-devel-4.15.5-5.el8.i686.rpm', 'libsmbclient-devel-4.15.5-5.el8.x86_64.rpm', 'libwbclient-4.15.5-5.el8.aarch64.rpm', 'libwbclient-4.15.5-5.el8.i686.rpm', 'libwbclient-4.15.5-5.el8.x86_64.rpm', 'libwbclient-debuginfo-4.15.5-5.el8.aarch64.rpm', 'libwbclient-debuginfo-4.15.5-5.el8.i686.rpm', 'libwbclient-debuginfo-4.15.5-5.el8.x86_64.rpm', 'libwbclient-devel-4.15.5-5.el8.aarch64.rpm', 'libwbclient-devel-4.15.5-5.el8.i686.rpm', 'libwbclient-devel-4.15.5-5.el8.x86_64.rpm', 'python3-samba-4.15.5-5.el8.aarch64.rpm', 'python3-samba-4.15.5-5.el8.i686.rpm', 'python3-samba-4.15.5-5.el8.x86_64.rpm', 'python3-samba-debuginfo-4.15.5-5.el8.aarch64.rpm', 'python3-samba-debuginfo-4.15.5-5.el8.i686.rpm', 'python3-samba-debuginfo-4.15.5-5.el8.x86_64.rpm', 'python3-samba-devel-4.15.5-5.el8.aarch64.rpm', 'python3-samba-devel-4.15.5-5.el8.i686.rpm', 'python3-samba-devel-4.15.5-5.el8.x86_64.rpm', 'python3-samba-test-4.15.5-5.el8.aarch64.rpm', 'python3-samba-test-4.15.5-5.el8.x86_64.rpm', 'samba-4.15.5-5.el8.aarch64.rpm', 'samba-4.15.5-5.el8.src.rpm', 'samba-4.15.5-5.el8.x86_64.rpm', 'samba-client-4.15.5-5.el8.aarch64.rpm', 'samba-client-4.15.5-5.el8.x86_64.rpm', 'samba-client-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-client-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-client-libs-4.15.5-5.el8.aarch64.rpm', 'samba-client-libs-4.15.5-5.el8.i686.rpm', 'samba-client-libs-4.15.5-5.el8.x86_64.rpm', 'samba-client-libs-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-client-libs-debuginfo-4.15.5-5.el8.i686.rpm', 'samba-client-libs-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-common-4.15.5-5.el8.noarch.rpm', 'samba-common-libs-4.15.5-5.el8.aarch64.rpm', 'samba-common-libs-4.15.5-5.el8.x86_64.rpm', 'samba-common-libs-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-common-libs-debuginfo-4.15.5-5.el8.x86_64.rpm','samba-common-tools-4.15.5-5.el8.aarch64.rpm', 'samba-common-tools-4.15.5-5.el8.x86_64.rpm', 'samba-common-tools-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-common-tools-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-debuginfo-4.15.5-5.el8.i686.rpm', 'samba-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-debugsource-4.15.5-5.el8.aarch64.rpm', 'samba-debugsource-4.15.5-5.el8.i686.rpm', 'samba-debugsource-4.15.5-5.el8.x86_64.rpm', 'samba-devel-4.15.5-5.el8.aarch64.rpm', 'samba-devel-4.15.5-5.el8.i686.rpm', 'samba-devel-4.15.5-5.el8.x86_64.rpm', 'samba-krb5-printing-4.15.5-5.el8.aarch64.rpm', 'samba-krb5-printing-4.15.5-5.el8.x86_64.rpm', 'samba-krb5-printing-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-krb5-printing-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-libs-4.15.5-5.el8.aarch64.rpm', 'samba-libs-4.15.5-5.el8.i686.rpm', 'samba-libs-4.15.5-5.el8.x86_64.rpm', 'samba-libs-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-libs-debuginfo-4.15.5-5.el8.i686.rpm', 'samba-libs-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-pidl-4.15.5-5.el8.noarch.rpm', 'samba-test-4.15.5-5.el8.aarch64.rpm', 'samba-test-4.15.5-5.el8.x86_64.rpm', 'samba-test-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-test-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-test-libs-4.15.5-5.el8.aarch64.rpm', 'samba-test-libs-4.15.5-5.el8.x86_64.rpm', 'samba-test-libs-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-test-libs-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-vfs-iouring-4.15.5-5.el8.aarch64.rpm', 'samba-vfs-iouring-4.15.5-5.el8.x86_64.rpm', 'samba-vfs-iouring-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-vfs-iouring-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-clients-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-clients-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-clients-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-clients-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-debuginfo-4.15.5-5.el8.aarch64.rpm','samba-winbind-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-krb5-locator-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-krb5-locator-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-krb5-locator-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-krb5-locator-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-modules-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-modules-4.15.5-5.el8.i686.rpm', 'samba-winbind-modules-4.15.5-5.el8.x86_64.rpm', 'samba-winbind-modules-debuginfo-4.15.5-5.el8.aarch64.rpm', 'samba-winbind-modules-debuginfo-4.15.5-5.el8.i686.rpm', 'samba-winbind-modules-debuginfo-4.15.5-5.el8.x86_64.rpm', 'samba-winexe-4.15.5-5.el8.x86_64.rpm', 'samba-winexe-debuginfo-4.15.5-5.el8.x86_64.rpm']}\. Rocky Linux RLSA-2022:2098 focuses on OpenSSL vulnerabilities of moderate significance. Essential patch information included.. Samba Update, Rocky Linux, Bug Fix, Security Advisory. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
100
security advisoryimportantmemory leakSUSE: 2022:2586-2 Important: Ldb And Samba Security Issues Update
