Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2409
Security update for the Linux Kernel
16 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Linux Kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-34693 CVE-2021-33624 CVE-2021-23133
CVE-2021-3573 CVE-2021-0605 CVE-2021-0512
CVE-2021-0129 CVE-2020-36386 CVE-2020-36385
CVE-2020-26558 CVE-2020-24588 CVE-2019-25045
Reference: ASB-2021.0110
ESB-2021.2368
ESB-2021.2290
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212352-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212349-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212321-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212324-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212325-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212332-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212366-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212344-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212368-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212361-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212367-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212372-1
Comment: This bulletin contains twelve (12) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2352-1
Rating: important
References: #1152489 #1153274 #1154353 #1155518 #1164648 #1176447
#1176774 #1176919 #1177028 #1178134 #1182470 #1184212
#1184685 #1185486 #1185675 #1185677 #1186206 #1186666
#1186949 #1187171 #1187263 #1187356 #1187402 #1187403
#1187404 #1187407 #1187408 #1187409 #1187410 #1187411
#1187412 #1187413 #1187452 #1187554 #1187595 #1187601
#1187795 #1187867 #1187883 #1187886 #1187927 #1187972
#1187980
Cross-References: CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693
CVE-2021-3573
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 38 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
attackers to corrupt kernel heaps and adopt further exploitations. (bsc#
1186666)
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak
the contents of arbitrary kernel memory (and therefore, of all physical
memory) via a side-channel. (bsc#1187554)
o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users
to obtain sensitive information from kernel stack memory because parts of a
data structure are uninitialized. (bsc#1187452)
The following non-security bugs were fixed:
o 0001-x86-sched-Treat-Intel-SNC-topology-as-default-COD-as.patch: (bsc#
1187263).
o alx: Fix an error handling path in 'alx_probe()' (git-fixes).
o ASoC: fsl-asoc-card: Set .owner attribute when registering card
(git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
(git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
(git-fixes).
o ASoC: max98088: fix ni clock divider calculation (git-fixes).
o ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
o ASoC: rt5682: Fix the fast discharge for headset unplugging in soundwire
mode (git-fixes).
o ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
o ASoC: tas2562: Fix TDM_CFG0_SAMPRATE values (git-fixes).
o batman-adv: Avoid WARN_ON timing related checks (git-fixes).
o be2net: Fix an error handling path in 'be_probe()' (git-fixes).
o block: Discard page cache of zone reset target range (bsc#1187402).
o Bluetooth: Add a new USB ID for RTL8822CE (git-fixes).
o Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
o bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#
SLE-8371 bsc#1153274).
o bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#
1153274).
o bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc
#1153274).
o bpf: Fix integer overflow in argument calculation for bpf_map_area_alloc
(bsc#1177028).
o bpf: Fix libelf endian handling in resolv_btfids (bsc#1177028).
o bpfilter: Specify the log level for the kmsg message (bsc#1155518).
o can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
o ceph: must hold snap_rwsem when filling inode for async create (bsc#
1187927).
o cfg80211: avoid double free of PMSR request (git-fixes).
o cfg80211: make certificate generation more robust (git-fixes).
o cgroup1: do not allow '\n' in renaming (bsc#1187972).
o cxgb4: fix endianness when flashing boot image (jsc#SLE-15131).
o cxgb4: fix sleep in atomic when flashing PHY firmware (jsc#SLE-15131).
o cxgb4: fix wrong ethtool n-tuple rule lookup (jsc#SLE-15131).
o cxgb4: fix wrong shift (git-fixes).
o cxgb4: halt chip before flashing PHY firmware image (jsc#SLE-15131).
o dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
o dax: Add an enum for specifying dax wakup mode (bsc#1187411).
o dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
o dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
o dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
o dmaengine: fsl-dpaa2-qdma: Fix error return code in two functions
(git-fixes).
o dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
o dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
o dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
o drm: Fix use-after-free read in drm_getunique() (git-fixes).
o drm: Lock pointer access in drm_master_release() (git-fixes).
o drm/amd/amdgpu:save psp ring wptr to avoid attack (git-fixes).
o drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
o drm/amd/display: Fix potential memory leak in DMUB hw_init (git-fixes).
o drm/amdgpu: refine amdgpu_fru_get_product_info (git-fixes).
o drm/sun4i: dw-hdmi: Make HDMI PHY into a platform device (git-fixes).
o drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
o drm/vc4: hdmi: Make sure the controller is powered in detect (git-fixes).
o drm/vc4: hdmi: Move the HSM clock enable to runtime_pm (git-fixes).
o dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
o ethtool: strset: fix message length calculation (bsc#1176447).
o ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
o ext4: fix check to prevent false positive report of incorrect used inodes
(bsc#1187404).
o ext4: fix error code in ext4_commit_super (bsc#1187407).
o ext4: fix memory leak in ext4_fill_super (bsc#1187409).
o FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
o fs: fix reporting supported extra file attributes for statx() (bsc#
1187410).
o ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
o ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
o fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
o HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
o HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
o HID: hid-input: add mapping for emoji picker key (git-fixes).
o HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).
o HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
o HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
o HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).
o hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
o i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
o ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
o ice: parameterize functions responsible for Tx ring management (jsc#
SLE-12878).
o isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
o kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
o kernel: kexec_file: fix error return code of kexec_calculate_store_digests
() (git-fixes).
o kthread_worker: split code for canceling the delayed work timer (bsc#
1187867).
o kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
o kyber: fix out of bounds access when preempted (bsc#1187403).
o lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
o media: mtk-mdp: Check return value of of_clk_get (git-fixes).
o media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
o media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()
' (git-fixes).
o mlxsw: reg: Spectrum-3: Enforce lowest max-shaper burst size of 11 (bsc#
1176774).
o mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
o module: limit enabling module.sig_enforce (git-fixes).
o net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
o net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
o net/mlx5: E-Switch, Allow setting GUID for host PF vport (jsc#SLE-15172).
o net/mlx5: E-Switch, Read PF mac address (jsc#SLE-15172).
o net/mlx5: Fix PBMC register mapping (git-fixes).
o net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
o net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
o net/mlx5: Reset mkey index on creation (jsc#SLE-15172).
o net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).
o net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
o net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
o net/nfc/rawsock.c: fix a permission check bug (git-fixes).
o net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
o net/x25: Return the correct errno code (git-fixes).
o netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).
o NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
o NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
o NFS: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode()
(git-fixes).
o nvmem: rmem: fix undefined reference to memremap (git-fixes).
o ocfs2: fix data corruption by fallocate (bsc#1187412).
o PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
o PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
o PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
o PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
o PCI: Mark TI C667X to avoid bus reset (git-fixes).
o PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
o perf/x86/intel/uncore: Fix a kernel WARNING triggered by maxcpus=1
(git-fixes).
o perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#
1184685).
o powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
(jsc#SLE-13513 bsc#1176919 ltc#186162 git-fixes).
o qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
o qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
o radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
o regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
(git-fixes).
o Removed patch that was incorrectly added to SLE15-SP2 (bsc#1186949)
o Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413).
o Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#
191041).
o Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
(git-fixes).
o Revert "video: hgafb: fix potential NULL pointer dereference" (git-fixes).
o Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#
1152489)
o s390/dasd: add missing discipline function (git-fixes).
o s390/stack: fix possible register corruption with stack switch helper (bsc#
1185677).
o sched/debug: Fix cgroup_path[] serialization (git-fixes)
o sched/fair: Keep load_avg and load_sum synced (git-fixes)
o scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#
1187883).
o scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
o scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).
o SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
o scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
o spi: spi-nxp-fspi: move the register operation after the clock enable
(git-fixes).
o spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
o spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd
() (git-fixes).
o SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
o SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
o tracing: Correct the length check which causes memory corruption
(git-fixes).
o tracing: Do no increment trace_clock_global() by one (git-fixes).
o tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
o tracing: Do not stop recording comms if the trace file is being read
(git-fixes).
o tracing: Restructure trace_clock_global() to never block (git-fixes).
o USB: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
o USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
o USB: dwc3: core: fix kernel panic when do reboot (git-fixes).
o USB: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
o USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
o USB: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
o USB: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
o USB: fix various gadget panics on 10gbps cabling (git-fixes).
o USB: fix various gadget panics on 10gbps cabling (git-fixes).
o USB: gadget: eem: fix wrong eem header operation (git-fixes).
o USB: gadget: eem: fix wrong eem header operation (git-fixes).
o USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
o USB: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o video: hgafb: correctly handle card detect failure during probe
(git-fixes).
o video: hgafb: fix potential NULL pointer dereference (git-fixes).
o vrf: fix maximum MTU (git-fixes).
o x86/elf: Use _BITUL() macro in UAPI headers (bsc#1178134).
o x86/fpu: Preserve supervisor states in sanitize_restored_user_xstate() (bsc
#1178134).
o x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#
1152489).
o x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#
1152489).
o xen-blkback: fix compatibility bug with single page rings (git-fixes).
o xen-pciback: reconfigure also from backend watch handler (git-fixes).
o xen-pciback: redo VF placement in the virtual topology (git-fixes).
o xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
o xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype (bsc#1185675).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2352=1
o SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-2352=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2352=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2352=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2352=1
o SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2352=1
Package List:
o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-59.13.1
kernel-default-debugsource-5.3.18-59.13.1
kernel-default-extra-5.3.18-59.13.1
kernel-default-extra-debuginfo-5.3.18-59.13.1
kernel-preempt-debuginfo-5.3.18-59.13.1
kernel-preempt-debugsource-5.3.18-59.13.1
kernel-preempt-extra-5.3.18-59.13.1
kernel-preempt-extra-debuginfo-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-59.13.1
kernel-default-debugsource-5.3.18-59.13.1
kernel-default-livepatch-5.3.18-59.13.1
kernel-default-livepatch-devel-5.3.18-59.13.1
kernel-livepatch-5_3_18-59_13-default-1-7.3.1
kernel-livepatch-5_3_18-59_13-default-debuginfo-1-7.3.1
kernel-livepatch-SLE15-SP3_Update_3-debugsource-1-7.3.1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-59.13.1
kernel-default-debugsource-5.3.18-59.13.1
reiserfs-kmp-default-5.3.18-59.13.1
reiserfs-kmp-default-debuginfo-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-59.13.1
kernel-obs-build-debugsource-5.3.18-59.13.1
kernel-syms-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-59.13.1
kernel-preempt-debugsource-5.3.18-59.13.1
kernel-preempt-devel-5.3.18-59.13.1
kernel-preempt-devel-debuginfo-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-59.13.1
kernel-source-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-59.13.1
kernel-default-base-5.3.18-59.13.1.18.6.1
kernel-default-debuginfo-5.3.18-59.13.1
kernel-default-debugsource-5.3.18-59.13.1
kernel-default-devel-5.3.18-59.13.1
kernel-default-devel-debuginfo-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-59.13.1
kernel-preempt-debuginfo-5.3.18-59.13.1
kernel-preempt-debugsource-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-59.13.1
kernel-64kb-debuginfo-5.3.18-59.13.1
kernel-64kb-debugsource-5.3.18-59.13.1
kernel-64kb-devel-5.3.18-59.13.1
kernel-64kb-devel-debuginfo-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-59.13.1
kernel-macros-5.3.18-59.13.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-59.13.1
kernel-zfcpdump-debuginfo-5.3.18-59.13.1
kernel-zfcpdump-debugsource-5.3.18-59.13.1
o SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-59.13.1
cluster-md-kmp-default-debuginfo-5.3.18-59.13.1
dlm-kmp-default-5.3.18-59.13.1
dlm-kmp-default-debuginfo-5.3.18-59.13.1
gfs2-kmp-default-5.3.18-59.13.1
gfs2-kmp-default-debuginfo-5.3.18-59.13.1
kernel-default-debuginfo-5.3.18-59.13.1
kernel-default-debugsource-5.3.18-59.13.1
ocfs2-kmp-default-5.3.18-59.13.1
ocfs2-kmp-default-debuginfo-5.3.18-59.13.1
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://www.suse.com/security/cve/CVE-2021-3573.html
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1153274
o https://bugzilla.suse.com/1154353
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1164648
o https://bugzilla.suse.com/1176447
o https://bugzilla.suse.com/1176774
o https://bugzilla.suse.com/1176919
o https://bugzilla.suse.com/1177028
o https://bugzilla.suse.com/1178134
o https://bugzilla.suse.com/1182470
o https://bugzilla.suse.com/1184212
o https://bugzilla.suse.com/1184685
o https://bugzilla.suse.com/1185486
o https://bugzilla.suse.com/1185675
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1186206
o https://bugzilla.suse.com/1186666
o https://bugzilla.suse.com/1186949
o https://bugzilla.suse.com/1187171
o https://bugzilla.suse.com/1187263
o https://bugzilla.suse.com/1187356
o https://bugzilla.suse.com/1187402
o https://bugzilla.suse.com/1187403
o https://bugzilla.suse.com/1187404
o https://bugzilla.suse.com/1187407
o https://bugzilla.suse.com/1187408
o https://bugzilla.suse.com/1187409
o https://bugzilla.suse.com/1187410
o https://bugzilla.suse.com/1187411
o https://bugzilla.suse.com/1187412
o https://bugzilla.suse.com/1187413
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1187795
o https://bugzilla.suse.com/1187867
o https://bugzilla.suse.com/1187883
o https://bugzilla.suse.com/1187886
o https://bugzilla.suse.com/1187927
o https://bugzilla.suse.com/1187972
o https://bugzilla.suse.com/1187980
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2349-1
Rating: important
References: #1103990 #1103991 #1104353 #1113994 #1114648 #1129770
#1135481 #1136345 #1174978 #1179610 #1182470 #1184040
#1185428 #1185486 #1185677 #1185701 #1185861 #1185863
#1186206 #1186264 #1186463 #1186515 #1186516 #1186517
#1186518 #1186519 #1186520 #1186521 #1186522 #1186523
#1186524 #1186525 #1186526 #1186527 #1186528 #1186529
#1186530 #1186531 #1186532 #1186533 #1186534 #1186535
#1186537 #1186538 #1186539 #1186540 #1186541 #1186542
#1186543 #1186545 #1186546 #1186547 #1186548 #1186549
#1186550 #1186551 #1186552 #1186554 #1186555 #1186556
#1186627 #1186635 #1186638 #1186698 #1186699 #1186700
#1186701 #1187038 #1187049 #1187402 #1187404 #1187407
#1187408 #1187409 #1187411 #1187412 #1187452 #1187453
#1187455 #1187554 #1187595 #1187601 #1187630 #1187631
#1187833 #1187867 #1187972 #1188010
Cross-References: CVE-2019-25045 CVE-2020-24588 CVE-2020-26558 CVE-2020-36386
CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
CVE-2021-34693
Affected Products:
SUSE MicroOS 5.0
SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 79 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak
the contents of arbitrary kernel memory (and therefore, of all physical
memory) via a side-channel. (bsc#1187554)
o CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM
subsystem, related to an xfrm_state_fini panic. (bsc#1187049)
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
o CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing
that could permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing. (bsc#1179610)
o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users
to obtain sensitive information from kernel stack memory because parts of a
data structure are uninitialized. (bsc#1187452)
o CVE-2021-0129: Fixed an improper access control in BlueZ that may have
allowed an authenticated user to potentially enable information disclosure
via adjacent access. (bsc#1186463)
o CVE-2020-36386: Fixed an out-of-bounds read in
hci_extended_inquiry_result_evt. (bsc#1187038)
o CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices
that support receiving non-SSP A-MSDU frames to inject arbitrary network
packets. (bsc#1185861)
The following non-security bugs were fixed:
o ACPI: custom_method: fix a possible memory leak (git-fixes).
o ACPI: custom_method: fix potential use-after-free issue (git-fixes).
o ACPI: GTDT: Do not corrupt interrupt mappings on watchdow probe failure
(git-fixes).
o ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro (git-fixes).
o ALSA: emu8000: Fix a use after free in snd_emu8000_create_mixer
(git-fixes).
o ALSA: hda/conexant: Re-order CX5066 quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Lenovo quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC269 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Acer quirk table entries (git-fixes).
o ALSA: hda/realtek: Re-order ALC882 Sony quirk table entries (git-fixes).
o ALSA: hda/realtek: Remove redundant entry for ALC861 Haier/Uniwill devices
(git-fixes).
o ALSA: hda/realtek: reset eapd coeff to default value for alc287
(git-fixes).
o ALSA: hdsp: do not disable if not enabled (git-fixes).
o ALSA: hdspm: do not disable if not enabled (git-fixes).
o ALSA: line6: Fix racy initialization of LINE6 MIDI (git-fixes).
o ALSA: rme9652: do not disable if not enabled (git-fixes).
o ALSA: sb: Fix two use after free in snd_sb_qsound_build (git-fixes).
o ALSA: timer: Fix master timer notification (git-fixes).
o ALSA: usb-audio: Add MIDI quirk for Vox ToneLab EX (git-fixes).
o alx: Fix an error handling path in 'alx_probe()' (git-fixes).
o ASoC: cs35l33: fix an error code in probe() (git-fixes).
o ASoC: cs42l42: Regmap must use_single_read/write (git-fixes).
o ASoC: rt286: Generalize support for ALC3263 codec (git-fixes).
o ASoC: rt286: Make RT286_SET_GPIO_* readable and writable (git-fixes).
o ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
o batman-adv: Avoid WARN_ON timing related checks (git-fixes).
o blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453).
o blk-wbt: Fix missed wakeup (bsc#1186627).
o block: Discard page cache of zone reset target range (bsc#1187402).
o Bluetooth: fix the erroneous flush_work() order (git-fixes).
o Bluetooth: initialize skb_queue_head at l2cap_chan_create() (git-fixes).
o Bluetooth: Set CONF_NOT_COMPLETE as l2cap_chan default (git-fixes).
o Bluetooth: SMP: Fail if remote and local public keys are identical
(git-fixes).
o Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
o bnxt_en: Fix PCI AER error recovery flow (git-fixes).
o btrfs: account for new extents being deleted in total_bytes_pinned (bsc#
1135481).
o btrfs: add a comment explaining the data flush steps (bsc#1135481).
o btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
o btrfs: add flushing states for handling data reservations (bsc#1135481).
o btrfs: add missing error handling after doing leaf/node binary search (bsc#
1187833).
o btrfs: add the data transaction commit logic into may_commit_transaction
(bsc#1135481).
o btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#
1135481).
o btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
o btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#
1135481).
o btrfs: change insert_dirty_subvol to return errors (bsc#1187833).
o btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
o btrfs: check record_root_in_trans related failures in select_reloc_root
(bsc#1187833).
o btrfs: check return value of btrfs_commit_transaction in relocation (bsc#
1187833).
o btrfs: check tickets after waiting on ordered extents (bsc#1135481).
o btrfs: cleanup error handling in prepare_to_merge (bsc#1187833).
o btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833).
o btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#
1187833).
o btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#
1187833).
o btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#
1187833).
o btrfs: do async reclaim for data reservations (bsc#1135481).
o btrfs: do not force commit if we are data (bsc#1135481).
o btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833).
o btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481).
o btrfs: do not panic in __add_reloc_root (bsc#1187833).
o btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833).
o btrfs: do proper error handling in create_reloc_inode (bsc#1187833).
o btrfs: do proper error handling in create_reloc_root (bsc#1187833).
o btrfs: do proper error handling in merge_reloc_roots (bsc#1187833).
o btrfs: do proper error handling in record_reloc_root_in_trans (bsc#
1187833).
o btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
o btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
o btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
o btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#
1187833).
o btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#
1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#
1187833).
o btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#
1187833).
o btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833).
o btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#
1187833).
o btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#
1187833).
o btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#
1187833).
o btrfs: handle errors from select_reloc_root() (bsc#1187833).
o btrfs: handle errors in reference count manipulation in replace_path (bsc#
1187833).
o btrfs: handle extent corruption with select_one_root properly (bsc#
1187833).
o btrfs: handle extent reference errors in do_relocation (bsc#1187833).
o btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans
(bsc#1187833).
o btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#
1187833).
o btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#
1187833).
o btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself
(bsc#1135481).
o btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
o btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833).
o btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
o btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
o btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#
1187833).
o btrfs: remove err variable from do_relocation (bsc#1187833).
o btrfs: remove nr_async_bios (bsc#1135481).
o btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481).
Preparation for ticketed data space flushing in btrfs.
o btrfs: remove orig from shrink_delalloc (bsc#1135481).
o btrfs: remove the extent item sanity checks in relocate_block_group (bsc#
1187833).
o btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833).
o btrfs: run delayed iputs before committing the transaction for data (bsc#
1135481).
o btrfs: serialize data reservations if we are flushing (bsc#1135481).
o btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
o btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
o btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
improperly (bsc#1187833).
o btrfs: unset reloc control if we fail to recover (bsc#1187833).
o btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
o btrfs: use customized batch size for total_bytes_pinned (bsc#1135481).
Turns out using the batched percpu api had an effect on timing w.r.t
metadata/data reclaim. So backport this patch as well, side effect is it's
also bringing the code closer to upstream so future backports shall be made
easier.
o btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481).
Preparation for introducing ticketed space handling for data space. Due to
the sequence of patches, the main patch has embedded in it changes from
other patches which remove some unused arguments. This is done to ease
backporting itself and shouldn't have any repercussions on functionality.
o btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc
#1135481).
o btrfs: use the same helper for data and metadata reservations (bsc#
1135481).
o btrfs: use ticketing for data space reservations (bsc#1135481).
o btrfs: validate root::reloc_root after recording root in trans (bsc#
1187833).
o can: flexcan: disable completely the ECC mechanism (git-fixes).
o can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
o can: xilinx_can: xcan_chip_start(): fix failure with invalid bus
(git-fixes).
o cfg80211: scan: drop entry from hidden_list on overflow (git-fixes).
o cgroup1: do not allow '\n' in renaming (bsc#1187972).
o char: hpet: add checks after calling ioremap (git-fixes).
o cpufreq: Add NULL checks to show() and store() methods of cpufreq (bsc#
1184040).
o cpufreq: Avoid cpufreq_suspend() deadlock on system shutdown (bsc#1184040).
o crypto: ccp - Fix a resource leak in an error handling path (12sp5).
o cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#
SLE-4681).
o dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
o dax: Add an enum for specifying dax wakup mode (bsc#1187411).
o dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
o dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
o dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
o dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
o dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
o drbd: Remove uninitialized_var() usage (bsc#1186515).
o drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770)
Backporting changes: * move from driver/video/fbdev/core to driver/video/
console * context changes
o drm: Fix use-after-free read in drm_getunique() (git-fixes).
o drm: Lock pointer access in drm_master_release() (git-fixes).
o drm/amdgpu : Fix asic reset regression issue introduce by 8f211fe8ac7c4f
(git-fixes).
o drm/amdgpu: Fix a use-after-free (git-fixes).
o drm/amdgpu: fix NULL pointer dereference (git-fixes).
o drm/meson: fix shutdown crash when component not probed (git-fixes).
o drm/msm/mdp5: Configure PP_SYNC_HEIGHT to double the vtotal (git-fixes).
o drm/radeon: Fix off-by-one power_state index heap overwrite (git-fixes).
o drm/radeon/dpm: Disable sclk switching on Oland when two 4K 60Hz monitors
are connected (git-fixes).
o efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
o efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
o ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
o ext4: fix check to prevent false positive report of incorrect used inodes
(bsc#1187404).
o ext4: fix error code in ext4_commit_super (bsc#1187407).
o ext4: fix memory leak in ext4_fill_super (bsc#1187409).
o extcon: arizona: Fix some issues when HPDET IRQ fires after the jack has
been unplugged (git-fixes).
o fbdev: zero-fill colormap in fbcmap.c (git-fixes).
o FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528).
o ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
o ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
o gpio: xilinx: Correct kernel doc for xgpio_probe() (git-fixes).
o gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro 5055
(git-fixes).
o HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: i801: Do not generate an interrupt on bus reset (git-fixes).
o i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
o i2c: s3c2410: fix possible NULL pointer deref on read message after write
(git-fixes).
o i2c: sh7760: add IRQ check (git-fixes).
o i2c: sh7760: fix IRQ error path (git-fixes).
o iio: adc: ad7793: Add missing error code in ad7793_setup() (git-fixes).
o iio: gyro: mpu3050: Fix reported temperature value (git-fixes).
o iio: proximity: pulsedlight: Fix rumtime PM imbalance on error (git-fixes).
o iio: tsl2583: Fix division by a zero lux_val (git-fixes).
o ima: Free IMA measurement buffer after kexec syscall (git-fixes).
o Input: elants_i2c - do not bind to i2c-hid compatible ACPI instantiated
devices (git-fixes).
o Input: silead - add workaround for x86 BIOS-es which bring the chip up in a
stuck state (git-fixes).
o intel_th: Consistency and off-by-one fix (git-fixes).
o isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
o isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
(git-fixes).
o ixgbe: fix large MTU request from VF (git-fixes).
o ixgbevf: add correct exception tracing for XDP (bsc#1113994 ).
o kabi fix for NFSv4.1: Do not rebind to the same source port when
reconnecting to the server (bnc#1186264).
o kernel: kexec_file: fix error return code of kexec_calculate_store_digests
() (git-fixes).
o kthread_worker: split code for canceling the delayed work timer (bsc#
1187867).
o kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
o leds: lp5523: check return value of lp5xx_read and jump to cleanup code
(git-fixes).
o libertas: register sysfs groups properly (git-fixes).
o mac80211: clear the beacon's CRC after channel switch (git-fixes).
o md: Fix missing unused status line of /proc/mdstat (git-fixes).
o media: adv7604: fix possible use-after-free in adv76xx_remove()
(git-fixes).
o media: dvb-usb: fix memory leak in dvb_usb_adapter_init (git-fixes).
o media: dvb: Add check on sp8870_readreg return (git-fixes).
o media: em28xx: fix memory leak (git-fixes).
o media: gspca: properly check for errors in po1030_probe() (git-fixes).
o media: gspca/sq905.c: fix uninitialized variable (git-fixes).
o media: i2c: adv7842: fix possible use-after-free in adv7842_remove()
(git-fixes).
o media: ite-cir: check for receive overflow (git-fixes).
o media: media/saa7164: fix saa7164_encoder_register() memory leak bugs
(git-fixes).
o mei: request autosuspend after sending rx flow control (git-fixes).
o misc/uss720: fix memory leak in uss720_probe (git-fixes).
o mlxsw: spectrum: Do not process learned records with a dummy FID
(git-fixes).
o mmc: core: Do a power cycle when the CMD11 fails (git-fixes).
o mmc: core: Set read only for SD cards with permanent write protect bit
(git-fixes).
o Move nfs backports into sorted section
o net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
o net: caif: Fix debugfs on 64-bit platforms (git-fixes).
o net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes).
o net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes).
o net: enic: Cure the enic api locking trainwreck (git-fixes).
o net: fix iteration for sctp transport seq_files (git-fixes).
o net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353).
o net: netcp: Fix an error message (git-fixes).
o net: phy: intel-xway: enable integrated led functions (git-fixes).
o net: qed: RDMA personality shouldn't fail VF load (git-fixes).
o net: stmmac: Correctly take timestamp for PTPv2 (git-fixes).
o net: stmmac: ensure that the device has released ownership before reading
data (git-fixes).
o net: usb: fix memory leak in smsc75xx_bind (git-fixes).
o net/nfc/rawsock.c: fix a permission check bug (git-fixes).
o net/smc: remove device from smcd_dev_list after failed device_add()
(git-fixes).
o nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
(git-fixes).
o NFC: fix possible resource leak (git-fixes).
o NFC: fix resource leak when target index is invalid (git-fixes).
o NFC: nci: fix memory leak in nci_allocate_device (git-fixes).
o NFS: Deal correctly with attribute generation counter overflow (git-fixes).
o NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
(git-fixes).
o NFS: Do not gratuitously clear the inode cache when lookup failed
(git-fixes).
o NFS: Do not revalidate the directory permissions on a lookup failure
(git-fixes).
o NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
o NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
o NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
o NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
o NFS: Do not discard segments marked for return in _pnfs_return_layout()
(git-fixes).
o NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
(git-fixes).
o NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
(git-fixes).
o NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
(git-fixes).
o NFS: Do not rebind to the same source port when reconnecting to the server
(bnc#1186264).
o NFS: fix handling of sr_eof in SEEK's reply (git-fixes).
o NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
o NFS: fix return value of _nfs4_get_security_label() (git-fixes).
o ocfs2: fix data corruption by fallocate (bsc#1187412).
o parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770)
o PCI: PM: Do not read power state in pci_enable_device_flags() (git-fixes).
o phy: phy-twl4030-usb: Fix possible use-after-free in twl4030_usb_remove()
(git-fixes).
o pid: take a reference when initializing `cad_pid` (bsc#1114648).
o pinctrl: samsung: use 'int' for register masks in Exynos (git-fixes).
o platform/mellanox: mlxbf-tmfifo: Fix a memory barrier issue (git-fixes).
o platform/x86: hp-wireless: add AMD's hardware id to the supported list
(git-fixes).
o platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
(git-fixes).
o platform/x86: thinkpad_acpi: Correct thermal sensor allocation (git-fixes).
o pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
o pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
o power: supply: generic-adc-battery: fix possible use-after-free in
gab_remove() (git-fixes).
o power: supply: s3c_adc_battery: fix possible use-after-free in
s3c_adc_bat_remove() (git-fixes).
o power: supply: Use IRQF_ONESHOT (git-fixes).
o qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
o qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
o ravb: fix invalid context bug while calling auto-negotiation by ethtool
(git-fixes).
o ravb: fix invalid context bug while changing link options by ethtool
(git-fixes).
o RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991).
o Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#
191041).
o Revert "leds: lp5523: fix a missing check of return value of lp55xx_read"
(git-fixes).
o Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
op") (git-fixes).
o s390/stack: fix possible register corruption with stack switch helper (bsc#
1185677).
o scsi: aacraid: Fix an oops in error handling (bsc#1186698).
o scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516).
o scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517).
o scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#
1186518).
o scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#
1186519).
o scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
(bsc#1186699).
o scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520).
o scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521).
o scsi: bnx2i: Requires MMU (bsc#1186522).
o scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523).
o scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
(bsc#1186524).
o scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525).
o scsi: cxgb4i: Fix TLS dependency (bsc#1186526).
o scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc
#1186527).
o scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528).
o scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529).
o scsi: hisi_sas: Fix IRQ checks (bsc#1186530).
o scsi: hisi_sas: Remove preemptible() (bsc#1186638).
o scsi: jazz_esp: Add IRQ check (bsc#1186531).
o scsi: libfc: Fix enum-conversion warning (bsc#1186532).
o scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533).
o scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700).
o scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#
1186534).
o scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
o scsi: megaraid_sas: Check user-provided offsets (bsc#1186535).
o scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701).
o scsi: mesh: Fix panic after host or bus reset (bsc#1186537).
o scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#
1186538).
o scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539).
o scsi: powertec: Fix different dev_id between request_irq() and free_irq()
(bsc#1186540).
o scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541).
o scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#
1186542).
o scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#
1186543).
o scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
(bsc#1186545).
o scsi: qla4xxx: Remove in_interrupt() (bsc#1186546).
o scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#
1186547).
o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#
1174978 bsc#1185701).
o scsi: sd: Fix optimal I/O size for devices that change reported values (bsc
#1186548).
o scsi: sg: add sg_remove_request in sg_write (bsc#1186635).
o scsi: sni_53c710: Add IRQ check (bsc#1186549).
o scsi: sun3x_esp: Add IRQ check (bsc#1186550).
o scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556).
o scsi: ufs: core: Narrow down fast path in system suspend path (bsc#
1186551).
o scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#
1186552).
o scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630).
o scsi: ufs: fix ktime_t kabi change (bsc#1187630).
o scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554).
o scsi: ufs: Properly release resources if a task is aborted successfully
(bsc#1186555).
o scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010).
o scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631).
o serial: max310x: unregister uart driver in case of failure and abort
(git-fixes).
o serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
(git-fixes).
o serial: sh-sci: Fix off-by-one error in FIFO threshold register setting
(git-fixes).
o serial: stm32: fix incorrect characters on console (git-fixes).
o spi: dln2: Fix reference leak to master (git-fixes).
o spi: omap-100k: Fix reference leak to master (git-fixes).
o staging: emxx_udc: fix loop in _nbu2ss_nuke() (git-fixes).
o staging: iio: cdc: ad7746: avoid overwrite of num_channels (git-fixes).
o staging: rtl8723bs: Fix uninitialized variables (git-fixes).
o SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes).
o SUNRPC: fix refcount leak for rpc auth modules (git-fixes).
o SUNRPC: More fixes for backlog congestion (bsc#1185428).
o SUNRPC: Move fault injection call sites (git-fixes).
o SUNRPC: prevent port reuse on transports which do not request it (bnc#
1186264).
o svcrdma: disable timeouts on rdma backchannel (git-fixes).
o swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb"
(git-fixes).
o thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue
(git-fixes).
o tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990).
o tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
o tracing: Correct the length check which causes memory corruption
(git-fixes).
o tracing: Do no increment trace_clock_global() by one (git-fixes).
o tracing: Restructure trace_clock_global() to never block (git-fixes).
o ttyprintk: Add TTY hangup callback (git-fixes).
o ubifs: Only check replay with inode type to judge if inode linked (bsc#
1187455).
o USB: Add LPM quirk for Lenovo ThinkPad USB-C Dock Gen2 Ethernet
(git-fixes).
o USB: Add reset-resume quirk for WD19's Realtek Hub (git-fixes).
o USB: cdc-acm: always claim data interface (git-fixes).
o USB: cdc-acm: do not log successful probe on later errors (git-fixes).
o USB: core: hub: fix race condition about TRSMRCY of resume (git-fixes).
o USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
o USB: dwc3: omap: improve extcon initialization (git-fixes).
o USB: fotg210-hcd: Fix an error message (git-fixes).
o USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
o USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
(git-fixes).
o USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
o USB: serial: quatech2: fix control-request directions (git-fixes).
o USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
o USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
o USB: sl811-hcd: improve misleading indentation (git-fixes).
o USB: trancevibrator: fix control-request direction (git-fixes).
o USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header
(git-fixes).
o USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path
(git-fixes).
o USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
o USB: xhci: Fix port minor revision (git-fixes).
o USB: xhci: Increase timeout for HC halt (git-fixes).
o vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
o vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
o vfio/platform: fix module_put call in error flow (git-fixes).
o vgacon: Record video mode changes with VT_RESIZEX (git-fixes).
o video: hgafb: correctly handle card detect failure during probe (bsc#
1129770)
o video: hgafb: fix potential NULL pointer dereference (bsc#1129770)
Backporting changes: * context changes
o vsock/vmci: log once the failed queue pair allocation (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_mgmt_join (git-fixes).
o wl3501_cs: Fix out-of-bounds warnings in wl3501_send_pkt (git-fixes).
o x86: fix seq_file iteration for pat/memtype.c (git-fixes).
