Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
217
security advisorymoderateupdateOracle Linux 8 ELSA-2025-1306 Moderate: GCC-Toolset Security Updates
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2025-1306 http://linux.oracle.com/errata/ELSA-2025-1306.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable LinuxNetwork: x86_64: gcc-toolset-13-gcc-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-c++-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-gfortran-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-plugin-annobin-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-gcc-plugin-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-gcc-plugin-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libasan-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libasan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libatomic-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libatomic-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libgccjit-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libgccjit-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libgccjit-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libgccjit-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libitm-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libitm-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-liblsan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libquadmath-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libquadmath-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libstdc++-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libstdc++-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libstdc++-docs-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libtsan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-libubsan-devel-13.3.1-2.2.0.1.el8_10.i686.rpm gcc-toolset-13-libubsan-devel-13.3.1-2.2.0.1.el8_10.x86_64.rpm gcc-toolset-13-offload-nvptx-13.3.1-2.2.0.1.el8_10.x86_64.rpm libasan8-13.3.1-2.2.0.1.el8_10.i686.rpm libasan8-13.3.1-2.2.0.1.el8_10.x86_64.rpm libtsan2-13.3.1-2.2.0.1.el8_10.x86_64.rpm aarch64: gcc-toolset-13-gcc-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-c++-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-gfortran-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-plugin-annobin-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-gcc-plugin-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libasan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libatomic-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libgccjit-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libgccjit-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libitm-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-liblsan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libstdc++-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libstdc++-docs-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libtsan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm gcc-toolset-13-libubsan-devel-13.3.1-2.2.0.1.el8_10.aarch64.rpm libasan8-13.3.1-2.2.0.1.el8_10.aarch64.rpm libtsan2-13.3.1-2.2.0.1.el8_10.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates//gcc-toolset-13-gcc-13.3.1-2.2.0.1.el8_10.src.rpm Related CVEs: CVE-2020-11023 Description of changes: [13.3.1-2.2.0.1] - Merge Oracle patches to 13.3.1-2.2. gfortran needs install-info at installation time. Orabug: 36472775 [13.3.1-2.2] - disable jQuery use, don't ship jquery.js (CVE-2020-11023, RHEL-78279) _______________________________________________ El-errata mailing list
Feb 14, 2025
Oracle
89
security advisorysoftware updateFedoraFedora 40 Update: Moderate Libipuz Crosswords Parser Security Patch
crosswords 0.3.13. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-e4717532c4 2024-05-25 01:04:07.908862 -------------------------------------------------------------------------------- Name : libipuz Product : Fedora 40 Version : 0.4.6.2 Release : 1.fc40 URL : Summary : Library for parsing .ipuz puzzle files Description : This is a library for parsing .ipuz puzzle files, for crossword puzzles, sudokus, etc. The library only handles crosswords for now. -------------------------------------------------------------------------------- Update Information: crosswords 0.3.13 -------------------------------------------------------------------------------- ChangeLog: * Mon May 20 2024 Davide Cavalca - 0.4.6.2-1 - Update to 0.4.6.2; Fixes: RHBZ#2281417 * Wed Mar 20 2024 Davide Cavalca - 0.4.5-4 - Add rust support in preparation for 0.4.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2281417 - libipuz-0.4.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=2281417 [ 2 ] Bug #2281577 - crosswords-0.3.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=2281577 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-e4717532c4' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list
May 25, 2024
Fedora
98
security advisoryRed Hatsecurity impactRed Hat: RHSA-2023-4576-01 Moderate: VolSync 0.6.3 Enhancements Summary
VolSync v0.6.3 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: VolSync 0.6.3 security fixes and enhancements Advisory ID: RHSA-2023:4576-01 Product: Red Hat ACM Advisory URL: https://access.redhat.com/errata/RHSA-2023:4576 Issue date: 2023-08-08 CVE Names: CVE-2020-24736 CVE-2022-35252 CVE-2022-36227 CVE-2022-43552 CVE-2023-0361 CVE-2023-1667 CVE-2023-2283 CVE-2023-3089 CVE-2023-24329 CVE-2023-26604 CVE-2023-27535 CVE-2023-38408 ===================================================================== 1. Summary: VolSync v0.6.3 security fixes and enhancements Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. 2. Description: VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data. For more information about VolSync, see: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync or the VolSync open source community website at: https://volsync.readthedocs.io/en/stable/. This advisory contains enhancements and updates to the VolSync container images. Security fix(es): * CVE-2023-3089 openshift: OCP & FIPS mode 3. Solution: For details on how to installVolSync, refer to: https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.7/html/add-ons/add-ons-overview#volsync-rep 4. Bugs fixed (https://bugzilla.redhat.com/): 2212085 - CVE-2023-3089 openshift: OCP & FIPS mode 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-35252 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-43552 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-3089 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-38408 https://access.redhat.com/security/updates/classification#moderate https://access.redhat.com/security/vulnerabilities/RHSB-2023-001 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk0qNmAAoJENzjgjWX9erE0XEQAIGkOtzF36HLk9zsNN5ViO05 pDEBBDxN3Q/V9eRKMxy+lNlUgk3jjc4SqxZlnJtCU13Vr+CUbZcikWLmwSTXh7gb ATEyBur+2i2GCPi/CQzZIe37rGO0xl6swaMFhTa8U0/q1rzQRSr73xfuxyEhL96j V1kMxK7WLvezcnkbo9eyw4V7vZVOqGXJEARTUGn5MyivnwoMDLiGLKJV/quXdPve zQFWuccegjdgNjzwGYxTe0aJnAXHOf19c4OD8KZ+GE+2QBlV1D68/D9+mljWSheO gP/IsqnuWGcZkngIU/nYhoBitGWgY13PRKNDiAGfF5ro1cgHeT/fGZ7tyWmYC/lq JM0jBTLh+LA1L+nFuBKArzfVaSviGXcz2+LR0aBIZfRvB4mqDP+mUnW3r1HF9Aa3 3kHcgpdsHA5NT4FwCDKmiAw7C9QRdow2qiyOuInhMt+iGfC02j1ohAXgt4sW68gb P6QSR4/olTtJXmOuZwuRWXwDHxBxUrS4XEVwFqZ+TOM+a9Q9y3Wb8+09Kl9lv0RT z4oFmL3W5+9pC8AAqbYkyy66dWNjWYu4GHAGOpRA9K6B5maF4F8cijIuf4sTlmx2 vhlJD8vGuyViI/Rwt9klaXTX2on4LBg/jBqWiwHdCwNpdPjBUWRNRNAsF4S+0BZN Kyoemtm32fm6VGubKbdW =8t4D -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