An update that solves 5 vulnerabilities and has 6 fixes is now available. . SUSE Security Update: Security update for ldb, samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:2586-2 Rating: important References: #1196224 #1198255 #1199247 #1199734 #1200556 #1200964 #1201490 #1201492 #1201493 #1201495 #1201496 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVSS scores: CVE-2022-2031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2031 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32744 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 5 vulnerabilities and has 6 fixes is now available. Description: This update for ldb, samba fixes the following issues: - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify request (bsc#1201492). - CVE-2022-2031: Fixed AD restrictions bypassassociated with changing passwords (bsc#1201495). - CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496). - CVE-2022-32744: Fixed an arbitrary password change request for any AD user (bsc#1201493). The following security bugs were fixed: samba was updated to 4.15.8: * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556). ldb was updated to version 2.4.3 * Fix build problems, waf produces incorrect names for python extensions; (bso#15071); Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2586=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): ldb-debugsource-2.4.3-150300.3.20.1 libldb2-2.4.3-150300.3.20.1 libldb2-debuginfo-2.4.3-150300.3.20.1 samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1 samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://bugzilla.suse.com/1196224 https://bugzilla.suse.com/1198255 https://bugzilla.suse.com/1199247 https://bugzilla.suse.com/1199734 https://bugzilla.suse.com/1200556 https://bugzilla.suse.com/1200964 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 . Multiple security weaknesses have been identified in ldb and samba for SUSE environments; refer to the release notes for comprehensive information.. SUSE Security, System Patch, Samba Update, Linux Administration. . Severity: Important. LinuxSecurity.com Team
Sep 01, 2022
•Important
SuSE
217
security advisorydenial of servicesecurity issueOracle Linux 8 ELSA-2022-0332 Critical: Samba Access Violation Fixes
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-0332 https://linux.oracle.com/errata/ELSA-2022-0332.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: ctdb-4.14.5-9.el8_5.x86_64.rpm libsmbclient-4.14.5-9.el8_5.i686.rpm libsmbclient-4.14.5-9.el8_5.x86_64.rpm libwbclient-4.14.5-9.el8_5.i686.rpm libwbclient-4.14.5-9.el8_5.x86_64.rpm python3-samba-4.14.5-9.el8_5.i686.rpm python3-samba-4.14.5-9.el8_5.x86_64.rpm python3-samba-test-4.14.5-9.el8_5.x86_64.rpm samba-4.14.5-9.el8_5.x86_64.rpm samba-client-4.14.5-9.el8_5.x86_64.rpm samba-client-libs-4.14.5-9.el8_5.i686.rpm samba-client-libs-4.14.5-9.el8_5.x86_64.rpm samba-common-4.14.5-9.el8_5.noarch.rpm samba-common-libs-4.14.5-9.el8_5.x86_64.rpm samba-common-tools-4.14.5-9.el8_5.x86_64.rpm samba-krb5-printing-4.14.5-9.el8_5.x86_64.rpm samba-libs-4.14.5-9.el8_5.i686.rpm samba-libs-4.14.5-9.el8_5.x86_64.rpm samba-pidl-4.14.5-9.el8_5.noarch.rpm samba-test-4.14.5-9.el8_5.x86_64.rpm samba-test-libs-4.14.5-9.el8_5.x86_64.rpm samba-vfs-iouring-4.14.5-9.el8_5.x86_64.rpm samba-winbind-4.14.5-9.el8_5.x86_64.rpm samba-winbind-clients-4.14.5-9.el8_5.x86_64.rpm samba-winbind-krb5-locator-4.14.5-9.el8_5.x86_64.rpm samba-winbind-modules-4.14.5-9.el8_5.i686.rpm samba-winbind-modules-4.14.5-9.el8_5.x86_64.rpm samba-winexe-4.14.5-9.el8_5.x86_64.rpm libsmbclient-devel-4.14.5-9.el8_5.i686.rpm libsmbclient-devel-4.14.5-9.el8_5.x86_64.rpm libwbclient-devel-4.14.5-9.el8_5.i686.rpm libwbclient-devel-4.14.5-9.el8_5.x86_64.rpm samba-devel-4.14.5-9.el8_5.i686.rpm samba-devel-4.14.5-9.el8_5.x86_64.rpm aarch64: ctdb-4.14.5-9.el8_5.aarch64.rpm libsmbclient-4.14.5-9.el8_5.aarch64.rpm libwbclient-4.14.5-9.el8_5.aarch64.rpm python3-samba-4.14.5-9.el8_5.aarch64.rpm python3-samba-test-4.14.5-9.el8_5.aarch64.rpm samba-4.14.5-9.el8_5.aarch64.rpm samba-client-4.14.5-9.el8_5.aarch64.rpm samba-client-libs-4.14.5-9.el8_5.aarch64.rpm samba-common-4.14.5-9.el8_5.noarch.rpm samba-common-libs-4.14.5-9.el8_5.aarch64.rpm samba-common-tools-4.14.5-9.el8_5.aarch64.rpm samba-krb5-printing-4.14.5-9.el8_5.aarch64.rpm samba-libs-4.14.5-9.el8_5.aarch64.rpm samba-pidl-4.14.5-9.el8_5.noarch.rpm samba-test-4.14.5-9.el8_5.aarch64.rpm samba-test-libs-4.14.5-9.el8_5.aarch64.rpm samba-vfs-iouring-4.14.5-9.el8_5.aarch64.rpm samba-winbind-4.14.5-9.el8_5.aarch64.rpm samba-winbind-clients-4.14.5-9.el8_5.aarch64.rpm samba-winbind-krb5-locator-4.14.5-9.el8_5.aarch64.rpm samba-winbind-modules-4.14.5-9.el8_5.aarch64.rpm libsmbclient-devel-4.14.5-9.el8_5.aarch64.rpm libwbclient-devel-4.14.5-9.el8_5.aarch64.rpm samba-devel-4.14.5-9.el8_5.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/samba-4.14.5-9.el8_5.src.rpm Related CVEs: CVE-2021-44142 Description of changes: [4.14.5-9] - resolves: rhbz#2046174 - Fix username map script regression of CVE-2020-25717 - resolves: rhbz#2046160 - Fix possible segfault while joining a domain - resolves: rhbz#2046152 - Fix CVE-2021-44142 [4.14.5-8] - resolves: rhbz#2026717 - Dir containing dangling symlinks cannot be deleted _______________________________________________ El-errata mailing list
Feb 01, 2022
Oracle
100
security advisorysecurity issueimportantSUSE: 2021:772-1 Important: Samba and Kernel Security Update