o x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#
1114648).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2349=1
o SUSE Linux Enterprise Real Time Extension 12-SP5:
zypper in -t patch SUSE-SLE-RT-12-SP5-2021-2349=1
Package List:
o SUSE MicroOS 5.0 (x86_64):
kernel-rt-4.12.14-10.49.1
kernel-rt-debuginfo-4.12.14-10.49.1
kernel-rt-debugsource-4.12.14-10.49.1
o SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
cluster-md-kmp-rt-4.12.14-10.49.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.49.1
dlm-kmp-rt-4.12.14-10.49.1
dlm-kmp-rt-debuginfo-4.12.14-10.49.1
gfs2-kmp-rt-4.12.14-10.49.1
gfs2-kmp-rt-debuginfo-4.12.14-10.49.1
kernel-rt-4.12.14-10.49.1
kernel-rt-base-4.12.14-10.49.1
kernel-rt-base-debuginfo-4.12.14-10.49.1
kernel-rt-debuginfo-4.12.14-10.49.1
kernel-rt-debugsource-4.12.14-10.49.1
kernel-rt-devel-4.12.14-10.49.1
kernel-rt-devel-debuginfo-4.12.14-10.49.1
kernel-rt_debug-4.12.14-10.49.1
kernel-rt_debug-debuginfo-4.12.14-10.49.1
kernel-rt_debug-debugsource-4.12.14-10.49.1
kernel-rt_debug-devel-4.12.14-10.49.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.49.1
kernel-syms-rt-4.12.14-10.49.1
ocfs2-kmp-rt-4.12.14-10.49.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.49.1
o SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
kernel-devel-rt-4.12.14-10.49.1
kernel-source-rt-4.12.14-10.49.1
References:
o https://www.suse.com/security/cve/CVE-2019-25045.html
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2020-36386.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://bugzilla.suse.com/1103990
o https://bugzilla.suse.com/1103991
o https://bugzilla.suse.com/1104353
o https://bugzilla.suse.com/1113994
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1135481
o https://bugzilla.suse.com/1136345
o https://bugzilla.suse.com/1174978
o https://bugzilla.suse.com/1179610
o https://bugzilla.suse.com/1182470
o https://bugzilla.suse.com/1184040
o https://bugzilla.suse.com/1185428
o https://bugzilla.suse.com/1185486
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185701
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1186206
o https://bugzilla.suse.com/1186264
o https://bugzilla.suse.com/1186463
o https://bugzilla.suse.com/1186515
o https://bugzilla.suse.com/1186516
o https://bugzilla.suse.com/1186517
o https://bugzilla.suse.com/1186518
o https://bugzilla.suse.com/1186519
o https://bugzilla.suse.com/1186520
o https://bugzilla.suse.com/1186521
o https://bugzilla.suse.com/1186522
o https://bugzilla.suse.com/1186523
o https://bugzilla.suse.com/1186524
o https://bugzilla.suse.com/1186525
o https://bugzilla.suse.com/1186526
o https://bugzilla.suse.com/1186527
o https://bugzilla.suse.com/1186528
o https://bugzilla.suse.com/1186529
o https://bugzilla.suse.com/1186530
o https://bugzilla.suse.com/1186531
o https://bugzilla.suse.com/1186532
o https://bugzilla.suse.com/1186533
o https://bugzilla.suse.com/1186534
o https://bugzilla.suse.com/1186535
o https://bugzilla.suse.com/1186537
o https://bugzilla.suse.com/1186538
o https://bugzilla.suse.com/1186539
o https://bugzilla.suse.com/1186540
o https://bugzilla.suse.com/1186541
o https://bugzilla.suse.com/1186542
o https://bugzilla.suse.com/1186543
o https://bugzilla.suse.com/1186545
o https://bugzilla.suse.com/1186546
o https://bugzilla.suse.com/1186547
o https://bugzilla.suse.com/1186548
o https://bugzilla.suse.com/1186549
o https://bugzilla.suse.com/1186550
o https://bugzilla.suse.com/1186551
o https://bugzilla.suse.com/1186552
o https://bugzilla.suse.com/1186554
o https://bugzilla.suse.com/1186555
o https://bugzilla.suse.com/1186556
o https://bugzilla.suse.com/1186627
o https://bugzilla.suse.com/1186635
o https://bugzilla.suse.com/1186638
o https://bugzilla.suse.com/1186698
o https://bugzilla.suse.com/1186699
o https://bugzilla.suse.com/1186700
o https://bugzilla.suse.com/1186701
o https://bugzilla.suse.com/1187038
o https://bugzilla.suse.com/1187049
o https://bugzilla.suse.com/1187402
o https://bugzilla.suse.com/1187404
o https://bugzilla.suse.com/1187407
o https://bugzilla.suse.com/1187408
o https://bugzilla.suse.com/1187409
o https://bugzilla.suse.com/1187411
o https://bugzilla.suse.com/1187412
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187453
o https://bugzilla.suse.com/1187455
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1187630
o https://bugzilla.suse.com/1187631
o https://bugzilla.suse.com/1187833
o https://bugzilla.suse.com/1187867
o https://bugzilla.suse.com/1187972
o https://bugzilla.suse.com/1188010
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2321-1
Rating: important
References: #1103990 #1103991 #1104353 #1113994 #1114648 #1129770
#1135481 #1136345 #1174978 #1179610 #1182470 #1185486
#1185677 #1185701 #1185861 #1185863 #1186206 #1186264
#1186463 #1186515 #1186516 #1186517 #1186518 #1186519
#1186520 #1186521 #1186522 #1186523 #1186524 #1186525
#1186526 #1186527 #1186528 #1186529 #1186530 #1186531
#1186532 #1186533 #1186534 #1186535 #1186537 #1186538
#1186539 #1186540 #1186541 #1186542 #1186543 #1186545
#1186546 #1186547 #1186548 #1186549 #1186550 #1186551
#1186552 #1186554 #1186555 #1186556 #1186627 #1186635
#1186638 #1186698 #1186699 #1186700 #1186701 #1187038
#1187049 #1187402 #1187404 #1187407 #1187408 #1187409
#1187411 #1187412 #1187452 #1187453 #1187455 #1187554
#1187595 #1187601 #1187630 #1187631 #1187833 #1187867
#1187972
Cross-References: CVE-2019-25045 CVE-2020-24588 CVE-2020-26558 CVE-2020-36386
CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
CVE-2021-34693
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 76 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak
the contents of arbitrary kernel memory (and therefore, of all physical
memory) via a side-channel. (bsc#1187554)
o CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM
subsystem, related to an xfrm_state_fini panic. (bsc#1187049)
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
o CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing
that could permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing. (bsc#1179610)
o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users
to obtain sensitive information from kernel stack memory because parts of a
data structure are uninitialized. (bsc#1187452)
o CVE-2021-0129: Fixed an improper access control in BlueZ that may have
allowed an authenticated user to potentially enable information disclosure
via adjacent access. (bsc#1186463)
o CVE-2020-36386: Fixed an out-of-bounds read in
hci_extended_inquiry_result_evt. (bsc#1187038)
o CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices
that support receiving non-SSP A-MSDU frames to inject arbitrary network
packets. (bsc#1185861)
The following non-security bugs were fixed:
o ALSA: timer: Fix master timer notification (git-fixes).
o alx: Fix an error handling path in 'alx_probe()' (git-fixes).
o ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
o batman-adv: Avoid WARN_ON timing related checks (git-fixes).
o blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453).
o blk-wbt: Fix missed wakeup (bsc#1186627).
o block: Discard page cache of zone reset target range (bsc#1187402).
o Bluetooth: fix the erroneous flush_work() order (git-fixes).
o Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
o btrfs: account for new extents being deleted in total_bytes_pinned (bsc#
1135481).
o btrfs: add a comment explaining the data flush steps (bsc#1135481).
o btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
o btrfs: add flushing states for handling data reservations (bsc#1135481).
o btrfs: add missing error handling after doing leaf/node binary search (bsc#
1187833).
o btrfs: add the data transaction commit logic into may_commit_transaction
(bsc#1135481).
o btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#
1135481).
o btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
o btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#
1135481).
o btrfs: change insert_dirty_subvol to return errors (bsc#1187833).
o btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
o btrfs: check record_root_in_trans related failures in select_reloc_root
(bsc#1187833).
o btrfs: check return value of btrfs_commit_transaction in relocation (bsc#
1187833).
o btrfs: check tickets after waiting on ordered extents (bsc#1135481).
o btrfs: cleanup error handling in prepare_to_merge (bsc#1187833).
o btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833).
o btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#
1187833).
o btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#
1187833).
o btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#
1187833).
o btrfs: do async reclaim for data reservations (bsc#1135481).
o btrfs: do not force commit if we are data (bsc#1135481).
o btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833).
o btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481).
o btrfs: do not panic in __add_reloc_root (bsc#1187833).
o btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833).
o btrfs: do proper error handling in create_reloc_inode (bsc#1187833).
o btrfs: do proper error handling in create_reloc_root (bsc#1187833).
o btrfs: do proper error handling in merge_reloc_roots (bsc#1187833).
o btrfs: do proper error handling in record_reloc_root_in_trans (bsc#
1187833).
o btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
o btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
o btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
o btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#
1187833).
o btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#
1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#
1187833).
o btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#
1187833).
o btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833).
o btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#
1187833).
o btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#
1187833).
o btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#
1187833).
o btrfs: handle errors from select_reloc_root() (bsc#1187833).
o btrfs: handle errors in reference count manipulation in replace_path (bsc#
1187833).
o btrfs: handle extent corruption with select_one_root properly (bsc#
1187833).
o btrfs: handle extent reference errors in do_relocation (bsc#1187833).
o btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans
(bsc#1187833).
o btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#
1187833).
o btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#
1187833).
o btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself
(bsc#1135481).
o btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
o btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833).
o btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
o btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
o btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#
1187833).
o btrfs: remove err variable from do_relocation (bsc#1187833).
o btrfs: remove nr_async_bios (bsc#1135481).
o btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481).
Preparation for ticketed data space flushing in btrfs.
o btrfs: remove orig from shrink_delalloc (bsc#1135481).
o btrfs: remove the extent item sanity checks in relocate_block_group (bsc#
1187833).
o btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833).
o btrfs: run delayed iputs before committing the transaction for data (bsc#
1135481).
o btrfs: serialize data reservations if we are flushing (bsc#1135481).
o btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
o btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
o btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
improperly (bsc#1187833).
o btrfs: unset reloc control if we fail to recover (bsc#1187833).
o btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
o btrfs: use customized batch size for total_bytes_pinned (bsc#1135481).
Turns out using the batched percpu api had an effect on timing w.r.t
metadata/data reclaim. So backport this patch as well, side effect is it's
also bringing the code closer to upstream so future backports shall be made
easier.
o btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481).