Aug 08, 2023
Red Hat
219
security advisorymoderatebug fixesRocky Linux 8 RLSA-2021:2587 Moderate: Ruby Security Fixes
Moderate: ruby:2.5 security, bug fix, and enhancement update. \{'type': 'Security', 'shortCode': 'RL', 'name': 'RLSA-2021:2587', 'synopsis': 'Moderate: ruby:2.5 security, bug fix, and enhancement update', 'severity': 'Moderate', 'topic': 'An update for the ruby:2.5 module is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.', 'description': 'Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\nThe following packages have been upgraded to a later upstream version: ruby (2.5.9). (BZ#1952626)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.', 'solution': None, 'affectedProducts': ['Rocky Linux 8'], 'fixes': ['1773728', '1789407', '1789556', '1793683', '1827500', '1833291', '1883623', '1947526', '1952626', '1955010'], 'cves': ['Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-15845.json:::CVE-2019-15845', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16201.json:::CVE-2019-16201', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16254.json:::CVE-2019-16254', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16255.json:::CVE-2019-16255', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10663.json:::CVE-2020-10663', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10933.json:::CVE-2020-10933', 'Red Hat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25613.json:::CVE-2020-25613', 'RedHat:::https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28965.json:::CVE-2021-28965'], 'references': [], 'publishedAt': '2021-07-22T03:35:33.273893Z', 'rpms': ['pcs-0.10.8-1.el8.aarch64.rpm', 'pcs-0.10.8-1.el8.src.rpm', 'pcs-0.10.8-1.el8.x86_64.rpm', 'pcs-snmp-0.10.8-1.el8.aarch64.rpm', 'pcs-snmp-0.10.8-1.el8.x86_64.rpm', 'rubygem-abrt-0.3.0-4.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-abrt-0.3.0-4.module+el8.4.0+592+03ff458a.src.rpm', 'rubygem-abrt-0.4.0-1.module+el8.4.0+594+11b6673a.noarch.rpm', 'rubygem-abrt-0.4.0-1.module+el8.4.0+594+11b6673a.src.rpm', 'rubygem-abrt-doc-0.3.0-4.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-abrt-doc-0.4.0-1.module+el8.4.0+594+11b6673a.noarch.rpm', 'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a.src.rpm', 'rubygem-bson-4.3.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c.src.rpm', 'rubygem-bson-4.5.0-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a.src.rpm', 'rubygem-bson-4.8.1-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-bson-debuginfo-4.3.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-bson-debuginfo-4.5.0-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-bson-debuginfo-4.8.1-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-bson-debuginfo-4.8.1-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-bson-debugsource-4.3.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-bson-debugsource-4.5.0-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm','rubygem-bson-debugsource-4.8.1-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-bson-debugsource-4.8.1-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-bson-doc-4.3.0-2.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-bson-doc-4.5.0-1.module+el8.4.0+593+8d7f9f0c.noarch.rpm', 'rubygem-bson-doc-4.8.1-1.module+el8.4.0+594+11b6673a.noarch.rpm', 'rubygem-bundler-1.16.1-3.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-bundler-1.16.1-3.module+el8.4.0+592+03ff458a.src.rpm', 'rubygem-bundler-doc-1.16.1-3.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-mongo-2.11.3-1.module+el8.4.0+594+11b6673a.noarch.rpm', 'rubygem-mongo-2.11.3-1.module+el8.4.0+594+11b6673a.src.rpm', 'rubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-mongo-2.5.1-2.module+el8.4.0+592+03ff458a.src.rpm', 'rubygem-mongo-2.8.0-1.module+el8.4.0+593+8d7f9f0c.noarch.rpm', 'rubygem-mongo-2.8.0-1.module+el8.4.0+593+8d7f9f0c.src.rpm', 'rubygem-mongo-doc-2.11.3-1.module+el8.4.0+594+11b6673a.noarch.rpm', 'rubygem-mongo-doc-2.5.1-2.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-mongo-doc-2.8.0-1.module+el8.4.0+593+8d7f9f0c.noarch.rpm', 'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a.src.rpm', 'rubygem-mysql2-0.4.10-4.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c.src.rpm', 'rubygem-mysql2-0.5.2-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a.src.rpm', 'rubygem-mysql2-0.5.3-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-mysql2-debuginfo-0.4.10-4.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-mysql2-debuginfo-0.5.2-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm','rubygem-mysql2-debuginfo-0.5.3-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-mysql2-debuginfo-0.5.3-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-mysql2-debugsource-0.4.10-4.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-mysql2-debugsource-0.5.2-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-mysql2-debugsource-0.5.3-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-mysql2-debugsource-0.5.3-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-mysql2-doc-0.4.10-4.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-mysql2-doc-0.5.2-1.module+el8.4.0+593+8d7f9f0c.noarch.rpm', 'rubygem-mysql2-doc-0.5.3-1.module+el8.4.0+594+11b6673a.noarch.rpm', 'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a.src.rpm', 'rubygem-pg-1.0.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c.src.rpm', 'rubygem-pg-1.1.4-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a.src.rpm', 'rubygem-pg-1.2.3-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-pg-debuginfo-1.0.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm', 'rubygem-pg-debuginfo-1.1.4-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-pg-debuginfo-1.2.3-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-pg-debuginfo-1.2.3-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a.aarch64.rpm', 'rubygem-pg-debugsource-1.0.0-2.module+el8.4.0+592+03ff458a.x86_64.rpm', 'rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c.aarch64.rpm','rubygem-pg-debugsource-1.1.4-1.module+el8.4.0+593+8d7f9f0c.x86_64.rpm', 'rubygem-pg-debugsource-1.2.3-1.module+el8.4.0+594+11b6673a.aarch64.rpm', 'rubygem-pg-debugsource-1.2.3-1.module+el8.4.0+594+11b6673a.x86_64.rpm', 'rubygem-pg-doc-1.0.0-2.module+el8.4.0+592+03ff458a.noarch.rpm', 'rubygem-pg-doc-1.1.4-1.module+el8.4.0+593+8d7f9f0c.noarch.rpm', 'rubygem-pg-doc-1.2.3-1.module+el8.4.0+594+11b6673a.noarch.rpm']}\. A new patch is released for Rocky Linux 8 addressing ruby:2.5 improvements and moderate-rated security vulnerabilities.. Ruby security patches, Rocky Linux update, software enhancements, moderate fixes. . LinuxSecurity.com Team
Sep 02, 2022
Rocky Linux
98
security advisorybug fixsecurity enhancementsRed Hat 4.10 Important: RHSA-2022:1372-01 Critical Security Issues
Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat OpenShift Data Foundation 4.10.0 enhancement, security & bug fix update Advisory ID: RHSA-2022:1372-01 Product: RHODF Advisory URL: https://access.redhat.com/errata/RHSA-2022:1372 Issue date: 2022-04-13 CVE Names: CVE-2021-29923 CVE-2021-34558 CVE-2021-36221 CVE-2021-43565 CVE-2021-44716 CVE-2021-44717 ==================================================================== 1. Summary: Updated images that include numerous enhancements, security, and bug fixes are now available for Red Hat OpenShift Data Foundation 4.10.0 on Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. In addition to persistent storage, Red Hat OpenShift Data Foundation provisions a multicloud data management service with an S3 compatible API. Security Fix(es): * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717) * golang: net/http: limit growth ofheader canonicalization cache (CVE-2021-44716) * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) * golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) Bug Fix(es): These updated packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat OpenShift Data Foundation Release Notes for information on the most significant of these changes: https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.10/html/4.10_release_notes/index All Red Hat OpenShift Data Foundation users are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements. or more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 1898988 - [RFE] OCS CephFS External Mode Multi-tenancy. Add cephfs subvolumegroup and path= caps per cluster. 1954708 - [GSS][RFE] Restrict Noobaa from creating public endpoints for Azure Private Cluster 1956418 - [GSS][RFE] Automatic space reclaimation for RBD 1970123 - [GSS] [Azure] NooBaa insecure StorageAccount does not allow for TLS 1.2 1972190 - Attempt to remove pv-pool based noobaa-default-backing-store fails and makes this pool stuck in Rejected state 1974344 - critical ClusterObjectStoreState alert firing after installation of arbiter storage cluster, likely because ceph object user for cephobjectstore fails to be created, when storagecluster is reinstalled 1981341 - Changing a namespacestore's targetBucket field doesn't check whether thetarget bucket actually exists 1981694 - Restrict Noobaa from creating public endpoints for IBM ROKS Private cluster 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1991462 - helper pod runs with root privileges during Must-gather collection(affects ODF Managed Services) 1992006 - CVE-2021-29923 golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 1996830 - OCS external mode should allow specifying names for all Ceph auth principals 1996833 - ceph-external-cluster-details-exporter.py should have a read-only mode 1999689 - Integrate upgrade testing from ocs-ci to the acceptance job for final builds before important milestones 1999952 - Automate the creation of cephobjectstoreuser for obc metrics collector 2003532 - [Tracker for RHEL BZ #2008825] Node upgrade failed due to "expected target osImageURL" MCD error 2005801 - [KMS] Tenant config does not override backendpath if the key is specified in UPPER_CASE 2005919 - [DR] [Tracker for BZ #2008587] when Relocate action is performed and the Application is deleted completely rbd image is not getting deleted on secondary site 2021313 - [GSS] Cannot delete pool 2022424 - System capacity card shows infinity % as used capacity. 2022693 - [RFE] ODF health should reflect the health of Ceph + NooBaa 2024107 - Retrieval of cached objects with `s3 sync` after change in object size in underlying storage results in an InvalidRange error 2024545 - Overprovision Level Policy Control doesn't support custom storageclass 2026007 - Use ceph 'osd safe-to-destroy' feature in OSD purge job 2027666 - [DR] CephBlockPool resources reports wrong mirroringStatus 2027826 - OSD Removal template needs to expose option to force remove the OSD 2028559 - OBC stuck on pending post node failure recovery 2029413 - [DR] Dummy image size is same as the size of image forwhich it was created 2030602 - MCG not reporting standardized metric correctly for usage 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2030839 - Concecutive dashes in OBC name 2031023 - "dbStorageClassName" goes missing in storage cluster yaml for mcg standalone mode 2031705 - [GSS] OBC is not visible by admin of a Project on Console 2032404 - After a node restart, the RGW pod is stuck in a CrashLoopBackOff state 2032412 - [DR] After Failback and PVC deletion the rbd images are left in trash 2032656 - Rook not recovering when deleting osd deployment with kms encryption 2032969 - No RBD mirroring daemon down alert when daemon is down 2032984 - After creating a new SC it redirects to 404 error page instead of the "StorageSystems" page 2033251 - Fix ODF 4.9 compatibility with OCP 4.10 2034003 - NooBaa endpoint pod Terminated before new one comes in Running state after editing the configmap 2034805 - upgrade not started for ODF 4.10 2034904 - OCS operator version differ in CLI commands. 2035774 - Must Gather, Ceph files do not exist on MG directory 2035995 - [GSS] odf-operator-controller-manager is in CLBO with OOM kill while upgrading OCS-4.8 to ODF-4.9 2036018 - ROOK_CSI_* overrides missing from the CSV in 4.10 2036211 - [GSS] noobaa-endpoint becomes CrashLoopBackOff when uploading metrics data to bucket 2037279 - [Azure] OSDs go into CLBO state while mounting an RBD PVC 2037318 - Helper Pod doesn't come up for MCG only must-gather 2037497 - Concecutive dashes in OBC name 2038884 - noobaa-operator is stuck in a CrashLoopBackOff (r.OBC is nil, invalid memory address or nil pointer dereference) 2039240 - [KMS] Deployment of ODF cluster fails when cluster wide encryption is enabled using service account for KMS auth 2040682 - [GSS] Complete multipart upload operation fails with error ' Cannotread property 'sort' of undefined' 2041507 - Missing add modal for action "add capacity" in UI . 2042866 - must gather does not collect the yaml or describe output of the subscription 2043017 - "CSI Addons" operator is not hidden in OperatorHub and Installed Operators page 2043028 - the CSI-Addons sidecar is not automatically deployed, requires enabling in Rook ConfigMap 2043406 - ReclaimSpaceJob status showing "reclaimedSpace" value as "0" 2043513 - [Tracker for Ceph BZ 2044836] mon is in CLBO after upgrading to 4.10-113 2044447 - ODF 4.9 deployment fails when deployed using the ODF managed service deployer (ocs-osd-deployer) 2044823 - Update CSI sidecars to the latest release for 4.10 2045084 - [SNO] controller-manager state is CreateContainerError 2046186 - A TODO text block in the API browser 2046254 - Topolvm-controller is failing to pull image 2046677 - Reclaimspacecronjob is not created after adding the annotation reclaimspace.csiaddons.openshift.io/schedule in PVC 2046766 - [IBM Z]: csi-rbdplugin pods failed to come up due to ImagePullBackOff from the "csiaddons" registry 2046887 - use KMS_PROVIDER name for IBM key protect service as "ibmkeyprotect" 2047162 - ReclaimSpaceJob failing, fstrim is executed on a non-existing mountpoint/directory 2047201 - Add HPCS secret name to Ceph and NooBaa CR 2047562 - CSI Sidecar containers do not start 2047565 - PVC snapshot creation is not successful 2047625 - Dockerfile changes for topolvm 2047632 - mcg-operator failed to install on 4.10.0-126 2047642 - Replace alpine/openssl image in the downstream build 2048107 - vgmanager cannot list block devices on the node 2048370 - CSI-Addons controller makes node reclaimspace request even when the PVC is not mounted to any pod. 2048458 - python exporter script 'ceph-external-cluster-details-exporter.py' error cap mon does not match on ODF 4.10 2049029 - MCG admission control webhooks don't work 2049075 - openshift-storage namespace is stuck in terminating state during uninstall due to remainingcsi-addons resources 2049081 - ReclaimSpaceJob is failing for RBD RWX PVC 2049424 - ODF Provider/Consumer mode - backport for missing content 2049509 - ocs operator stuck on CrashLoopBackOff while installing with KMS 2049718 - provider/consumer Mode: rook-ceph-csi-config configmap needs