The container sles-15-sp3-chost-byos-v20211202 was updated. The following patches have been included in this update:. SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20211202 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2021:772-1 Image Tags : sles-15-sp3-chost-byos-v20211202:20211202 Image Release : Severity : important Type : security References : 1014440 1065729 1065729 1085030 1085030 1089118 1094840 1133021 1152472 1152472 1152489 1152489 1154353 1156395 1156395 1157177 1167773 1172073 1172073 1173604 1173604 1176447 1176447 1176774 1176774 1176914 1176914 1176940 1178134 1178134 1180100 1180100 1180749 1181147 1181147 1184673 1184673 1185762 1185762 1186063 1186063 1186071 1186109 1186109 1187153 1187167 1187167 1187190 1187190 1187273 1187958 1188160 1188161 1188563 1188563 1188601 1188623 1188713 1188727 1188869 1189017 1189841 1189841 1189983 1189984 1190006 1190006 1190067 1190067 1190326 1190349 1190349 1190351 1190351 1190356 1190375 1190440 1190479 1190479 1190620 1190620 1190642 1190642 1190795 1190795 1190801 1190801 1190941 1190941 1190984 1191054 1191229 1191229 1191240 1191240 1191241 1191241 1191286 1191315 1191315 1191317 1191317 1191324 1191349 1191349 1191370 1191384 1191384 1191449 1191449 1191450 1191450 1191451 1191451 1191452 1191452 1191455 1191455 1191456 1191456 1191500 1191566 1191609 1191628 1191628 1191645 1191645 1191663 1191663 1191675 1191731 1191731 1191736 1191800 1191800 1191804 1191851 1191867 1191867 1191934 1191934 1191958 1191958 1191980 1192013 11920401192040 1192041 1192041 1192074 1192074 1192104 1192107 1192107 1192145 1192145 1192160 1192161 1192214 1192215 1192229 1192246 1192247 1192267 1192283 1192284 1192288 1192337 1192436 1192505 1192549 1192568 1192601 14571 CVE-2016-2124 CVE-2020-25717 CVE-2020-25717 CVE-2020-25718 CVE-2020-25719 CVE-2020-25721 CVE-2020-25722 CVE-2021-23192 CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 CVE-2021-33033 CVE-2021-33033 CVE-2021-34866 CVE-2021-34866 CVE-2021-3542 CVE-2021-3542 CVE-2021-3655 CVE-2021-3655 CVE-2021-3715 CVE-2021-3715 CVE-2021-37159 CVE-2021-3738 CVE-2021-3760 CVE-2021-3760 CVE-2021-3772 CVE-2021-3772 CVE-2021-3896 CVE-2021-3896 CVE-2021-41864 CVE-2021-41864 CVE-2021-42008 CVE-2021-42008 CVE-2021-42252 CVE-2021-42252 CVE-2021-42739 CVE-2021-42739 CVE-2021-43056 CVE-2021-43056 CVE-2021-43389 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20211202 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3638-1 Released: Tue Nov 9 15:15:38 2021 Summary: Recommended update for samba Type: recommended Severity: important References: 1188727,1189017,14571 This update for samba fixes the following issues: Features added: - Add Certificate Auto Enrollment Policy. (jsc#SLE-18456) Bugs fixed: - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay. (bsc#1188727) - Fix 'net rpc' authentication when using the machine account. (bsc#1189017) Samba was updated to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory;(bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); Samba was updated to 4.13.9: * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to 'log level', synchronise 'log level' in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); Update to 4.13.7 * Release with dependency on ldb version 2.2.1. - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay (bsc#1188727) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3647-1 Released: Wed Nov 10 17:34:14 2021 Summary: Securityupdate for samba and ldb Type: security Severity: important References: 1014440,1192214,1192215,1192246,1192247,1192283,1192284,1192505,CVE-2016-2124,CVE-2020-25717,CVE-2020-25718,CVE-2020-25719,CVE-2020-25721,CVE-2020-25722,CVE-2021-23192,CVE-2021-3738 This update for samba and ldb fixes the following issues: - CVE-2020-25718: Fixed that an RODC can issue (forge) administrator tickets to other servers (bsc#1192246). - CVE-2021-3738: Fixed crash in dsdb stack (bsc#1192215). - CVE-2016-2124: Fixed not to fallback to non spnego authentication if we require kerberos (bsc#1014440). - CVE-2020-25717: Fixed privilege escalation inside an AD Domain where a user could become root on domain members (bsc#1192284). - CVE-2020-25719: Fixed AD DC Username based races when no PAC is given (bsc#1192247). - CVE-2020-25722: Fixed AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues) (bsc#1192283). - CVE-2021-23192: Fixed dcerpc requests to don't check all fragments against the first auth_state (bsc#1192214). - CVE-2020-25721: Fixed fill in the new HAS_SAM_NAME_AND_SID values (bsc#1192505). Samba was updated to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * 'in' operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like '@' in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 > = 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). Sambawas updated to 4.13.12: * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). Samba was updated to 4.13.11: * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: 'deadtime' parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792). ldb was updated to 2.2.2: + CVE-2020-25718: samba: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246); (bso#14558) + CVE-2021-3738: samba: crash in dsdb stack; (bsc#1192215);(bso#14848) Release ldb 2.2.2 + Corrected python behaviour for 'in' for LDAP attributes contained as part of ldb.Message;(bso#14845). + Fix memory handling in ldb.msg_diff Corrected python docstrings;(bso#14836) + Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3655-1 Released: Thu Nov 11 11:59:22 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1152472,1152489,1156395,1172073,1173604,1176447,1176774,1176914,1178134,1180100,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191867,1191934,1191958,1192040,1192041,1192074,1192107,1192145,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. NOTE: This update was retracted due to a NFS regression. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev-> rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252:Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order(git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM:PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref inahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: Inconnector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux(git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr-> cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxedordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a coupleuninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). -powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support(jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Addsupport for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: ensure that theinode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3662-1 Released: Mon Nov 15 19:13:54 2021 Summary: Security update for samba Type: security Severity: important References: 1192601,CVE-2020-25717 This update for samba fixes the following issues: - Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3663-1 Released: Mon Nov 15 19:14:32 2021 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1191804 This update for suse-module-tools fixes the following issues: - Update to version 15.3.14: * more fixes for updates under secure boot * cert-script: Deal with existing $cert.delete file (bsc#1191804). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3675-1 Released: Tue Nov 16 17:47:44 2021 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1085030,1089118,1094840,1133021,1152472,1152489,1154353,1156395,1157177,1167773,1172073,1173604,1176447,1176774,1176914,1176940,1178134,1180100,1180749,1181147,1184673,1185762,1186063,1186109,1187167,1188563,1188601,1189841,1190006,1190067,1190349,1190351,1190479,1190620,1190642,1190795,1190801,1190941,1191229,1191240,1191241,1191315,1191317,1191349,1191384,1191449,1191450,1191451,1191452,1191455,1191456,1191628,1191645,1191663,1191731,1191800,1191851,1191867,1191934,1191958,1191980,1192040,1192041,1192074,1192107,1192145,1192229,1192267,1192288,1192549,CVE-2021-33033,CVE-2021-34866,CVE-2021-3542,CVE-2021-3655,CVE-2021-3715,CVE-2021-37159,CVE-2021-3760,CVE-2021-3772,CVE-2021-3896,CVE-2021-41864,CVE-2021-42008,CVE-2021-42252,CVE-2021-42739,CVE-2021-43056,CVE-2021-43389 The following security bugs were fixed: - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev-> rf_conn_info object (bsc#1190067). - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-37159: hso_free_net_device in drivers/net/usb/hso.c called without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free (bnc#1188601). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with aresultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-43389: There was an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c (bnc#1191958). The following non-security bugs were fixed: - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speakeroutput on the Lenovo 13s Gen2 (git-fixes). - ALSA: hda/realtek: Fix mic mute LED for the HP Spectre x360 14 (git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: Reduce udelay() at SKL+ position reporting (git-fixes). - ALSA: hda: Use position buffer for SKL+ again (git-fixes). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: ua101: fix division by zero at probe (git-fixes). - ALSA: uapi: Fix a C++ style comment in asound.h (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: cs42l42: Correct some register default values (git-fixes). - ASoC: cs42l42: Defer probe if request_threaded_irq() returns EPROBE_DEFER (git-fixes). - ASoC: cs42l42: Do not set defaults for volatile registers (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: dt-bindings: cs42l42: Correct description of ts-inv (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: Intel: bytcr_rt5640: Move 'Platform Clock' routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: mediatek: mt8195: Remove unsued irqs_lock (git-fixes). - ASoC: rockchip: Use generic dmaengine code (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Barindex is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: SOF: topology: do not power down primary core during topology removal (git-fixes). - ASoC: topology: Fix stub for snd_soc_tplg_component_remove() (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - ata: sata_mv: Fix the error handling of mv_chip_id() (git-fixes). - ath10k: fix control-message timeout (git-fixes). - ath10k: fix division by zero in send path (git-fixes). - ath10k: fix max antenna gain unit (git-fixes). - ath10k: Fix missing frame timestamp for beacon/probe-resp (git-fixes). - ath10k: sdio: Add missing BH locking around napi_schdule() (git-fixes). - ath6kl: fix control-message timeout (git-fixes). - ath6kl: fix division by zero in send path (git-fixes). - ath9k: Fix potential interrupt storm on queue reset (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - b43: fix a lower bounds test (git-fixes). - b43legacy: fix a lower bounds test (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - Bluetooth: btmtkuart: fix a memleak in mtk_hci_wmt_sync (git-fixes). - Bluetooth: fix init and cleanup of sco_conn.timeout_work (git-fixes). - bnxt_en: Fix TX timeout when TX ring size is set to the smallest (git-fixes). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP linkfdinfo (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE state notification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of 'meta' errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - driver core: add a min_align_mask field to struct device_dma_parameters (bsc#1191851). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu/display: add quirk handling for stutter mode (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/amdgpu: fix warning for overflow check (git-fixes). - drm/amdgpu/gmc6: fix DMA mask from 44 to 40 bits (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Fixnull pointer dereference on pointer edp (git-fixes). - drm/msm: Fix potential NULL dereference in DPU SSPP (git-fixes). - drm/msm: potential error pointer dereference in init() (git-fixes). - drm/msm: uninitialized variable in msm_gem_import() (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - drm/sun4i: Fix macros in sun8i_csc.h (git-fixes). - drm/ttm: stop calling tt_swapin in vm_access (git-fixes). - drm/v3d: fix wait for TMU write combiner flush (git-fixes). - e1000e: Drop patch to avoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - EDAC/amd64: Set proper family type for Family 19h Models 20h-2Fh (bsc#1192288). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - firmware/psci: fix application of sizeof to pointer (git-fixes). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - ftrace: Fix scripts/recordmcount.pl due to new binutils (bsc#1192267). - genirq: Provide IRQCHIP_AFFINITY_PRE_STARTUP (bsc#1152489). - gpio: pca953x: Improve bias setting (git-fixes). - gve: Avoid freeing NULL pointer (git-fixes). - gve: Correct available tx qpl check (git-fixes). - gve: fix gve_get_stats() (git-fixes). - gve: Properly handle errors in gve_assign_qpl (bsc#1176940). - gve:report 64bit tx_bytes counter from gve_handle_report_stats() (bsc#1176940). - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - hwmon: Fix possible memleak in __hwmon_device_register() (git-fixes). - hwmon: (pmbus/lm25066) Add offset coefficients (git-fixes). - hwmon: (pmbus/lm25066) Let compiler determine outer dimension of lm25066_coeff (git-fixes). - hwrng: mtk - Force runtime pm ops for sleep ops (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - i40e: Fix ATR queue selection (git-fixes). - i40e: fix endless loop under rtnl (git-fixes). - i40e: Fix freeing of uninitialized misc IRQ vector (git-fixes). - iavf: fix double unlock of crit_lock (git-fixes). - ibmvnic: delay complete() (bsc#1094840 ltc#167098 git-fixes). - ice: Add missing E810 device ids (jsc#SLE-7966 bsc#1157177). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - Input: i8042 - Add quirk for Fujitsu Lifebook T725 (bsc#1191980). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - ionic: donot remove netdev-> dev_addr when syncing uc list (bsc#1167773). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - isdn: cpai: check ctr-> cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: mvm: fix some kerneldoc issues (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kabi: block: Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kABI: Fix kABI after 36950f2da1ea (bsc#1191851). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ('rpm: Abolish scritplet templating (bsc#1189841).') - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - KVM: s390: extend kvm_s390_shadow_fault to return entry pointer (bsc#1133021). - KVM: s390: index kvm-> arch.idle_mask by vcpu_idx (bsc#1133021). - KVM: s390: split kvm_s390_logical_to_effective (bsc#1133021). -KVM: s390: VSIE: correctly handle MVPG when in VSIE (bsc#1133021). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - libertas: Fix possible memory leak in probe and disconnect (git-fixes). - libertas_tf: Fix possible memory leak in probe and disconnect (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - media: cedrus: Fix SUNXI tile size calculation (git-fixes). - media: cx23885: Fix snd_card_free call on null card pointer (git-fixes). - media: cxd2880-spi: Fix a null pointer dereference on error handling path (git-fixes). - media: dvb-frontends: mn88443x: Handle errors of clk_prepare_enable() (git-fixes). - media: dvb-usb: fix ununit-value in az6027_rc_query (git-fixes). - media: em28xx: add missing em28xx_close_extension (git-fixes). - media: em28xx: Do not use ops-> suspend if it is NULL (git-fixes). - media: i2c: ths8200 needs V4L2_ASYNC (git-fixes). - media: ite-cir: IR receiver stop working after receive overflow (git-fixes). - media: mtk-vpu: Fix a resource leak in the error handling path of 'mtk_vpu_probe()' (git-fixes). - media: mxl111sf: change mutex_init() location (git-fixes). - media: radio-wl1273: Avoid card name truncation (git-fixes). - media: si470x: Avoid card name truncation (git-fixes). - media: staging/intel-ipu3: css: Fix wrong size comparison imgu_css_fw_init (git-fixes). - media: TDA1997x: handle short reads of hdmi info frame (git-fixes). - media: tm6000: Avoid card name truncation (git-fixes). - media: v4l2-ioctl: Fix check_ext_ctrls (git-fixes). - media: v4l2-ioctl: S_CTRL output the right value (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - memory: fsl_ifc: fix leak of irq and nand_irq in fsl_ifc_ctrl_probe (git-fixes). - memstick: avoid out-of-range warning (git-fixes). - memstick: jmb38x_ms: use appropriate free function in jmb38x_ms_alloc_host() (git-fixes). - mlx5: count all link events(git-fixes). - mlxsw: thermal: Fix out-of-bounds memory accesses (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: mxs-mmc: disable regulator on error and in the remove function (git-fixes). - mmc: sdhci: Map more voltage level to SDHCI_POWER_330 (git-fixes). - mmc: sdhci-omap: Fix NULL pointer exception if regulator is not configured (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - mt76: mt7615: fix endianness warning in mt7615_mac_write_txwi (git-fixes). - mt76: mt76x02: fix endianness warnings in mt76x02_mac.c (git-fixes). - mt76: mt7915: fix muar_idx in mt7915_mcu_alloc_sta_req() (git-fixes). - mt76: mt7915: fix possible infinite loop release semaphore (git-fixes). - mt76: mt7915: fix sta_rec_wtbl tag len (git-fixes). - mwifiex: fix division by zero in fw download path (git-fixes). - mwifiex: Send DELBA requests according to spec (git-fixes). - net/af_unix: fix a data-race in unix_dgram_poll (bsc#1154353). - net: batman-adv: fix error handling (git-fixes). - net: bridge: use nla_total_size_64bit() in br_get_linkxstats_size() (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hns3: fix vf reset workqueue cannot exit (bsc#1154353). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU(bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net/mlx4_en: Do not allow aRFS for encapsulated packets (git-fixes). - net/mlx4_en: Resolve bad operstate value (git-fixes). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: Mutually exclude RX-FCS and RX-port-timestamp (git-fixes). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5: Fix unpublish devlink parameters (jsc#SLE-8464). - net/mlx5: FWTrace, cancel work on alloc pd error flow (git-fixes). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nfs: dir_cookie is a pointer to the cookie in older kernels, not the cookie itself. (bsc#1191628 bsc#1192549). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - nvme: add command id quirk for apple controllers (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: set min_align_mask (bsc#1191851). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - PCI: Fixpci_host_bridge struct device release/free handling (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - platform/x86: thinkpad_acpi: Fix bitwise vs. logical warning (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneeded semicolon (git-fixes). - PM: sleep: Do not let 'syscore' devices runtime-suspend during system transitions (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to reference instruction location (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/numa: Updatecpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - qed: Fix missing error code in qed_slowpath_start() (git-fixes). - qed: Handle management FW error (git-fixes). - qed: rdma - do not wait for resources under hw error recovery flow (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - regulator: dt-bindings: samsung,s5m8767: correct s5m8767,pmic-buck-default-dvs-idx property (git-fixes). - regulator: s5m8767: do not use reset value as DVS voltage if GPIO DVS is disabled (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - rsi: fix control-message timeout (git-fixes). - rsi: Fix module dev_oper_mode parameter description (git-fixes). - rsi: stop thread firstly in rsi_91x_init() error handling (git-fixes). - rtl8187:fix control-message timeouts (git-fixes). - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Allowcertain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi: qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings(bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD checkon hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - swiotlb: add a IO_TLB_SIZE define (bsc#1191851). - swiotlb: clean up swiotlb_tbl_unmap_single (bsc#1191851). - swiotlb: do not modify orig_addr in swiotlb_tbl_sync_single (bsc#1191851). - swiotlb: factor out an io_tlb_offset helper (bsc#1191851). - swiotlb: factor out a nr_slots helper (bsc#1191851). - swiotlb: refactor swiotlb_tbl_map_single (bsc#1191851). - swiotlb: respect min_align_mask (bsc#1191851). - swiotlb: Split size parameter to map/unmap APIs (bsc#1191851). - tpm: Check for integer overflow in tpm2_map_response_body() (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - Update patch reference for AMDGPU fix (bsc#1180749) - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - usbnet: fix error return code in usbnet_probe() (git-fixes). - usbnet: sanity check for maxpacket (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio-gpu: fix possible memory allocation failure (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - wcn36xx: Add ability for wcn36xx_smd_dump_cmd_req to pass two's complement (git-fixes). - wcn36xx: add proper DMA memory barriers in rx path(git-fixes). - wcn36xx: Fix HT40 capability for 2Ghz band (git-fixes). - x86/ioapic: Force affinity setup before startup (bsc#1152489). - x86/msi: Force affinity setup before startup (bsc#1152489). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/reboot: Limit Dell Optiplex 990 quirk to early BIOS versions (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: do not allow log writes if the data device is readonly (bsc#1192229). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405 patch (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3782-1 Released: Tue Nov 23 23:49:03 2021 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1187190,1188713,1190326 This update for dracut fixes the following issues: - Fixed multipath devices that always default to bfq scheduler (bsc#1188713) - Fixed unbootable system when testing kernel 5.14 (bsc#1190326) - Add support for the new iscsiadm 'no-wait' (-W) command (bsc#1187190) - Add iscsid.service requirements(bsc#1187190) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3786-1 Released: Wed Nov 24 05:59:13 2021 Summary: Recommended update for rpm-config-SUSE Type: recommended Severity: important References: 1192160 This update for rpm-config-SUSE fixes the following issues: - Add support for the kernel xz-compressed firmware files (bsc#1192160) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3787-1 Released: Wed Nov 24 06:00:10 2021 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1189983,1189984,1191500,1191566,1191675 This update for xfsprogs fixes the following