Preparation for introducing ticketed space handling for data space. Due to
the sequence of patches, the main patch has embedded in it changes from
other patches which remove some unused arguments. This is done to ease
backporting itself and shouldn't have any repercussions on functionality.
o btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc
#1135481).
o btrfs: use the same helper for data and metadata reservations (bsc#
1135481).
o btrfs: use ticketing for data space reservations (bsc#1135481).
o btrfs: validate root::reloc_root after recording root in trans (bsc#
1187833).
o can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
o cgroup1: do not allow '\n' in renaming (bsc#1187972).
o char: hpet: add checks after calling ioremap (git-fixes).
o cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#
SLE-4681).
o dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
o dax: Add an enum for specifying dax wakup mode (bsc#1187411).
o dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
o dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
o dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
o dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
o dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
o drbd: Remove uninitialized_var() usage (bsc#1186515).
o drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770)
Backporting changes: * move from driver/video/fbdev/core to driver/video/
console * context changes
o drm: Fix use-after-free read in drm_getunique() (git-fixes).
o drm: Lock pointer access in drm_master_release() (git-fixes).
o drm/amdgpu: Fix a use-after-free (git-fixes).
o efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
o efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
o ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
o ext4: fix check to prevent false positive report of incorrect used inodes
(bsc#1187404).
o ext4: fix error code in ext4_commit_super (bsc#1187407).
o ext4: fix memory leak in ext4_fill_super (bsc#1187409).
o FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528).
o ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
o ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
o HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
o i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
o ima: Free IMA measurement buffer after kexec syscall (git-fixes).
o isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
o isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
(git-fixes).
o ixgbe: fix large MTU request from VF (git-fixes).
o ixgbevf: add correct exception tracing for XDP (bsc#1113994 ).
o kabi fix for NFSv4.1: Do not rebind to the same source port when
reconnecting to the server (bnc#1186264).
o kernel: kexec_file: fix error return code of kexec_calculate_store_digests
() (git-fixes).
o kthread_worker: split code for canceling the delayed work timer (bsc#
1187867).
o kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
o libertas: register sysfs groups properly (git-fixes).
o md: Fix missing unused status line of /proc/mdstat (git-fixes).
o media: dvb: Add check on sp8870_readreg return (git-fixes).
o media: gspca: properly check for errors in po1030_probe() (git-fixes).
o mei: request autosuspend after sending rx flow control (git-fixes).
o Move nfs backports into sorted section
o net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
o net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes).
o net: fix iteration for sctp transport seq_files (git-fixes).
o net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353).
o net: netcp: Fix an error message (git-fixes).
o net: stmmac: ensure that the device has released ownership before reading
data (git-fixes).
o net/nfc/rawsock.c: fix a permission check bug (git-fixes).
o net/smc: remove device from smcd_dev_list after failed device_add()
(git-fixes).
o nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
(git-fixes).
o NFS: Deal correctly with attribute generation counter overflow (git-fixes).
o NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
(git-fixes).
o NFS: Do not gratuitously clear the inode cache when lookup failed
(git-fixes).
o NFS: Do not revalidate the directory permissions on a lookup failure
(git-fixes).
o NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
o NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
o NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
o NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
o NFS: Do not discard segments marked for return in _pnfs_return_layout()
(git-fixes).
o NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
(git-fixes).
o NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
(git-fixes).
o NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
(git-fixes).
o NFS: Do not rebind to the same source port when reconnecting to the server
(bnc#1186264).
o NFS: fix handling of sr_eof in SEEK's reply (git-fixes).
o NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
o NFS: fix return value of _nfs4_get_security_label() (git-fixes).
o ocfs2: fix data corruption by fallocate (bsc#1187412).
o parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770)
o pid: take a reference when initializing `cad_pid` (bsc#1114648).
o platform/x86: hp-wireless: add AMD's hardware id to the supported list
(git-fixes).
o platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
(git-fixes).
o pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
o pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
o qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
o qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
o ravb: fix invalid context bug while calling auto-negotiation by ethtool
(git-fixes).
o ravb: fix invalid context bug while changing link options by ethtool
(git-fixes).
o RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991).
o Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#
191041).
o Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
op") (git-fixes).
o s390/stack: fix possible register corruption with stack switch helper (bsc#
1185677).
o scsi: aacraid: Fix an oops in error handling (bsc#1186698).
o scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516).
o scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517).
o scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#
1186518).
o scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#
1186519).
o scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
(bsc#1186699).
o scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520).
o scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521).
o scsi: bnx2i: Requires MMU (bsc#1186522).
o scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523).
o scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
(bsc#1186524).
o scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525).
o scsi: cxgb4i: Fix TLS dependency (bsc#1186526).
o scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc
#1186527).
o scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528).
o scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529).
o scsi: hisi_sas: Fix IRQ checks (bsc#1186530).
o scsi: hisi_sas: Remove preemptible() (bsc#1186638).
o scsi: jazz_esp: Add IRQ check (bsc#1186531).
o scsi: libfc: Fix enum-conversion warning (bsc#1186532).
o scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533).
o scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700).
o scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#
1186534).
o scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
o scsi: megaraid_sas: Check user-provided offsets (bsc#1186535).
o scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701).
o scsi: mesh: Fix panic after host or bus reset (bsc#1186537).
o scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#
1186538).
o scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539).
o scsi: powertec: Fix different dev_id between request_irq() and free_irq()
(bsc#1186540).
o scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541).
o scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#
1186542).
o scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#
1186543).
o scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
(bsc#1186545).
o scsi: qla4xxx: Remove in_interrupt() (bsc#1186546).
o scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#
1186547).
o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#
1174978 bsc#1185701).
o scsi: sd: Fix optimal I/O size for devices that change reported values (bsc
#1186548).
o scsi: sg: add sg_remove_request in sg_write (bsc#1186635).
o scsi: sni_53c710: Add IRQ check (bsc#1186549).
o scsi: sun3x_esp: Add IRQ check (bsc#1186550).
o scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556).
o scsi: ufs: core: Narrow down fast path in system suspend path (bsc#
1186551).
o scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#
1186552).
o scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630).
o scsi: ufs: fix ktime_t kabi change (bsc#1187630).
o scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554).
o scsi: ufs: Properly release resources if a task is aborted successfully
(bsc#1186555).
o scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631).
o serial: max310x: unregister uart driver in case of failure and abort
(git-fixes).
o serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
(git-fixes).
o staging: rtl8723bs: Fix uninitialized variables (git-fixes).
o SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes).
o sunrpc: fix refcount leak for rpc auth modules (git-fixes).
o SUNRPC: Move fault injection call sites (git-fixes).
o SUNRPC: prevent port reuse on transports which do not request it (bnc#
1186264).
o svcrdma: disable timeouts on rdma backchannel (git-fixes).
o swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb"
(git-fixes).
o tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990).
o tracing: Correct the length check which causes memory corruption
(git-fixes).
o tracing: Do no increment trace_clock_global() by one (git-fixes).
o tracing: Restructure trace_clock_global() to never block (git-fixes).
o ttyprintk: Add TTY hangup callback (git-fixes).
o ubifs: Only check replay with inode type to judge if inode linked (bsc#
1187455).
o USB: cdc-acm: always claim data interface (git-fixes).
o USB: cdc-acm: do not log successful probe on later errors (git-fixes).
o USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
o USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
o USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
(git-fixes).
o USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
o USB: serial: quatech2: fix control-request directions (git-fixes).
o USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
o USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
o USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header
(git-fixes).
o USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path
(git-fixes).
o USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
o vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
o vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
o vfio/platform: fix module_put call in error flow (git-fixes).
o video: hgafb: correctly handle card detect failure during probe (bsc#
1129770)
o video: hgafb: fix potential NULL pointer dereference (bsc#1129770)
Backporting changes: * context changes
o x86: fix seq_file iteration for pat/memtype.c (git-fixes).
o x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#
1114648).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2321=1
Package List:
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-azure-4.12.14-16.62.1
kernel-azure-base-4.12.14-16.62.1
kernel-azure-base-debuginfo-4.12.14-16.62.1
kernel-azure-debuginfo-4.12.14-16.62.1
kernel-azure-debugsource-4.12.14-16.62.1
kernel-azure-devel-4.12.14-16.62.1
kernel-syms-azure-4.12.14-16.62.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-azure-4.12.14-16.62.1
kernel-source-azure-4.12.14-16.62.1
References:
o https://www.suse.com/security/cve/CVE-2019-25045.html
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2020-36386.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://bugzilla.suse.com/1103990
o https://bugzilla.suse.com/1103991
o https://bugzilla.suse.com/1104353
o https://bugzilla.suse.com/1113994
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1135481
o https://bugzilla.suse.com/1136345
o https://bugzilla.suse.com/1174978
o https://bugzilla.suse.com/1179610
o https://bugzilla.suse.com/1182470
o https://bugzilla.suse.com/1185486
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185701
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1186206
o https://bugzilla.suse.com/1186264
o https://bugzilla.suse.com/1186463
o https://bugzilla.suse.com/1186515
o https://bugzilla.suse.com/1186516
o https://bugzilla.suse.com/1186517
o https://bugzilla.suse.com/1186518
o https://bugzilla.suse.com/1186519
o https://bugzilla.suse.com/1186520
o https://bugzilla.suse.com/1186521
o https://bugzilla.suse.com/1186522
o https://bugzilla.suse.com/1186523
o https://bugzilla.suse.com/1186524
o https://bugzilla.suse.com/1186525
o https://bugzilla.suse.com/1186526
o https://bugzilla.suse.com/1186527
o https://bugzilla.suse.com/1186528
o https://bugzilla.suse.com/1186529
o https://bugzilla.suse.com/1186530
o https://bugzilla.suse.com/1186531
o https://bugzilla.suse.com/1186532
o https://bugzilla.suse.com/1186533
o https://bugzilla.suse.com/1186534
o https://bugzilla.suse.com/1186535
o https://bugzilla.suse.com/1186537
o https://bugzilla.suse.com/1186538
o https://bugzilla.suse.com/1186539
o https://bugzilla.suse.com/1186540
o https://bugzilla.suse.com/1186541
o https://bugzilla.suse.com/1186542
o https://bugzilla.suse.com/1186543
o https://bugzilla.suse.com/1186545
o https://bugzilla.suse.com/1186546
o https://bugzilla.suse.com/1186547
o https://bugzilla.suse.com/1186548
o https://bugzilla.suse.com/1186549
o https://bugzilla.suse.com/1186550
o https://bugzilla.suse.com/1186551
o https://bugzilla.suse.com/1186552
o https://bugzilla.suse.com/1186554
o https://bugzilla.suse.com/1186555
o https://bugzilla.suse.com/1186556
o https://bugzilla.suse.com/1186627
o https://bugzilla.suse.com/1186635
o https://bugzilla.suse.com/1186638
o https://bugzilla.suse.com/1186698
o https://bugzilla.suse.com/1186699
o https://bugzilla.suse.com/1186700
o https://bugzilla.suse.com/1186701
o https://bugzilla.suse.com/1187038
o https://bugzilla.suse.com/1187049
o https://bugzilla.suse.com/1187402
o https://bugzilla.suse.com/1187404
o https://bugzilla.suse.com/1187407
o https://bugzilla.suse.com/1187408
o https://bugzilla.suse.com/1187409
o https://bugzilla.suse.com/1187411
o https://bugzilla.suse.com/1187412
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187453
o https://bugzilla.suse.com/1187455
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1187630
o https://bugzilla.suse.com/1187631
o https://bugzilla.suse.com/1187833
o https://bugzilla.suse.com/1187867
o https://bugzilla.suse.com/1187972
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2324-1
Rating: important
References: #1103990 #1103991 #1104353 #1113994 #1114648 #1129770
#1135481 #1136345 #1174978 #1179610 #1182470 #1185486
#1185677 #1185701 #1185861 #1185863 #1186206 #1186264
#1186463 #1186515 #1186516 #1186517 #1186518 #1186519
#1186520 #1186521 #1186522 #1186523 #1186524 #1186525
#1186526 #1186527 #1186528 #1186529 #1186530 #1186531
#1186532 #1186533 #1186534 #1186535 #1186537 #1186538
#1186539 #1186540 #1186541 #1186542 #1186543 #1186545
#1186546 #1186547 #1186548 #1186549 #1186550 #1186551
#1186552 #1186554 #1186555 #1186556 #1186627 #1186635
#1186638 #1186698 #1186699 #1186700 #1186701 #1187038
#1187049 #1187402 #1187404 #1187407 #1187408 #1187409
#1187411 #1187412 #1187452 #1187453 #1187455 #1187554
#1187595 #1187601 #1187630 #1187631 #1187833 #1187867
#1187972 #1188010
Cross-References: CVE-2019-25045 CVE-2020-24588 CVE-2020-26558 CVE-2020-36386
CVE-2021-0129 CVE-2021-0512 CVE-2021-0605 CVE-2021-33624
CVE-2021-34693
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 9 vulnerabilities and has 77 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak
the contents of arbitrary kernel memory (and therefore, of all physical
memory) via a side-channel. (bsc#1187554)
o CVE-2019-25045: Fixed an use-after-free issue in the Linux kernel The XFRM
subsystem, related to an xfrm_state_fini panic. (bsc#1187049)
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
o CVE-2020-26558: Fixed a flaw in the Bluetooth LE and BR/EDR secure pairing
that could permit a nearby man-in-the-middle attacker to identify the
Passkey used during pairing. (bsc#1179610)
o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users
to obtain sensitive information from kernel stack memory because parts of a
data structure are uninitialized. (bsc#1187452)
o CVE-2021-0129: Fixed an improper access control in BlueZ that may have
allowed an authenticated user to potentially enable information disclosure
via adjacent access. (bsc#1186463)
o CVE-2020-36386: Fixed an out-of-bounds read in
hci_extended_inquiry_result_evt. (bsc#1187038)
o CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices
that support receiving non-SSP A-MSDU frames to inject arbitrary network
packets. (bsc#1185861)
The following non-security bugs were fixed:
o ALSA: timer: Fix master timer notification (git-fixes).