to be updated with the relevant subvolumegroup information 2049727 - [DR] Mirror Peer stuck in ExchangingSecret State 2049771 - We can see 2 ODF Multicluster Orchestrator operators in operator hub page 2049790 - Add error handling for GetCurrentStorageClusterRef 2050056 - [GSS][KMS] Tenant configmap does not override vault namespace 2050142 - [DR] MCO operator is setting s3region as empty inside s3storeprofiles 2050402 - Ramen doesn't generate correct VRG spec in sync mode 2050483 - [DR]post creating MirrorPeer, the ramen config map had invalid values 2051249 - [GSS]noobaa-db-pg-0 Pod stuck CrashLoopBackOff state 2051406 - Need commit hash in package json and logs 2051599 - Use AAD while unwrapping the KEY from HPCS/Key Protect KMS 2051913 - [KMS] Skip SC creation for vault SA based kms encryption 2052027 - cephfs: rados omap leak after deletesnapshot 2052438 - [KMS] Storagecluster is in progressing state due to failed RGW deployment when using cluster wide encryption with kubernetes auth method 2052937 - [KMS] Auto-detection of KV version fails when using Vault namespaces 2052996 - ODF deployment fails using RHCS in external mode due to cephobjectstoreuser 2053156 - Avoid worldwide permission mode setting at time of nodestage of CephFS share 2053517 - [DR] Applications are not getting DR protected 2054147 - Provider/Consumer: Provider API server crashloopbackoff 2054755 - Update storagecluster API in the odf-operator 2061251 - [GSS]Object Upload failed with Unhandled exception when not using parameter "UseChunkEncoding = false" in s3 client in ODF 4.9 5.References: https://access.redhat.com/security/cve/CVE-2021-29923 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-43565 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYlf0YdzjgjWX9erEAQiBfQ/9GAtNJ4oagyNDaHfbMaeGA/GCeiBiweH9 E3FYVd8Vedz6uxuL02Vm0yY6jlr7QWJADRExIEcRLZ63ctR4hdwzCs2EIWICEuSv 2Wl4MtVXTOe8b95UTNL8frkvTNoijGqAIN7NMpMenPeSJBM38Lwt/gAoYt4//CpK afZmyfFTkGkoEGZ3hKvZpX2rQ/5zr1kAMErPZW71wctVcNAnv85DnThQQ+qy2UzI xyBwU3gGUtTLzy7TRgauMbu8/y6JvRCsuoaeBUU4bLJIOL5ES851OpDP+nzGvx+H M2yXB6ATHJ4YdqBM4wBCzXxApQD+FKFSCZoZMKpr1d1dZXPO0L0CUNFrNFHubLkk xBLqFpHAEB89R+jZcrum1dBGEVB+Q2vqCRe6Udbjlyy20dS06jhBU8Zf2lt2Vo4u Nfwpyb7rByXYXf0Bc+TYhXW6oIJSufvGWQp5pBkmlgi5YeV4VnHCEf4GuLbaPwFL /009HbW6E1D+DTAbqUodpywOUEXeGZnNkSZH6xHazvNw4bXlCv+FlaMiKlrWIWMm CZc98Enap/x84e0Py1gXNaReZedBBqi79US/zjKF9zr5r+yeat7zPAUduV69JMOh vs5mXlCNc2JObCxEfYAGsI0LVOQQdaceIkUpUC9Ejq1Ei3ehhan6UxkFk5TJHOrF TdB2/S/YEtk=2Ut5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 14, 2022
•Important
Red Hat
202
security advisorykernel securityimportantopenSUSE Leap 15.3: 2021:3641-1 Important: Kernel Security Fix
An update that solves 13 vulnerabilities and has 43 fixes is now available. . openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3641-1 Rating: important References: #1065729 #1085030 #1152472 #1152489 #1156395 #1172073 #1173604 #1176447 #1176774 #1176914 #1178134 #1180100 #1181147 #1184673 #1185762 #1186063 #1186109 #1187167 #1188563 #1189841 #1190006 #1190067 #1190349 #1190351 #1190479 #1190620 #1190642 #1190795 #1190801 #1190941 #1191229 #1191240 #1191241 #1191315 #1191317 #1191349 #1191384 #1191449 #1191450 #1191451 #1191452 #1191455 #1191456 #1191628 #1191645 #1191663 #1191731 #1191800 #1191867 #1191934 #1191958 #1192040 #1192041 #1192074 #1192107 #1192145 Cross-References: CVE-2021-33033 CVE-2021-34866 CVE-2021-3542 CVE-2021-3655 CVE-2021-3715 CVE-2021-3760 CVE-2021-3772 CVE-2021-3896 CVE-2021-41864 CVE-2021-42008 CVE-2021-42252 CVE-2021-42739 CVE-2021-43056 CVSS scores: CVE-2021-33033 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33033 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-34866 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3542 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-3655 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-3715 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3760 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3772 (SUSE): 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3896 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-41864 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42008 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42252 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-42739 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43056 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-43056 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 13 vulnerabilities and has 43 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351). - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets, which may have allowed the kernel to read uninitialized memory (bsc#1188563). - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on Power8 (bnc#1192107). - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (bsc#1191958). - CVE-2021-3760: Fixed a use-after-free vulnerability with the ndev-> rf_conn_info object (bsc#1190067). - CVE-2021-42739: The firewire subsystem had a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled bounds checking (bsc#1184673). - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver (bsc#1186063). - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled (bsc#1186109). - CVE-2021-3715: Fixed a use-after-free in route4_change() in net/sched/cls_route.c (bsc#1190349). - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation Vulnerability (bsc#1191645). - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could have allowed local attackers to access the Aspeed LPC control interface to overwrite memory in the kernel and potentially execute privileges (bnc#1190479). - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write (bnc#1191317). - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data function in drivers/net/hamradio/6pack.c. Input from a process that had the CAP_NET_ADMIN capability could have lead to root access (bsc#1191315). The following non-security bugs were fixed: - ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect (git-fixes). - ACPI: bgrt: Fix CFI violation (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ACPI: fix NULL pointer dereference (git-fixes). - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254 (git-fixes). - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes). - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes). - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes). - ALSA: hda/realtek: Complete partial device name to avoid ambiguity (git-fixes). - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560 laptop (git-fixes). - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo 13s Gen2(git-fixes). - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW (git-fixes). - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes). - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes). - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors (bsc#1190801). - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl (git-fixes). - ALSA: seq: Fix a potential UAF by wrong private_free call order (git-fixes). - ALSA: usb-audio: Add quirk for VF0770 (git-fixes). - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes). - ASoC: DAPM: Fix missing kctl change notifications (git-fixes). - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER (git-fixes). - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes). - ASoC: Intel: bytcr_rt5640: Move "Platform Clock" routes to the maps for the matching in-/output (git-fixes). - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes). - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types (git-fixes). - ASoC: SOF: loader: release_firmware() on load failure to avoid batching (git-fixes). - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes). - ASoC: dapm: use component prefix when checking widget names (git-fixes). - ASoC: fsl_spdif: register platform component before registering cpu dai (git-fixes). - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes). - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731). - Configure mpi3mr as currently unsupported (jsc#SLE-18120) - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS (git-fixes). - HID: betop: fix slab-out-of-bounds Write in betop_probe(git-fixes). - HID: u2fzero: ignore incomplete packets without data (git-fixes). - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes). - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs (git-fixes). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - IPv6: reply ICMP error if the first fragment do not include all headers (bsc#1191241). - Input: snvs_pwrkey - add clk handling (git-fixes). - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes). - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest SPRs are live (bsc#1156395). - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state (bsc#1156395). - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936 git-fixes). - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729). - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing registers (bsc#1156395). - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395). - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395). - NFC: digital: fix possible memory leak in digital_in_send_sdd_req() (git-fixes). - NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() (git-fixes). - NFS: Do uncached readdir when we're seeking a cookie in an empty page cache (bsc#1191628). - PCI: Fix pci_host_bridge struct device release/free handling (git-fixes). - PM / devfreq: rk3399_dmc: Add missing of_node_put() (git-fixes). - PM / devfreq: rk3399_dmc: Disable devfreq-event device when fails (git-fixes). - PM / devfreq: rk3399_dmc: Fix kernel oops when rockchip,pmu is absent (git-fixes). - PM / devfreq: rk3399_dmc: Fix spelling typo (git-fixes). - PM / devfreq: rk3399_dmc: Remove unneededsemicolon (git-fixes). - RDMA/cma: Do not change route.addr.src_addr.ss_family (bsc#1181147). - RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure (bsc#1181147). - USB: cdc-acm: clean up probe error labels (git-fixes). - USB: cdc-acm: fix minor-number release (git-fixes). - USB: serial: option: add Quectel EC200S-CN module support (git-fixes). - USB: serial: option: add Telit LE910Cx composition 0x1204 (git-fixes). - USB: serial: option: add prod. id for Quectel EG91 (git-fixes). - USB: serial: qcserial: add EM9191 QDL support (git-fixes). - USB: xhci: dbc: fix tty registration race (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - acpi/arm64: fix next_platform_timer() section mismatch error (git-fixes). - ata: ahci_platform: fix null-ptr-deref in ahci_platform_enable_regulators() (git-fixes). - ata: sata_dwc_460ex: No need to call phy_exit() befre phy_init() (git-fixes). - audit: fix possible null-pointer dereference in audit_filter_rules (git-fixes). - bfq: Remove merged request already in bfq_requests_merged() (bsc#1191456). - blk: Fix lock inversion between ioc lock and bfqd lock (bsc#1191456). - blktrace: Fix uaf in blk_trace access after removing by sysfs (bsc#1191452). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (jsc#SLE-16649). - bpf: Add bpf_patch_call_args prototype to include/linux/bpf.h (git-fixes). - bpf: Fix OOB read when printing XDP link fdinfo (git-fixes). - bpf: Fix a typo of reuseport map in bpf.h (git-fixes). - bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (git-fixes). - can: dev: can_restart: fix use after free bug (git-fixes). - can: peak_pci: peak_pci_remove(): fix UAF (git-fixes). - can: peak_usb: fix use after free bugs (git-fixes). - can: peak_usb: pcan_usb_fd_decode_status(): fix back to ERROR_ACTIVE statenotification (git-fixes). - can: rcar_can: fix suspend/resume (git-fixes). - can: ti_hecc: ti_hecc_probe(): add missed clk_disable_unprepare() in error path (git-fixes). - can: xilinx_can: handle failure cases of pm_runtime_get_sync (git-fixes). - cb710: avoid NULL pointer subtraction (git-fixes). - ceph: fix handling of "meta" errors (bsc#1192041). - ceph: skip existing superblocks that are blocklisted or shut down when mounting (bsc#1192040). - cfg80211: correct bridge/4addr mode check (git-fixes). - cfg80211: fix management registrations locking (git-fixes). - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() (git-fixes). - cpuidle: pseries: Mark pseries_idle_proble() as __init (jsc#SLE-13614 bsc#1176914 ltc#186394 git-fixes). - drm/amd/display: Pass PCI deviceid into DC (git-fixes). - drm/amdgpu: correct initial cp_hqd_quantum for gfx9 (git-fixes). - drm/amdgpu: fix gart.bo pin_count leak (git-fixes). - drm/edid: In connector_bad_edid() cap num_of_ext by num_blocks read (git-fixes). - drm/i915: Fix syncmap memory leak (bsc#1152489) Backporting notes: * context changes in intel_timeline_fini() - drm/msm/dsi: Fix an error code in msm_dsi_modeset_init() (git-fixes). - drm/msm/dsi: fix off by one in dsi_bus_clk_enable error handling (git-fixes). - drm/msm: Avoid potential overflow in timeout_to_jiffies() (git-fixes). - drm/msm: Fix null pointer dereference on pointer edp (git-fixes). - drm/nouveau/debugfs: fix file release memory leak (git-fixes). - drm/nouveau/kms/nv50-: fix file release memory leak (git-fixes). - drm/nouveau/kms/tu102-: delay enabling cursor until after assign_windows (git-fixes). - drm/nouveau: avoid a use-after-free when BO init fails (bsc#1152472) - drm/panel: olimex-lcd-olinuxino: select CRC32 (git-fixes). - drm/panfrost: Make sure MMU context lifetime is not bound to (bsc#1152472) - drm/sun4i: dw-hdmi: Fix HDMI PHY clock setup (git-fixes). - e1000e: Drop patch toavoid regressions until real fix is available (bsc#1191663). - e1000e: Fix packet loss on Tiger Lake and later (git-fixes). - e100: fix buffer overrun in e100_get_regs (git-fixes). - e100: fix length calculation in e100_get_regs_len (git-fixes). - e100: handle eeprom as little endian (git-fixes). - ext4: fix reserved space counter leakage (bsc#1191450). - ext4: report correct st_size for encrypted symlinks (bsc#1191449). - fs, mm: fix race in unlinking swapfile (bsc#1191455). - fscrypt: add fscrypt_symlink_getattr() for computing st_size (bsc#1191449). - gpio: pca953x: Improve bias setting (git-fixes). - hso: fix bailout in error case of probe (git-fixes). - i2c: acpi: fix resource leak in reconfiguration device addition (git-fixes). - ice: fix getting UDP tunnel entry (jsc#SLE-12878). - iio: adc128s052: Fix the error handling path of 'adc128_probe()' (git-fixes). - iio: adc: aspeed: set driver data when adc probe (git-fixes). - iio: dac: ti-dac5571: fix an error code in probe() (git-fixes). - iio: light: opt3001: Fixed timeout error when 0 lux (git-fixes). - iio: mtk-auxadc: fix case IIO_CHAN_INFO_PROCESSED (git-fixes). - iio: ssp_sensors: add more range checking in ssp_parse_dataframe() (git-fixes). - iio: ssp_sensors: fix error code in ssp_print_mcu_debug() (git-fixes). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - ipv6/netfilter: Discard first fragment not including all headers (bsc#1191241). - isdn: cpai: check ctr-> cnr to avoid array index out of bound (git-fixes). - isdn: mISDN: Fix sleeping function called from invalid context (git-fixes). - iwlwifi: pcie: add configuration of a Wi-Fi adapter on Dell XPS 15 (git-fixes). - ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup (git-fixes). - kABI workaround for HD-audio probe retry changes (bsc#1190801). - kABI workaround for cfg80211 mgmt_registration_lock changes (git-fixes). - kabi: block:Fix kabi of blk_mq_sched_try_insert_merge() (bsc#1191456). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167 bsc#1191240 ltc#194716). - kernel-binary.spec: Do not sign kernel when no key provided (bsc#1187167). - kernel-binary.spec: suse-kernel-rpm-scriptlets required for uninstall as well. Fixes: e98096d5cf85 ("rpm: Abolish scritplet templating (bsc#1189841).") - kernel-spec-macros: Since rpm 4.17 %verbose is unusable (bsc#1191229). - lan78xx: select CRC32 (git-fixes). - libata: Add ATA_HORKAGE_NO_NCQ_ON_ATI for Samsung 860 and 870 SSD (git-fixes). - mac80211: Drop frames from invalid MAC address in ad-hoc mode (git-fixes). - mac80211: check return value of rhashtable_init (git-fixes). - mei: me: add Ice Lake-N device id (git-fixes). - mmc: dw_mmc: exynos: fix the finding clock sample value (git-fixes). - mmc: meson-gx: do not use memcpy_to/fromio for dram-access-quirk (git-fixes). - mmc: vub300: fix control-message timeouts (git-fixes). - net/mlx5: E-Switch, Fix double allocation of acl flow counter (jsc#SLE-15172). - net/mlx5e: IPSEC RX, enable checksum complete (jsc#SLE-15172). - net/mlx5e: RX, Avoid possible data corruption when relaxed ordering and LRO combined (jsc#SLE-15172). - net/sched: ets: fix crash when flipping from 'strict' to 'quantum' (bsc#1176774). - net: batman-adv: fix error handling (git-fixes). - net: can: ems_usb: fix use-after-free in ems_usb_disconnect() (git-fixes). - net: cdc_eem: fix tx fixup skb leak (git-fixes). - net: cdc_ncm: correct overhead in delayed_ndp_size (git-fixes). - net: hns3: check queue id range before using (jsc#SLE-14777). - net: hso: add failure handler for add_net_device (git-fixes). - net: hso: fix NULL-deref on disconnect regression (git-fixes). - net: hso: fix null-ptr-deref during tty device unregistration (git-fixes). - net: ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net:ipv6: Discard next-hop MTU less than minimum link MTU (bsc#1191241). - net: lan78xx: fix division by zero in send path (git-fixes). - net: mana: Fix error handling in mana_create_rxq() (git-fixes, bsc#1191800). - net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() (git-fixes). - netfilter: Drop fragmented ndisc packets assembled in netfilter (git-fixes). - netfilter: conntrack: collect all entries in one cycle (bsc#1173604). - netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value (bsc#1176447). - nfc: fix error handling of nfc_proto_register() (git-fixes). - nfc: port100: fix using -ERRNO as command type mask (git-fixes). - nvme-fc: avoid race between time out and tear down (bsc#1185762). - nvme-fc: remove freeze/unfreeze around update_nr_hw_queues (bsc#1185762). - nvme-fc: update hardware queues before using them (bsc#1185762). - nvme-pci: Fix abort command id (git-fixes). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: fix error unwind in nvme_map_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme-pci: refactor nvme_unmap_data (bsc#1191934). - nvme: add command id quirk for apple controllers (git-fixes). - ocfs2: fix data corruption after conversion from inline format (bsc#1190795). - pata_legacy: fix a couple uninitialized variable bugs (git-fixes). - phy: mdio: fix memory leak (git-fixes). - platform/mellanox: mlxreg-io: Fix argument base in kstrtou32() call (git-fixes). - platform/mellanox: mlxreg-io: Fix read access of n-bytes size attributes (git-fixes). - platform/x86: dell-smbios-wmi: Add missing kfree in error-exit from run_smbios_call (git-fixes). - platform/x86: intel_scu_ipc: Fix busy loop expiry time (git-fixes). - powerpc/64s: Fix entry flush patching w/strict RWX & hash (jsc#SLE-13847 git-fixes). - powerpc/64s: Fix stf mitigation patching w/strict RWX & hash (jsc#SLE-13847git-fixes). - powerpc/64s: Remove irq mask workaround in accumulate_stolen_time() (jsc#SLE-9246 git-fixes). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_MOD when imm == 1 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Fix BPF_SUB when imm == 0x80000000 (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/bpf: Use bctrl for making function calls (bsc#1065729). - powerpc/lib/code-patching: Do not use struct 'ppc_inst' for runnable code in tests (jsc#SLE-13847 git-fixes). - powerpc/lib/code-patching: Make instr_is_branch_to_addr() static (jsc#SLE-13847 git-fixes). - powerpc/lib: Fix emulate_step() std test (bsc#1065729). - powerpc/numa: Update cpu_cpu_map on CPU online/offline (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/pseries: Fix build error when NUMA=n (bsc#1190620 ltc#194498 git-fixes). - powerpc/smp: Cache CPU to chip lookup (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Enable CACHE domain for shared processor (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fix a crash while booting kvm guest with nr_cpus=2 (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Fold cpu_die() into its only caller (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Set numa node before updating mask (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/smp: Update cpu_core_map on all PowerPc systems (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - powerpc/uprobes: Validation for prefixed instruction (jsc#SLE-13847 git-fixes). - powerpc/xive: Discard disabled interrupts in get_irqchip_state() (bsc#1085030 git-fixes). - powerpc: Do not dereference code as 'struct ppc_inst' (uprobe, code-patching, feature-fixups) (jsc#SLE-13847 git-fixes). - powerpc: Do not use 'struct ppc_inst' to referenceinstruction location (jsc#SLE-13847 git-fixes). - powerpc: Move arch_cpu_idle_dead() into smp.c (jsc#SLE-13615 bsc#1180100 ltc#190257 git-fixes). - pseries/eeh: Fix the kdump kernel crash during eeh_pseries_init (git-fixes). - ptp_pch: Load module automatically if ID matches (git-fixes). - ptp_pch: Restore dependency on PCI (git-fixes). - regmap: Fix possible double-free in regcache_rbtree_exit() (git-fixes). - rpm: fix kmp install path - rpm: use _rpmmacrodir (boo#1191384) - scsi: ibmvfc: Fix up duplicate response detection (bsc#1191867 ltc#194757). - scsi: iscsi: Fix deadlock on recovery path during GFP_IO reclaim (git-fixes). - scsi: lpfc: Allow PLOGI retry if previous PLOGI was aborted (bsc#1192145). - scsi: lpfc: Allow fabric node recovery if recovery is in progress before devloss (bsc#1192145). - scsi: lpfc: Correct sysfs reporting of loop support after SFP status change (bsc#1192145). - scsi: lpfc: Fix link down processing to address NULL pointer dereference (bsc#1192145). - scsi: lpfc: Fix memory overwrite during FC-GS I/O abort handling (bsc#1191349). - scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine (bsc#1192145). - scsi: lpfc: Revert LOG_TRACE_EVENT back to LOG_INIT prior to driver_resource_setup() (bsc#1192145). - scsi: lpfc: Update lpfc version to 14.0.0.3 (bsc#1192145). - scsi: lpfc: Wait for successful restart of SLI3 adapter during host sg_reset (bsc#1192145). - scsi: mpi3mr: Add EEDP DIF DIX support (jsc#SLE-18120). - scsi: mpi3mr: Add bios_param SCSI host template hook (jsc#SLE-18120). - scsi: mpi3mr: Add change queue depth support (jsc#SLE-18120). - scsi: mpi3mr: Add event handling debug prints (jsc#SLE-18120). - scsi: mpi3mr: Add mpi30 Rev-R headers and Kconfig (jsc#SLE-18120). - scsi: mpi3mr: Add support for DSN secure firmware check (jsc#SLE-18120). - scsi: mpi3mr: Add support for PCIe device event handling (jsc#SLE-18120). - scsi: mpi3mr: Addsupport for PM suspend and resume (jsc#SLE-18120). - scsi: mpi3mr: Add support for device add/remove event handling (jsc#SLE-18120). - scsi: mpi3mr: Add support for internal watchdog thread (jsc#SLE-18120). - scsi: mpi3mr: Add support for queue command processing (jsc#SLE-18120). - scsi: mpi3mr: Add support for recovering controller (jsc#SLE-18120). - scsi: mpi3mr: Add support for threaded ISR (jsc#SLE-18120). - scsi: mpi3mr: Add support for timestamp sync with firmware (jsc#SLE-18120). - scsi: mpi3mr: Additional event handling (jsc#SLE-18120). - scsi: mpi3mr: Allow certain commands during pci-remove hook (jsc#SLE-18120). - scsi: mpi3mr: Base driver code (jsc#SLE-18120). - scsi: mpi3mr: Complete support for soft reset (jsc#SLE-18120). - scsi: mpi3mr: Create operational request and reply queue pair (jsc#SLE-18120). - scsi: mpi3mr: Fix error handling in mpi3mr_setup_isr() (git-fixes). - scsi: mpi3mr: Fix missing unlock on error (git-fixes). - scsi: mpi3mr: Hardware workaround for UNMAP commands to NVMe drives (jsc#SLE-18120). - scsi: mpi3mr: Implement SCSI error handler hooks (jsc#SLE-18120). - scsi: mpi3mr: Print IOC info for debugging (jsc#SLE-18120). - scsi: mpi3mr: Print pending host I/Os for debugging (jsc#SLE-18120). - scsi: mpi3mr: Set up IRQs in resume path (jsc#SLE-18120). - scsi: mpi3mr: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (jsc#SLE-18120). - scsi: mpi3mr: Use the proper SCSI midlayer interfaces for PI (jsc#SLE-18120). - scsi: mpi3mr: Wait for pending I/O completions upon detection of VD I/O timeout (jsc#SLE-18120). - scsi: qla2xxx: Add debug print of 64G link speed (bsc#1190941). - scsi: qla2xxx: Add host attribute to trigger MPI hang (bsc#1190941). - scsi: qla2xxx: Add support for mailbox passthru (bsc#1190941). - scsi: qla2xxx: Adjust request/response queue size for 28xx (bsc#1190941). - scsi: qla2xxx: Call process_response_queue() in Tx path (bsc#1190941). - scsi:qla2xxx: Changes to support FCP2 Target (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel (bsc#1190941). - scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS (bsc#1190941). - scsi: qla2xxx: Check for firmware capability before creating QPair (bsc#1190941). - scsi: qla2xxx: Display 16G only as supported speeds for 3830c card (bsc#1190941). - scsi: qla2xxx: Do not call fc_block_scsi_eh() during bus reset (bsc#1190941). - scsi: qla2xxx: Fix NPIV create erroneous error (bsc#1190941). - scsi: qla2xxx: Fix NVMe retry (bsc#1190941). - scsi: qla2xxx: Fix NVMe session down detection (bsc#1190941). - scsi: qla2xxx: Fix NVMe | FCP personality change (bsc#1190941). - scsi: qla2xxx: Fix crash in NVMe abort path (bsc#1190941). - scsi: qla2xxx: Fix excessive messages during device logout (bsc#1190941). - scsi: qla2xxx: Fix hang during NVMe session tear down (bsc#1190941). - scsi: qla2xxx: Fix hang on NVMe command timeouts (bsc#1190941). - scsi: qla2xxx: Fix kernel crash when accessing port_speed sysfs file (bsc#1190941). - scsi: qla2xxx: Fix port type info (bsc#1190941). - scsi: qla2xxx: Fix unsafe removal from linked list (bsc#1190941). - scsi: qla2xxx: Fix use after free in eh_abort path (bsc#1190941). - scsi: qla2xxx: Move heartbeat handling from DPC thread to workqueue (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_device_reset() (bsc#1190941). - scsi: qla2xxx: Open-code qla2xxx_eh_target_reset() (bsc#1190941). - scsi: qla2xxx: Remove redundant initialization of pointer req (bsc#1190941). - scsi: qla2xxx: Restore initiator in dual mode (bsc#1190941). - scsi: qla2xxx: Show OS name and version in FDMI-1 (bsc#1190941). - scsi: qla2xxx: Suppress unnecessary log messages during login (bsc#1190941). - scsi: qla2xxx: Sync queue idx with queue_pair_map idx (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.100-k (bsc#1190941). - scsi: qla2xxx: Update version to 10.02.06.200-k(bsc#1190941). - scsi: qla2xxx: Update version to 10.02.07.100-k (bsc#1190941). - scsi: qla2xxx: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (bsc#1190941). - scsi: qla2xxx: edif: Add N2N support for EDIF (bsc#1190941). - scsi: qla2xxx: edif: Do secure PLOGI when auth app is present (bsc#1190941). - scsi: qla2xxx: edif: Fix EDIF enable flag (bsc#1190941). - scsi: qla2xxx: edif: Fix returnvar.cocci warnings (bsc#1190941). - scsi: qla2xxx: edif: Fix stale session (bsc#1190941). - scsi: qla2xxx: edif: Reject AUTH ELS on session down (bsc#1190941). - scsi: qla2xxx: edif: Use link event to wake up app (bsc#1190941). - scsi: target: Fix the pgr/alua_support_store functions (git-fixes). - sctp: check asoc peer.asconf_capable before processing asconf (bsc#1190351). - soc: qcom: mdt_loader: Drop PT_LOAD check on hash segment (git-fixes). - spi: spi-nxp-fspi: do not depend on a specific node name erratum workaround (git-fixes). - tpm: ibmvtpm: Avoid error message when process gets signal while waiting (bsc#1065729). - usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle (git-fixes). - usb: hso: fix error handling code of hso_create_net_device (git-fixes). - usb: hso: remove the bailout parameter (git-fixes). - usb: musb: dsps: Fix the probe error path (git-fixes). - video: fbdev: gbefb: Only instantiate device when built for IP32 (git-fixes). - virtio: write back F_VERSION_1 before validate (git-fixes). - watchdog: orion: use 0 for unset heartbeat (git-fixes). - x86/pat: Pass valid address to sanitize_phys() (bsc#1152489). - x86/resctrl: Free the ctrlval arrays when domain_setup_mon_state() fails (bsc#1152489). - x86/sev: Return an error on a returned non-zero SW_EXITINFO1[31:0] (bsc#1178134). - xen: fix setting of max_pfn in shared_info (git-fixes). - xen: reset legacy rtc flag for PV domU (git-fixes). - xfs: Fixed non-directory creation in SGID directories introduced by CVE-2018-13405patch (bsc#1190006). - xfs: ensure that the inode uid/gid match values match the icdinode ones (bsc#1190006). - xfs: fix I_DONTCACHE (bsc#1192074). - xfs: fix log intent recovery ENOSPC shutdowns when inactivating inodes (bsc#1190642). - xfs: merge the projid fields in struct xfs_icdinode (bsc#1190006). - xfs: remove the icdinode di_uid/di_gid members (bsc#1190006). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fix command ring pointer corruption while aborting a command (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). - xhci: guard accesses to ep_state in xhci_endpoint_reset() (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3641=1 Package List: - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-38.28.2 cluster-md-kmp-azure-debuginfo-5.3.18-38.28.2 dlm-kmp-azure-5.3.18-38.28.2 dlm-kmp-azure-debuginfo-5.3.18-38.28.2 gfs2-kmp-azure-5.3.18-38.28.2 gfs2-kmp-azure-debuginfo-5.3.18-38.28.2 kernel-azure-5.3.18-38.28.2 kernel-azure-debuginfo-5.3.18-38.28.2 kernel-azure-debugsource-5.3.18-38.28.2 kernel-azure-devel-5.3.18-38.28.2 kernel-azure-devel-debuginfo-5.3.18-38.28.2 kernel-azure-extra-5.3.18-38.28.2 kernel-azure-extra-debuginfo-5.3.18-38.28.2 kernel-azure-livepatch-devel-5.3.18-38.28.2 kernel-azure-optional-5.3.18-38.28.2 kernel-azure-optional-debuginfo-5.3.18-38.28.2 kernel-syms-azure-5.3.18-38.28.1 kselftests-kmp-azure-5.3.18-38.28.2 kselftests-kmp-azure-debuginfo-5.3.18-38.28.2 ocfs2-kmp-azure-5.3.18-38.28.2 ocfs2-kmp-azure-debuginfo-5.3.18-38.28.2 reiserfs-kmp-azure-5.3.18-38.28.2 reiserfs-kmp-azure-debuginfo-5.3.18-38.28.2 - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-38.28.2 kernel-source-azure-5.3.18-38.28.2 References: https://www.suse.com/security/cve/CVE-2021-33033.html https://www.suse.com/security/cve/CVE-2021-34866.html https://www.suse.com/security/cve/CVE-2021-3542.html https://www.suse.com/security/cve/CVE-2021-3655.html https://www.suse.com/security/cve/CVE-2021-3715.html https://www.suse.com/security/cve/CVE-2021-3760.html https://www.suse.com/security/cve/CVE-2021-3772.html https://www.suse.com/security/cve/CVE-2021-3896.html https://www.suse.com/security/cve/CVE-2021-41864.html https://www.suse.com/security/cve/CVE-2021-42008.html https://www.suse.com/security/cve/CVE-2021-42252.html https://www.suse.com/security/cve/CVE-2021-42739.html https://www.suse.com/security/cve/CVE-2021-43056.