issues: - Make libhandle1 an explicit dependency in the xfsprogs-devel package (bsc#1191566) - Remove deprecated barrier/nobarrier mount options from manual pages section 5 (bsc#1191675) - xfs_io: include support for label command (bsc#1191500) - xfs_quota: state command to report all three (-ugp) grace times separately (bsc#1189983) - xfs_admin: add support for external log devices (bsc#1189984) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3790-1 Released: Wed Nov 24 06:10:31 2021 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1187190,1187958,1188869,1191054,1192013,1192568 This update for open-iscsi fixes the following issues: - Ensure executables are not moved from /sbin to /usr/sbin in SLE (bsc#1192013)(bsc#1191054) - iscsi-init.service default dependencies can cause the boot to hang so they have been removed (bsc#1187190) - IPv6 offload iSCSI lun needs to be exposed during installation (bsc#1187958) - iscsid needs to use the new prctl(PR_SET_IO_FLUSHER) system call (bsc#1188869) - The iscsi-init.service unit can run too early, when root is read-only, causing it to fail (bsc#1192568) ----------------------------------------------------------------- Advisory ID:SUSE-RU-2021:3792-1 Released: Wed Nov 24 06:12:09 2021 Summary: Recommended update for kmod Type: recommended Severity: moderate References: 1192104 This update for kmod fixes the following issues: - Enable ZSTD compression (bsc#1192104)(jsc#SLE-21256) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3808-1 Released: Fri Nov 26 00:30:54 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1186071,1190440,1190984,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-17798) - Fix fd_is_mount_point() when both the parent and directory are network file systems (bsc#1190984) - Support detection for ARM64 Hyper-V guests (bsc#1186071) - Fix systemd-detect-virt not detecting Amazon EC2 Nitro instance (bsc#1190440) - Enable support for Portable Services in openSUSE Leap only (jsc#SLE-21694) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3838-1 Released: Wed Dec 1 16:07:54 2021 Summary: Security update for ruby2.5 Type: security Severity: important References: 1188160,1188161,1190375,CVE-2021-31799,CVE-2021-31810,CVE-2021-32066 This update for ruby2.5fixes the following issues: - CVE-2021-31799: Fixed Command injection vulnerability in RDoc (bsc#1190375). - CVE-2021-31810: Fixed trusting FTP PASV responses vulnerability in Net:FTP (bsc#1188161). - CVE-2021-32066: Fixed StartTLS stripping vulnerability in Net:IMAP (bsc#1188160). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) The following package changes have been done: - apparmor-abstractions-2.13.6-3.3.1 added - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - dracut-049.1+suse.216.gf705637b-3.45.1 updated - kernel-default-5.3.18-59.34.1 updated - kmod-29-4.12.1 updated - libcrack2-2.9.7-11.6.1 updated -libdcerpc-binding0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libdcerpc0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libkmod2-29-4.12.1 updated - libldb2-2.2.2-3.3.1 updated - libndr-krb5pac0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-nbt0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr-standard0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libndr1-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libnetapi0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libopeniscsiusr0_2_0-2.1.5-32.12.1 updated - libruby2_5-2_5-2.5.9-4.20.1 updated - libsamba-credentials0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-errors0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-hostconfig0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-passdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamba-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsamdb0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbconf0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libsmbldap2-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-246.16-7.21.1 updated - libtevent-util0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libudev1-246.16-7.21.1 updated - libwbclient0-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - libzypp-17.28.8-20.1 updated - open-iscsi-2.1.5-32.12.1 updated - python3-ldb-2.2.2-3.3.1 updated - rpm-config-SUSE-1-5.6.1 updated - ruby2.5-stdlib-2.5.9-4.20.1 updated - ruby2.5-2.5.9-4.20.1 updated - samba-libs-python3-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - samba-libs-4.13.13+git.531.903f5c0ccdc-3.17.1 updated - suse-module-tools-15.3.14-3.14.1 updated - systemd-sysvinit-246.16-7.21.1 updated - systemd-246.16-7.21.1 updated - udev-246.16-7.21.1 updated - xfsprogs-4.15.0-4.52.1 updated - zypper-1.14.50-21.1 updated . SUSE Image Upgrade Notification for sles-15-sp3-chost, featuring modifications to packages and incorporated security enhancements.. SUSE 2021:772-1,samba update,security advisory. . Severity: Important.LinuxSecurity.com Team
Dec 04, 2021
•Important
SuSE
89
security advisorysecurity issueFedoraFedora 31: 2020-5131d30947 Moderate: libldb Samba Update