o alx: Fix an error handling path in 'alx_probe()' (git-fixes).
o ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
o batman-adv: Avoid WARN_ON timing related checks (git-fixes).
o blk-mq: Swap two calls in blk_mq_exit_queue() (bsc#1187453).
o blk-wbt: Fix missed wakeup (bsc#1186627).
o block: Discard page cache of zone reset target range (bsc#1187402).
o Bluetooth: fix the erroneous flush_work() order (git-fixes).
o Bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
o btrfs: account for new extents being deleted in total_bytes_pinned (bsc#
1135481).
o btrfs: add a comment explaining the data flush steps (bsc#1135481).
o btrfs: add btrfs_reserve_data_bytes and use it (bsc#1135481).
o btrfs: add flushing states for handling data reservations (bsc#1135481).
o btrfs: add missing error handling after doing leaf/node binary search (bsc#
1187833).
o btrfs: add the data transaction commit logic into may_commit_transaction
(bsc#1135481).
o btrfs: call btrfs_try_granting_tickets when freeing reserved bytes (bsc#
1135481).
o btrfs: call btrfs_try_granting_tickets when reserving space (bsc#1135481).
o btrfs: call btrfs_try_granting_tickets when unpinning anything (bsc#
1135481).
o btrfs: change insert_dirty_subvol to return errors (bsc#1187833).
o btrfs: change nr to u64 in btrfs_start_delalloc_roots (bsc#1135481).
o btrfs: check record_root_in_trans related failures in select_reloc_root
(bsc#1187833).
o btrfs: check return value of btrfs_commit_transaction in relocation (bsc#
1187833).
o btrfs: check tickets after waiting on ordered extents (bsc#1135481).
o btrfs: cleanup error handling in prepare_to_merge (bsc#1187833).
o btrfs: convert BUG_ON()'s in relocate_tree_block (bsc#1187833).
o btrfs: convert BUG_ON()'s in select_reloc_root() to proper errors (bsc#
1187833).
o btrfs: convert logic BUG_ON()'s in replace_path to ASSERT()'s (bsc#
1187833).
o btrfs: convert some BUG_ON()'s to ASSERT()'s in do_relocation (bsc#
1187833).
o btrfs: do async reclaim for data reservations (bsc#1135481).
o btrfs: do not force commit if we are data (bsc#1135481).
o btrfs: do not leak reloc root if we fail to read the fs root (bsc#1187833).
o btrfs: do not make defrag wait on async_delalloc_pages (bsc#1135481).
o btrfs: do not panic in __add_reloc_root (bsc#1187833).
o btrfs: do proper error handling in btrfs_update_reloc_root (bsc#1187833).
o btrfs: do proper error handling in create_reloc_inode (bsc#1187833).
o btrfs: do proper error handling in create_reloc_root (bsc#1187833).
o btrfs: do proper error handling in merge_reloc_roots (bsc#1187833).
o btrfs: do proper error handling in record_reloc_root_in_trans (bsc#
1187833).
o btrfs: drop the commit_cycles stuff for data reservations (bsc#1135481).
o btrfs: fix possible infinite loop in data async reclaim (bsc#1135481).
o btrfs: flush delayed refs when trying to reserve data space (bsc#1135481).
o btrfs: handle __add_reloc_root failures in btrfs_recover_relocation (bsc#
1187833).
o btrfs: handle btrfs_cow_block errors in replace_path (bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_recover_log_trees
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename (bsc#
1187833).
o btrfs: handle btrfs_record_root_in_trans failure in btrfs_rename_exchange
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in create_subvol (bsc#
1187833).
o btrfs: handle btrfs_record_root_in_trans failure in relocate_tree_block
(bsc#1187833).
o btrfs: handle btrfs_record_root_in_trans failure in start_transaction (bsc#
1187833).
o btrfs: handle btrfs_search_slot failure in replace_path (bsc#1187833).
o btrfs: handle btrfs_update_reloc_root failure in commit_fs_roots (bsc#
1187833).
o btrfs: handle btrfs_update_reloc_root failure in insert_dirty_subvol (bsc#
1187833).
o btrfs: handle btrfs_update_reloc_root failure in prepare_to_merge (bsc#
1187833).
o btrfs: handle errors from select_reloc_root() (bsc#1187833).
o btrfs: handle errors in reference count manipulation in replace_path (bsc#
1187833).
o btrfs: handle extent corruption with select_one_root properly (bsc#
1187833).
o btrfs: handle extent reference errors in do_relocation (bsc#1187833).
o btrfs: handle record_root_in_trans failure in btrfs_record_root_in_trans
(bsc#1187833).
o btrfs: handle record_root_in_trans failure in create_pending_snapshot (bsc#
1187833).
o btrfs: handle record_root_in_trans failure in qgroup_account_snapshot (bsc#
1187833).
o btrfs: handle space_info::total_bytes_pinned inside the delayed ref itself
(bsc#1135481).
o btrfs: handle U64_MAX for shrink_delalloc (bsc#1135481).
o btrfs: have proper error handling in btrfs_init_reloc_root (bsc#1187833).
o btrfs: make ALLOC_CHUNK use the space info flags (bsc#1135481).
o btrfs: make shrink_delalloc take space_info as an arg (bsc#1135481).
o btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#
1187833).
o btrfs: remove err variable from do_relocation (bsc#1187833).
o btrfs: remove nr_async_bios (bsc#1135481).
o btrfs: remove nr_async_submits and async_submit_draining (bsc#1135481).
Preparation for ticketed data space flushing in btrfs.
o btrfs: remove orig from shrink_delalloc (bsc#1135481).
o btrfs: remove the extent item sanity checks in relocate_block_group (bsc#
1187833).
o btrfs: return an error from btrfs_record_root_in_trans (bsc#1187833).
o btrfs: run delayed iputs before committing the transaction for data (bsc#
1135481).
o btrfs: serialize data reservations if we are flushing (bsc#1135481).
o btrfs: shrink delalloc pages instead of full inodes (bsc#1135481).
o btrfs: track ordered bytes instead of just dio ordered bytes (bsc#1135481).
o btrfs: tree-checker: check for BTRFS_BLOCK_FLAG_FULL_BACKREF being set
improperly (bsc#1187833).
o btrfs: unset reloc control if we fail to recover (bsc#1187833).
o btrfs: use btrfs_start_delalloc_roots in shrink_delalloc (bsc#1135481).
o btrfs: use customized batch size for total_bytes_pinned (bsc#1135481).
Turns out using the batched percpu api had an effect on timing w.r.t
metadata/data reclaim. So backport this patch as well, side effect is it's
also bringing the code closer to upstream so future backports shall be made
easier.
o btrfs: use tagged writepage to mitigate livelock of snapshot (bsc#1135481).
Preparation for introducing ticketed space handling for data space. Due to
the sequence of patches, the main patch has embedded in it changes from
other patches which remove some unused arguments. This is done to ease
backporting itself and shouldn't have any repercussions on functionality.
o btrfs: use the btrfs_space_info_free_bytes_may_use helper for delalloc (bsc
#1135481).
o btrfs: use the same helper for data and metadata reservations (bsc#
1135481).
o btrfs: use ticketing for data space reservations (bsc#1135481).
o btrfs: validate root::reloc_root after recording root in trans (bsc#
1187833).
o can: flexcan: disable completely the ECC mechanism (git-fixes).
o can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
o can: xilinx_can: xcan_chip_start(): fix failure with invalid bus
(git-fixes).
o cgroup1: do not allow '\n' in renaming (bsc#1187972).
o char: hpet: add checks after calling ioremap (git-fixes).
o crypto: ccp - Fix a resource leak in an error handling path (12sp5).
o cxgb4: avoid accessing registers when clearing filters (bsc#1136345 jsc#
SLE-4681).
o dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
o dax: Add an enum for specifying dax wakup mode (bsc#1187411).
o dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
o dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
o dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
o dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
o dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
o drbd: Remove uninitialized_var() usage (bsc#1186515).
o drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (bsc#1129770)
Backporting changes: * move from driver/video/fbdev/core to driver/video/
console * context changes
o drm: Fix use-after-free read in drm_getunique() (git-fixes).
o drm: Lock pointer access in drm_master_release() (git-fixes).
o drm/amdgpu: Fix a use-after-free (git-fixes).
o efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
o efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
o ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
o ext4: fix check to prevent false positive report of incorrect used inodes
(bsc#1187404).
o ext4: fix error code in ext4_commit_super (bsc#1187407).
o ext4: fix memory leak in ext4_fill_super (bsc#1187409).
o FCOE: fcoe_wwn_from_mac kABI fix (bsc#1186528).
o ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
o ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
o HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
o i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
o ima: Free IMA measurement buffer after kexec syscall (git-fixes).
o isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
o isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
(git-fixes).
o ixgbe: fix large MTU request from VF (git-fixes).
o ixgbevf: add correct exception tracing for XDP (bsc#1113994 ).
o kabi fix for NFSv4.1: Do not rebind to the same source port when
reconnecting to the server (bnc#1186264).
o kernel: kexec_file: fix error return code of kexec_calculate_store_digests
() (git-fixes).
o kthread_worker: split code for canceling the delayed work timer (bsc#
1187867).
o kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
o libertas: register sysfs groups properly (git-fixes).
o md: Fix missing unused status line of /proc/mdstat (git-fixes).
o media: dvb: Add check on sp8870_readreg return (git-fixes).
o media: gspca: properly check for errors in po1030_probe() (git-fixes).
o mei: request autosuspend after sending rx flow control (git-fixes).
o mlxsw: spectrum: Do not process learned records with a dummy FID
(git-fixes).
o Move nfs backports into sorted section
o net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
o net: caif: Fix debugfs on 64-bit platforms (git-fixes).
o net: dsa: mv88e6xxx: Fix writing to a PHY page (git-fixes).
o net: dsa: qca8k: Use up to 7 ports for all operations (git-fixes).
o net: fix iteration for sctp transport seq_files (git-fixes).
o net: hns3: Limiting the scope of vector_ring_chain variable (bsc#1104353).
o net: netcp: Fix an error message (git-fixes).
o net: stmmac: Correctly take timestamp for PTPv2 (git-fixes).
o net: stmmac: ensure that the device has released ownership before reading
data (git-fixes).
o net/nfc/rawsock.c: fix a permission check bug (git-fixes).
o net/smc: remove device from smcd_dev_list after failed device_add()
(git-fixes).
o nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
(git-fixes).
o NFS: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
o NFS: Deal correctly with attribute generation counter overflow (git-fixes).
o NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
(git-fixes).
o NFS: Do not discard segments marked for return in _pnfs_return_layout()
(git-fixes).
o NFS: Do not gratuitously clear the inode cache when lookup failed
(git-fixes).
o NFS: Do not rebind to the same source port when reconnecting to the server
(bnc#1186264).
o NFS: Do not revalidate the directory permissions on a lookup failure
(git-fixes).
o NFS: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
(git-fixes).
o NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
o NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
o NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
o NFS: fix handling of sr_eof in SEEK's reply (git-fixes).
o NFS: fix return value of _nfs4_get_security_label() (git-fixes).
o NFS: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
(git-fixes).
o NFS: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
(git-fixes).
o NFS: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
o ocfs2: fix data corruption by fallocate (bsc#1187412).
o parisc: parisc-agp requires SBA IOMMU driver (bsc#1129770)
o pid: take a reference when initializing `cad_pid` (bsc#1114648).
o platform/x86: hp-wireless: add AMD's hardware id to the supported list
(git-fixes).
o platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
(git-fixes).
o pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
o pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
o qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
o qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
o ravb: fix invalid context bug while calling auto-negotiation by ethtool
(git-fixes).