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1085030 https://bugzilla.suse.com/1152472 https://bugzilla.suse.com/1152489 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1172073 https://bugzilla.suse.com/1173604 https://bugzilla.suse.com/1176447 https://bugzilla.suse.com/1176774 https://bugzilla.suse.com/1176914 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1180100 https://bugzilla.suse.com/1181147 https://bugzilla.suse.com/1184673 https://bugzilla.suse.com/1185762 https://bugzilla.suse.com/1186063 https://bugzilla.suse.com/1186109 https://bugzilla.suse.com/1187167 https://bugzilla.suse.com/1188563 https://bugzilla.suse.com/1189841 https://bugzilla.suse.com/1190006 https://bugzilla.suse.com/1190067 https://bugzilla.suse.com/1190349 https://bugzilla.suse.com/1190351 https://bugzilla.suse.com/1190479 https://bugzilla.suse.com/1190620 https://bugzilla.suse.com/1190642 https://bugzilla.suse.com/1190795 https://bugzilla.suse.com/1190801 https://bugzilla.suse.com/1190941 https://bugzilla.suse.com/1191229 https://bugzilla.suse.com/1191240 https://bugzilla.suse.com/1191241 https://bugzilla.suse.com/1191315 https://bugzilla.suse.com/1191317 https://bugzilla.suse.com/1191349 https://bugzilla.suse.com/1191384 https://bugzilla.suse.com/1191449 https://bugzilla.suse.com/1191450 https://bugzilla.suse.com/1191451 https://bugzilla.suse.com/1191452 https://bugzilla.suse.com/1191455 https://bugzilla.suse.com/1191456 https://bugzilla.suse.com/1191628 https://bugzilla.suse.com/1191645 https://bugzilla.suse.com/1191663 https://bugzilla.suse.com/1191731 https://bugzilla.suse.com/1191800 https://bugzilla.suse.com/1191867 https://bugzilla.suse.com/1191934 https://bugzilla.suse.com/1191958 https://bugzilla.suse.com/1192040 https://bugzilla.suse.com/1192041 https://bugzilla.suse.com/1192074 https://bugzilla.suse.com/1192107 https://bugzilla.suse.com/1192145 . Significant Debian upgrade addresses 10 vulnerabilities in the Linux Kernel, featuring vital patches and improved security measures.. openSUSE Security Update,Kernal Patch,System Vulnerabilities. . Severity: Important. LinuxSecurity.com Team
Nov 09, 2021
•Important
OpenSUSE
89
security advisoryfedorakernel updateFedora 34: 2021-de12dbcbc8 Important Kernel Patch 5.11.0
The 5.11.18 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-de12dbcbc8 2021-05-08 01:33:23.731725 --------------------------------------------------------------------------------Name : kernel Product : Fedora 34 Version : 5.11.18 Release : 300.fc34 URL : https://www.kernel.org/ Summary : The Linux kernel Description : The kernel meta package --------------------------------------------------------------------------------Update Information: The 5.11.18 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Mon May 3 2021 Justin M. Forbes [5.11.18-300] - nitro_enclaves: Fix stale file descriptors on failed usercopy (Mathias Krause) * Mon May 3 2021 Justin M. Forbes [5.11.18-0] - Enable mtdram for fedora (rhbz 1955916) (Justin M. Forbes) - hardlink is in /usr/bin/ (rhbz 1889043) (Justin M. Forbes) - sfc: ef10: fix TX queue lookup in TX event handling (Edward Cree) - sfc: farch: fix TX queue lookup in TX event handling (Edward Cree) - sfc: farch: fix TX queue lookup in TX flush done handling (Edward Cree) --------------------------------------------------------------------------------References: [ 1 ] Bug #1953022 - kernel: nitro_enclaves stale file descriptors on failed usercopy https://bugzilla.redhat.com/show_bug.cgi?id=1953022 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-de12dbcbc8' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 07, 2021
•Important
Fedora
89
security advisoryfedoracriticalFedora 31: FEDORA-2020-a8125b66cd Major: Security-Patch Release
The 5.2.15 stable kernel update contains a number of important fixes across the tree.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-e3010166bd 2019-09-19 01:28:48.405030 --------------------------------------------------------------------------------Name : kernel-headers Product : Fedora 30 Version : 5.2.15 Release : 200.fc30 URL : https://www.kernel.org/ Summary : Header files for the Linux kernel for use by glibc Description : Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. --------------------------------------------------------------------------------Update Information: The 5.2.15 stable kernel update contains a number of important fixes across the tree. --------------------------------------------------------------------------------ChangeLog: * Mon Sep 16 2019 Justin M. Forbes - 5.2.15-200 - Linux v5.2.15 * Tue Sep 10 2019 Justin M. Forbes - 5.2.14-200 - Linux v5.2.14 * Fri Sep 6 2019 Justin M. Forbes - 5.2.13-200 - Linux v5.2.13 * Thu Aug 29 2019 Justin M. Forbes - 5.2.11-200 - Linux v5.2.11 * Mon Aug 26 2019 Justin M. Forbes - 5.2.10-200 - Linux v5.2.10 * Fri Aug 16 2019 Justin M. Forbes - 5.2.9-200 - Linux v5.2.9 * Sat Aug 10 2019 Justin M. Forbes - 5.2.8-200 - Linux v5.2.8 * Thu Aug 8 2019 Justin M. Forbes - 5.2.7-200 - Linux v5.2.7 * Mon Aug 5 2019 Justin M. Forbes - 5.2.6-200 - Linux v5.2.6 * Wed Jul 31 2019 Justin M. Forbes - 5.2.5-200 - Linux v5.2.5 * Mon Jul 29 2019 Justin M. Forbes - 5.2.4-200 - Linux v5.2.4 * Fri Jul 26 2019 Jeremy Cline - 5.1.20-300 - Linux v5.1.20 * Mon Jul 22 2019 Jeremy Cline - 5.1.19-300 - Linux v5.1.19 * Mon Jul 15 2019 Jeremy Cline - 5.1.18-300 -Linux v5.1.18 * Wed Jul 10 2019 Jeremy Cline - 5.1.17-300 - Linux v5.1.17 * Wed Jul 3 2019 Jeremy Cline - 5.1.16-300 - Linux v5.1.16 * Tue Jun 25 2019 Jeremy Cline - 5.1.15-300 - Linux v5.1.15 * Mon Jun 24 2019 Jeremy Cline - 5.1.14-300 - Linux v5.1.14 * Wed Jun 19 2019 Jeremy Cline - 5.1.12-300 - Linux v5.1.12 * Mon Jun 17 2019 Jeremy Cline - 5.1.11-300 - Linux v5.1.11 * Mon Jun 17 2019 Jeremy Cline - 5.1.10-300 - Linux v5.1.10 * Tue Jun 11 2019 Jeremy Cline - 5.1.9-300 - Linux v5.1.9 * Sun Jun 9 2019 Jeremy Cline - 5.1.8-300 - Linux v5.1.8 * Tue Jun 4 2019 Jeremy Cline - 5.1.7-300 - Linux v5.1.7 * Sat May 25 2019 Jeremy Cline - 5.1.5-300 - Linux v5.1.5 * Wed May 22 2019 Jeremy Cline - 5.1.4-300 - Linux v5.1.4 * Wed May 15 2019 Justin M. Forbes - 5.0.16-300 - Linux v5.0.16 --------------------------------------------------------------------------------References: [ 1 ] Bug #1750727 - CVE-2019-14835 kernel: vhost-net: guest to host kernel escape during migration https://bugzilla.redhat.com/show_bug.cgi?id=1750727 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-e3010166bd' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 18, 2019
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!