Update to Samba 4.11.11. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-5131d30947 2020-07-18 01:08:05.874143 --------------------------------------------------------------------------------Name : libldb Product : Fedora 31 Version : 2.0.12 Release : 1.fc31 URL : / Summary : A schema-less, ldap like, API and database Description : An extensible library that implements an LDAP like API to access remote LDAP servers, or use local tdb databases. --------------------------------------------------------------------------------Update Information: Update to Samba 4.11.11 --------------------------------------------------------------------------------ChangeLog: * Thu Jul 2 2020 Lukas Slebodnik - 2.0.12-1 - New upstream release 2.0.12 * Wed Jul 1 2020 Lukas Slebodnik - 2.0.11-1 - New upstream release 2.0.11 --------------------------------------------------------------------------------References: [ 1 ] Bug #1849489 - CVE-2020-10730 samba: NULL pointer de-reference and use-after-free in Samba AD DC LDAP Server with ASQ, VLV and paged_results https://bugzilla.redhat.com/show_bug.cgi?id=1849489 [ 2 ] Bug #1849491 - CVE-2020-10745 samba: Parsing and packing of NBT and DNS packets can consume excessive CPU https://bugzilla.redhat.com/show_bug.cgi?id=1849491 [ 3 ] Bug #1849509 - CVE-2020-10760 samba: LDAP Use-after-free in Samba AD DC Global Catalog with paged_results and VLV https://bugzilla.redhat.com/show_bug.cgi?id=1849509 [ 4 ] Bug #1851298 - CVE-2020-14303 samba: Empty UDP packet DoS in Samba AD DC nbtd https://bugzilla.redhat.com/show_bug.cgi?id=1851298 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-5131d30947' at the command line. For more information, refer to the dnf documentation availableat https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 17, 2020
Fedora
199
security advisorymoderatesoftware updateCentOS 7 CESA-2017-2790 Moderate: Fix for Samba Software Vulnerability
Upstream details at : https://access.redhat.com/errata/RHSA-2017:2790. CentOS Errata and Security Advisory 2017:2790 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2017:2790 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: caba3f119d5cba32ffe42a769b47aa29f5c3918b2700ce283bc5dcdf56d00a8d ctdb-4.6.2-11.el7_4.x86_64.rpm a9700b09956c3485efa48b9b72f30dd7986958d4882f7edff777e1c7d8b0e6df ctdb-tests-4.6.2-11.el7_4.x86_64.rpm c92bc7ea68e289579679bada2a31f9ac1ce8bde5956563614eef91dd84375107 libsmbclient-4.6.2-11.el7_4.i686.rpm 3d38741a74f33d2db9c2d60d304c34a903ceafdb67899f905ce6a823007752b3 libsmbclient-4.6.2-11.el7_4.x86_64.rpm 9343afcf2c447a68bb2bff445884b54466ccdb510614ce064ae0de3756b18666 libsmbclient-devel-4.6.2-11.el7_4.i686.rpm a537f6b0386e918eca30418025f50dc3927c738edeff4136a5c2ae6e715fee0a libsmbclient-devel-4.6.2-11.el7_4.x86_64.rpm 7e5bc4580705aa15d99932b7c3f240d26a26ea19642ca167269cc9074862a28c libwbclient-4.6.2-11.el7_4.i686.rpm 50c946607f828ac721ac48be15992e9065de14312035cb2cb46036f6163e6404 libwbclient-4.6.2-11.el7_4.x86_64.rpm 6e6da2088bc3c3d27da2a96018b37b22f8b16fd9743fe820285ce20aab677dd7 libwbclient-devel-4.6.2-11.el7_4.i686.rpm 51e0edf6e01407e2bc2f9497cafd701024db85f9181b14984a950360b94a9e16 libwbclient-devel-4.6.2-11.el7_4.x86_64.rpm ba47b501512978d111761ff19dab144507c97062c936373b303c83a0a7cbe4c9 samba-4.6.2-11.el7_4.x86_64.rpm 1ea2818d608caebd3aab9d9fc4dc41617c15b608ab7bac79fc342730588bd9b5 samba-client-4.6.2-11.el7_4.x86_64.rpm 6a64a3576fc40d1dc3f827bd20153491e2fdcf15dd3362e817d032c7432fc51b samba-client-libs-4.6.2-11.el7_4.i686.rpm b218c017ffb84660bcf327f47a504c44ee042527f609ef1a43b8354d1a5116de samba-client-libs-4.6.2-11.el7_4.x86_64.rpm c4422f65f1fe3716b765170afa36e4250fc3637421a3bfa3fb4c5a32b5727873 samba-common-4.6.2-11.el7_4.noarch.rpm 856e39494bb2207b6100ada647419c378b578f5e51882c64da3b3caf2224a6c0 samba-common-libs-4.6.2-11.el7_4.x86_64.rpm ce205fac1766b8e47a6e0650a89806192b3ad4bc2660bced20ae0be9d92e2fb3 samba-common-tools-4.6.2-11.el7_4.x86_64.rpm 6d9ee1bc0fe413822f48daf29b9512dac4eddc146983637fbaa077f5f4280b86 samba-dc-4.6.2-11.el7_4.x86_64.rpm 2fa6a2ec3f02c6417dfaea930ad80e51b7675765610338d60d1bc5bc41c9e9ce samba-dc-libs-4.6.2-11.el7_4.x86_64.rpm 1ca2778392b20854f7393a708236b9f540de48858317453c4c2b604b9bc94fec samba-devel-4.6.2-11.el7_4.i686.rpm 08b878ef5c4aeaa5cbb12daf99c6fefe39df84b17fa5b94353ca7a7de7143bf5 samba-devel-4.6.2-11.el7_4.x86_64.rpm c3e27385cecd6b7d78c38ae7fbb3693e547f0c4db7bae05b39ab8e6defbbb262 samba-krb5-printing-4.6.2-11.el7_4.x86_64.rpm 12841d68047b9038e53e21566b6ab00f9cdf8f8fd94e81c012a9376f62bc8999 samba-libs-4.6.2-11.el7_4.i686.rpm 1a04433b8a39dd670c149ecf0e0f83a39c3c0fb7d8bb9133a56fa1b2adf2f998 samba-libs-4.6.2-11.el7_4.x86_64.rpm 7ce137a14fb0b3bd7063a71630590dede4134c7e9197a4aa6e7f01af09f33bfb samba-pidl-4.6.2-11.el7_4.noarch.rpm 36ba02cfff0c5d04a576c645add308bce2ac730c4f10847eba52802f831ae0c6 samba-python-4.6.2-11.el7_4.x86_64.rpm a4c456ba9f710f08a73a57acf0aaaf0dfb89c1d4c90ad7c18803936535a7a92d samba-test-4.6.2-11.el7_4.x86_64.rpm b5c80a2c3bed6d70f7a97bf37aa5c8c4de1f05b039e29ad9da14bc3a6be16345 samba-test-libs-4.6.2-11.el7_4.i686.rpm c73694995c0304dc02a6f6f7e84a6dae9faab941d83db8d9c268f073674775c7 samba-test-libs-4.6.2-11.el7_4.x86_64.rpm 762977f43d1bd19a0f21ca76748038a4139ed8f83a080dac98773f6c74273276 samba-vfs-glusterfs-4.6.2-11.el7_4.x86_64.rpm f1551403f32e0e488f4ad71de0ea2ee50c53509851c41e33ed5ea310dcf82328 samba-winbind-4.6.2-11.el7_4.x86_64.rpm c421ddee28dfb0c03ca00682a6609379615c856128558143a50fddf1c20d3565 samba-winbind-clients-4.6.2-11.el7_4.x86_64.rpm 842a4154f78bd7fd123ea3a463f0e3f7a72ffefd3147377b715b02fc73fcc113 samba-winbind-krb5-locator-4.6.2-11.el7_4.x86_64.rpm aa6e74223be5ce46d48e9e279fc49bc4b01b7faae114b5a862db98876270bbc1 samba-winbind-modules-4.6.2-11.el7_4.i686.rpm 034e2a59161d188fb0f023a05d8ccd8815908fd83a1806c24c907b90c0dba62c samba-winbind-modules-4.6.2-11.el7_4.x86_64.rpm Source: f3c3cdfa0bd76ab38a298bf0f4f5a2e9e727312f23e1d010c95dc924c54a6057 samba-4.6.2-11.el7_4.src.rpm -- Johnny Hughes CentOS Project { https://www.centos.org/ } irc: hughesjr, #
Sep 21, 2017
CentOS
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!