o ravb: fix invalid context bug while changing link options by ethtool
(git-fixes).
o RDMA/mlx5: Recover from fatal event in dual port mode (bsc#1103991).
o Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#
191041).
o Revert 337f13046ff0 ("futex: Allow FUTEX_CLOCK_REALTIME with FUTEX_WAIT
op") (git-fixes).
o s390/stack: fix possible register corruption with stack switch helper (bsc#
1185677).
o scsi: aacraid: Fix an oops in error handling (bsc#1186698).
o scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186516).
o scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186517).
o scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#
1186518).
o scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#
1186519).
o scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
(bsc#1186699).
o scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186520).
o scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186521).
o scsi: bnx2i: Requires MMU (bsc#1186522).
o scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186523).
o scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
(bsc#1186524).
o scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186525).
o scsi: cxgb4i: Fix TLS dependency (bsc#1186526).
o scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc
#1186527).
o scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1186528).
o scsi: fnic: Fix error return code in fnic_probe() (bsc#1186529).
o scsi: hisi_sas: Fix IRQ checks (bsc#1186530).
o scsi: hisi_sas: Remove preemptible() (bsc#1186638).
o scsi: jazz_esp: Add IRQ check (bsc#1186531).
o scsi: libfc: Fix enum-conversion warning (bsc#1186532).
o scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186533).
o scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1186700).
o scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#
1186534).
o scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
o scsi: megaraid_sas: Check user-provided offsets (bsc#1186535).
o scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186701).
o scsi: mesh: Fix panic after host or bus reset (bsc#1186537).
o scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#
1186538).
o scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186539).
o scsi: powertec: Fix different dev_id between request_irq() and free_irq()
(bsc#1186540).
o scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186541).
o scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#
1186542).
o scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#
1186543).
o scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
(bsc#1186545).
o scsi: qla4xxx: Remove in_interrupt() (bsc#1186546).
o scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#
1186547).
o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#
1174978 bsc#1185701).
o scsi: sd: Fix optimal I/O size for devices that change reported values (bsc
#1186548).
o scsi: sg: add sg_remove_request in sg_write (bsc#1186635).
o scsi: sni_53c710: Add IRQ check (bsc#1186549).
o scsi: sun3x_esp: Add IRQ check (bsc#1186550).
o scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1186556).
o scsi: ufs: core: Narrow down fast path in system suspend path (bsc#
1186551).
o scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#
1186552).
o scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187630).
o SCSI: ufs: fix ktime_t kabi change (bsc#1187630).
o scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186554).
o scsi: ufs: Properly release resources if a task is aborted successfully
(bsc#1186555).
o scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1188010).
o scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187631).
o serial: max310x: unregister uart driver in case of failure and abort
(git-fixes).
o serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
(git-fixes).
o staging: rtl8723bs: Fix uninitialized variables (git-fixes).
o SUNRPC: correct error code comment in xs_tcp_setup_socket() (git-fixes).
o SUNRPC: fix refcount leak for rpc auth modules (git-fixes).
o SUNRPC: Move fault injection call sites (git-fixes).
o SUNRPC: prevent port reuse on transports which do not request it (bnc#
1186264).
o svcrdma: disable timeouts on rdma backchannel (git-fixes).
o swiotlb: fix "x86: Do not panic if can not alloc buffer for swiotlb"
(git-fixes).
o tls splice: check SPLICE_F_NONBLOCK instead of MSG_DONTWAIT (bsc#1103990).
o tracing: Correct the length check which causes memory corruption
(git-fixes).
o tracing: Do no increment trace_clock_global() by one (git-fixes).
o tracing: Restructure trace_clock_global() to never block (git-fixes).
o ttyprintk: Add TTY hangup callback (git-fixes).
o ubifs: Only check replay with inode type to judge if inode linked (bsc#
1187455).
o USB: cdc-acm: always claim data interface (git-fixes).
o USB: cdc-acm: do not log successful probe on later errors (git-fixes).
o USB: dwc3: ep0: fix NULL pointer exception (git-fixes).
o USB: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
o USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
(git-fixes).
o USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
o USB: serial: quatech2: fix control-request directions (git-fixes).
o USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
o USB: serial: usb_wwan: fix TIOCSSERIAL jiffies conversions (git-fixes).
o USB: typec: tcpm: Use LE to CPU conversion when accessing msg->header
(git-fixes).
o USB: typec: ucsi: Clear PPM capability data in ucsi_init() error path
(git-fixes).
o USB: typec: ucsi: Put fwnode in any case during ->probe() (git-fixes).
o vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
o vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
o vfio/platform: fix module_put call in error flow (git-fixes).
o video: hgafb: correctly handle card detect failure during probe (bsc#
1129770)
o video: hgafb: fix potential NULL pointer dereference (bsc#1129770)
Backporting changes: * context changes
o x86: fix seq_file iteration for pat/memtype.c (git-fixes).
o x86/cpu: Initialize MSR_TSC_AUX if RDTSCP *or* RDPID is supported (bsc#
1114648).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2324=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2324=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2324=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2324=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2324=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.77.1
kernel-default-debugsource-4.12.14-122.77.1
kernel-default-extra-4.12.14-122.77.1
kernel-default-extra-debuginfo-4.12.14-122.77.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.77.1
kernel-obs-build-debugsource-4.12.14-122.77.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.77.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.77.1
kernel-default-base-4.12.14-122.77.1
kernel-default-base-debuginfo-4.12.14-122.77.1
kernel-default-debuginfo-4.12.14-122.77.1
kernel-default-debugsource-4.12.14-122.77.1
kernel-default-devel-4.12.14-122.77.1
kernel-syms-4.12.14-122.77.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.77.1
kernel-macros-4.12.14-122.77.1
kernel-source-4.12.14-122.77.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.77.1
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.77.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.77.1
kernel-default-debugsource-4.12.14-122.77.1
kernel-default-kgraft-4.12.14-122.77.1
kernel-default-kgraft-devel-4.12.14-122.77.1
kgraft-patch-4_12_14-122_77-default-1-8.3.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.77.1
cluster-md-kmp-default-debuginfo-4.12.14-122.77.1
dlm-kmp-default-4.12.14-122.77.1
dlm-kmp-default-debuginfo-4.12.14-122.77.1
gfs2-kmp-default-4.12.14-122.77.1
gfs2-kmp-default-debuginfo-4.12.14-122.77.1
kernel-default-debuginfo-4.12.14-122.77.1
kernel-default-debugsource-4.12.14-122.77.1
ocfs2-kmp-default-4.12.14-122.77.1
ocfs2-kmp-default-debuginfo-4.12.14-122.77.1
References:
o https://www.suse.com/security/cve/CVE-2019-25045.html
o https://www.suse.com/security/cve/CVE-2020-24588.html
o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2020-36386.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://bugzilla.suse.com/1103990
o https://bugzilla.suse.com/1103991
o https://bugzilla.suse.com/1104353
o https://bugzilla.suse.com/1113994
o https://bugzilla.suse.com/1114648
o https://bugzilla.suse.com/1129770
o https://bugzilla.suse.com/1135481
o https://bugzilla.suse.com/1136345
o https://bugzilla.suse.com/1174978
o https://bugzilla.suse.com/1179610
o https://bugzilla.suse.com/1182470
o https://bugzilla.suse.com/1185486
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185701
o https://bugzilla.suse.com/1185861
o https://bugzilla.suse.com/1185863
o https://bugzilla.suse.com/1186206
o https://bugzilla.suse.com/1186264
o https://bugzilla.suse.com/1186463
o https://bugzilla.suse.com/1186515
o https://bugzilla.suse.com/1186516
o https://bugzilla.suse.com/1186517
o https://bugzilla.suse.com/1186518
o https://bugzilla.suse.com/1186519
o https://bugzilla.suse.com/1186520
o https://bugzilla.suse.com/1186521
o https://bugzilla.suse.com/1186522
o https://bugzilla.suse.com/1186523
o https://bugzilla.suse.com/1186524
o https://bugzilla.suse.com/1186525
o https://bugzilla.suse.com/1186526
o https://bugzilla.suse.com/1186527
o https://bugzilla.suse.com/1186528
o https://bugzilla.suse.com/1186529
o https://bugzilla.suse.com/1186530
o https://bugzilla.suse.com/1186531
o https://bugzilla.suse.com/1186532
o https://bugzilla.suse.com/1186533
o https://bugzilla.suse.com/1186534
o https://bugzilla.suse.com/1186535
o https://bugzilla.suse.com/1186537
o https://bugzilla.suse.com/1186538
o https://bugzilla.suse.com/1186539
o https://bugzilla.suse.com/1186540
o https://bugzilla.suse.com/1186541
o https://bugzilla.suse.com/1186542
o https://bugzilla.suse.com/1186543
o https://bugzilla.suse.com/1186545
o https://bugzilla.suse.com/1186546
o https://bugzilla.suse.com/1186547
o https://bugzilla.suse.com/1186548
o https://bugzilla.suse.com/1186549
o https://bugzilla.suse.com/1186550
o https://bugzilla.suse.com/1186551
o https://bugzilla.suse.com/1186552
o https://bugzilla.suse.com/1186554
o https://bugzilla.suse.com/1186555
o https://bugzilla.suse.com/1186556
o https://bugzilla.suse.com/1186627
o https://bugzilla.suse.com/1186635
o https://bugzilla.suse.com/1186638
o https://bugzilla.suse.com/1186698
o https://bugzilla.suse.com/1186699
o https://bugzilla.suse.com/1186700
o https://bugzilla.suse.com/1186701
o https://bugzilla.suse.com/1187038
o https://bugzilla.suse.com/1187049
o https://bugzilla.suse.com/1187402
o https://bugzilla.suse.com/1187404
o https://bugzilla.suse.com/1187407
o https://bugzilla.suse.com/1187408
o https://bugzilla.suse.com/1187409
o https://bugzilla.suse.com/1187411
o https://bugzilla.suse.com/1187412
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187453
o https://bugzilla.suse.com/1187455
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1187630
o https://bugzilla.suse.com/1187631
o https://bugzilla.suse.com/1187833
o https://bugzilla.suse.com/1187867
o https://bugzilla.suse.com/1187972
o https://bugzilla.suse.com/1188010
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2325-1
Rating: important
References: #1152489 #1153274 #1154353 #1155518 #1164648 #1174978
#1176771 #1179610 #1182470 #1183712 #1184212 #1184685
#1185195 #1185486 #1185589 #1185675 #1185677 #1185701
#1186206 #1186463 #1186666 #1186672 #1186752 #1186949
#1186950 #1186951 #1186952 #1186953 #1186954 #1186955
#1186956 #1186957 #1186958 #1186959 #1186960 #1186961
#1186962 #1186963 #1186964 #1186965 #1186966 #1186967
#1186968 #1186969 #1186970 #1186971 #1186972 #1186973
#1186974 #1186976 #1186977 #1186978 #1186979 #1186980
#1186981 #1186982 #1186983 #1186984 #1186985 #1186986
#1186987 #1186988 #1186989 #1186990 #1186991 #1186992
#1186993 #1186994 #1186995 #1186996 #1186997 #1186998
#1186999 #1187000 #1187001 #1187002 #1187003 #1187038
#1187050 #1187067 #1187068 #1187069 #1187072 #1187143
#1187144 #1187171 #1187263 #1187356 #1187402 #1187403
#1187404 #1187407 #1187408 #1187409 #1187410 #1187411
#1187412 #1187413 #1187452 #1187554 #1187595 #1187601
#1187795 #1187867 #1187883 #1187886 #1187927 #1187972
#1187980
Cross-References: CVE-2020-26558 CVE-2020-36385 CVE-2020-36386 CVE-2021-0129
CVE-2021-0512 CVE-2021-0605 CVE-2021-33624 CVE-2021-34693
CVE-2021-3573
Affected Products:
SUSE MicroOS 5.0
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Legacy Software 15-SP2
SUSE Linux Enterprise Module for Development Tools 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP2
SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________
An update that solves 9 vulnerabilities, contains 8 features and has 100 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-3573: Fixed an UAF vulnerability in function that can allow
attackers to corrupt kernel heaps and adopt further exploitations. (bsc#
1186666)
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187601)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187595)
o CVE-2021-33624: Fixed a bug which allows unprivileged BPF program to leak
the contents of arbitrary kernel memory (and therefore, of all physical
memory) via a side-channel. (bsc#1187554)
o CVE-2021-34693: Fixed a bug in net/can/bcm.c which could allow local users
to obtain sensitive information from kernel stack memory because parts of a
data structure are uninitialized. (bsc#1187452)
o CVE-2021-0129: Fixed improper access control in BlueZ that may have allowed
an authenticated user to potentially enable information disclosure via
adjacent access (bnc#1186463).
o CVE-2020-36385: Fixed a use-after-free via the ctx_list in some
ucma_migrate_id situations where ucma_close is called (bnc#1187050).
o CVE-2020-26558: Fixed Bluetooth LE and BR/EDR secure pairing in Bluetooth
Core Specification 2.1 (bnc#1179610, bnc#1186463).
o CVE-2020-36386: Fixed an out-of-bounds read issue in
hci_extended_inquiry_result_evt (bnc#1187038).
The following non-security bugs were fixed:
o acpica: Clean up context mutex during object deletion (git-fixes).
o alsa: hda/cirrus: Set Initial DMIC volume to -26 dB (git-fixes).
o alsa: hda: Fix for mute key LED for HP Pavilion 15-CK0xx (git-fixes).
o alsa: timer: Fix master timer notification (git-fixes).
o alx: Fix an error handling path in 'alx_probe()' (git-fixes).
o arch: Add arch-dependent support markers in supported.conf (bsc#1186672)
o arch: Add the support for kernel-FLAVOR-optional subpackage (jsc#SLE-11796)
o ASoC: Intel: bytcr_rt5640: Add quirk for the Glavey TM800A550L tablet
(git-fixes).
o ASoC: Intel: bytcr_rt5640: Add quirk for the Lenovo Miix 3-830 tablet
(git-fixes).
o ASoC: max98088: fix ni clock divider calculation (git-fixes).
o ASoC: rt5659: Fix the lost powers for the HDA header (git-fixes).
o ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (git-fixes).
o ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd() (git-fixes).
o batman-adv: Avoid WARN_ON timing related checks (git-fixes).
o be2net: Fix an error handling path in 'be_probe()' (git-fixes).
o blk-settings: align max_sectors on "logical_block_size" boundary (bsc#
1185195).
o block: Discard page cache of zone reset target range (bsc#1187402).
o block: return the correct bvec when checking for gaps (bsc#1187143).
o block: return the correct bvec when checking for gaps (bsc#1187144).
o bluetooth: fix the erroneous flush_work() order (git-fixes).
o bluetooth: use correct lock to prevent UAF of hdev object (git-fixes).
o bnxt_en: Call bnxt_ethtool_free() in bnxt_init_one() error path (jsc#
SLE-8371 bsc#1153274).
o bnxt_en: Fix TQM fastpath ring backing store computation (jsc#SLE-8371 bsc#
1153274).
o bnxt_en: Rediscover PHY capabilities after firmware reset (jsc#SLE-8371 bsc
#1153274).
o bpfilter: Specify the log level for the kmsg message (bsc#1155518).
o brcmfmac: properly check for bus register errors (git-fixes).
o btrfs: open device without device_list_mutex (bsc#1176771).
o bus: ti-sysc: Fix flakey idling of uarts and stop using swsup_sidle_act
(git-fixes).
o can: mcba_usb: fix memory leak in mcba_usb (git-fixes).
o ceph: must hold snap_rwsem when filling inode for async create (bsc#
1187927).
o cfg80211: avoid double free of PMSR request (git-fixes).
o cfg80211: make certificate generation more robust (git-fixes).
o cgroup1: do not allow '\n' in renaming (bsc#1187972).
o char: hpet: add checks after calling ioremap (git-fixes).
o CPU: Startup failed when SNC (sub-numa cluster) is enabled with 3 NIC
add-on cards installed (bsc#1187263).
o cxgb4: avoid accessing registers when clearing filters (git-fixes).
o cxgb4: avoid link re-train during TC-MQPRIO configuration (jsc#SLE-8389).
o cxgb4: fix wrong shift (git-fixes).
o dax: Add a wakeup mode parameter to put_unlocked_entry() (bsc#1187411).
o dax: Add an enum for specifying dax wakup mode (bsc#1187411).
o dax: fix ENOMEM handling in grab_mapping_entry() (bsc#1184212).
o dax: Wake up all waiters after invalidating dax entry (bsc#1187411).
o dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (git-fixes).
o dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc
(git-fixes).
o dmaengine: qcom_hidma: comment platform_driver_register call (git-fixes).
o dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (git-fixes).
o dmaengine: stedma40: add missing iounmap() on error in d40_probe()
(git-fixes).
o drm/amd/amdgpu: fix a potential deadlock in gpu reset (git-fixes).
o drm/amd/amdgpu: fix refcount leak (git-fixes).
o drm/amd/display: Allow bandwidth validation for 0 streams (git-fixes).
o drm/amd/display: Disconnect non-DP with no EDID (git-fixes).
o drm/amdgpu: Fix a use-after-free (git-fixes).
o drm/amdgpu: make sure we unpin the UVD BO (git-fixes).
o drm/tegra: sor: Do not leak runtime PM reference (git-fixes).
o drm: Fix use-after-free read in drm_getunique() (git-fixes).
o drm: Lock pointer access in drm_master_release() (git-fixes).
o dt-bindings: reset: meson8b: fix duplicate reset IDs (git-fixes).
o efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (git-fixes).
o efi: cper: fix snprintf() use in cper_dimm_err_location() (git-fixes).
o ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
(bsc#1187408).
o ext4: fix check to prevent false positive report of incorrect used inodes
(bsc#1187404).
o ext4: fix error code in ext4_commit_super (bsc#1187407).
o ext4: fix memory leak in ext4_fill_super (bsc#1187409).
o FCOE: fcoe_wwn_from_mac kABI fix (bsc#1187886).
o fs/nfs: Use fatal_signal_pending instead of signal_pending (git-fixes).
o fs: fix reporting supported extra file attributes for statx() (bsc#
1187410).
o ftrace: Do not blindly read the ip address in ftrace_bug() (git-fixes).
o ftrace: Free the trampoline when ftrace_startup() fails (git-fixes).
o fuse: BUG_ON correction in fuse_dev_splice_write() (bsc#1187356).
o gpio: cadence: Add missing MODULE_DEVICE_TABLE (git-fixes).
o gpu: Enable CONFIG_PCI_PF_STUB for Nvidia Ampere vGPU support (jsc#
SLE-17882 jsc#ECO-3691)
o gve: Add NULL pointer checks when freeing irqs (git-fixes).
o gve: Correct SKB queue index validation (git-fixes).
o gve: Upgrade memory barrier in poll routine (git-fixes).
o HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
o HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
o HID: hid-input: add mapping for emoji picker key (git-fixes).
o HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).
o HID: i2c-hid: fix format string mismatch (git-fixes).
o HID: i2c-hid: Skip ELAN power-on command after reset (git-fixes).
o HID: magicmouse: fix NULL-deref on disconnect (git-fixes).
o HID: multitouch: require Finger field to mark Win8 reports as MT
(git-fixes).
o HID: pidff: fix error return code in hid_pidff_init() (git-fixes).
o HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for Saitek X65 (git-fixes).
o HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
o HID: usbhid: Fix race between usbhid_close() and usbhid_stop() (git-fixes).
o hwmon: (dell-smm-hwmon) Fix index values (git-fixes).
o hwmon: (scpi-hwmon) shows the negative temperature properly (git-fixes).
o i2c: mpc: Make use of i2c_recover_bus() (git-fixes).
o i2c: qcom-geni: Suspend and resume the bus during SYSTEM_SLEEP_PM ops
(git-fixes).
o ice: add ndo_bpf callback for safe mode netdev ops (jsc#SLE-7926).
o ice: Allow all LLDP packets from PF to Tx (jsc#SLE-7926).
o ice: Fix VFR issues for AVF drivers that expect ATQLEN cleared (git-fixes).
o isdn: mISDN: correctly handle ph_info allocation failure in hfcsusb_ph_info
(git-fixes).
o isdn: mISDN: netjet: Fix crash in nj_probe: (git-fixes).
o isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io
(git-fixes).
o ixgbe: fix large MTU request from VF (git-fixes).
o kABI workaround for struct lis3lv02d change (git-fixes).
o kernel-binary.spec.in: Add Supplements: for -extra package on Leap
kernel-$flavor-extra should supplement kernel-$flavor on Leap, like it does
on SLED, and like the kernel-$flavor-optional package does.
o kernel-binary.spec.in: build-id check requires elfutils.
o kernel-binary.spec.in: Regenerate makefile when not using mkmakefile.
o kernel-binary.spec: Only use mkmakefile when it exists Linux 5.13 no longer
had a mkmakefile script
o kernel: kexec_file: fix error return code of kexec_calculate_store_digests
() (git-fixes).
o kthread: prevent deadlock when kthread_mod_delayed_work() races with
kthread_cancel_delayed_work_sync() (bsc#1187867).
o kthread_worker: split code for canceling the delayed work timer (bsc#
1187867).
o kyber: fix out of bounds access when preempted (bsc#1187403).
o lib: vdso: Remove CROSS_COMPILE_COMPAT_VDSO (bsc#1164648,jsc#SLE-11493).
o libertas: register sysfs groups properly (git-fixes).
o locking/mutex: clear MUTEX_FLAGS if wait_list is empty due to signal
(git-fixes).
o md: Fix missing unused status line of /proc/mdstat (git-fixes).
o media: dvb: Add check on sp8870_readreg return (git-fixes).
o media: dvb: Add check on sp8870_readreg return (git-fixes).
o media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
o media: gspca: mt9m111: Check write_bridge for timeout (git-fixes).
o media: gspca: properly check for errors in po1030_probe() (git-fixes).
o media: gspca: properly check for errors in po1030_probe() (git-fixes).
o media: mtk-mdp: Check return value of of_clk_get (git-fixes).
o media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).
o media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()
' (git-fixes).
o mei: request autosuspend after sending rx flow control (git-fixes).
o mmc: meson-gx: use memcpy_to/fromio for dram-access-quirk (git-fixes).
o module: limit enabling module.sig_enforce (git-fixes).
o net/mlx4: Fix EEPROM dump support (git-fixes).
o net/mlx5: Consider RoCE cap before init RDMA resources (git-fixes).
o net/mlx5: DR, Create multi-destination flow table with level less than 64
(jsc#SLE-8464).
o net/mlx5: Fix PBMC register mapping (git-fixes).
o net/mlx5: Fix placement of log_max_flow_counter (git-fixes).
o net/mlx5: Fix sleep while atomic in mlx5_eswitch_get_vepa (git-fixes).
o net/mlx5e: Block offload of outer header csum for UDP tunnels (git-fixes).
o net/mlx5e: Fix multipath lag activation (git-fixes).
o net/mlx5e: Fix nullptr in add_vlan_push_action() (git-fixes).
o net/mlx5e: Fix page reclaim for dead peer hairpin (git-fixes).
o net/mlx5e: Remove dependency in IPsec initialization flows (git-fixes).
o net/nfc/rawsock.c: fix a permission check bug (git-fixes).
o net/sched: act_ct: handle DNAT tuple collision (bsc#1154353).
o net/x25: Return the correct errno code (git-fixes).
o net: bnx2: Fix error return code in bnx2_init_board() (git-fixes).
o net: fix iteration for sctp transport seq_files (git-fixes).
o net: hns3: Limiting the scope of vector_ring_chain variable (git-fixes).
o net: hns3: put off calling register_netdev() until client initialize
complete (bsc#1154353).
o net: mvpp2: add mvpp2_phylink_to_port() helper (bsc#1187171).
o netxen_nic: Fix an error handling path in 'netxen_nic_probe()' (git-fixes).
o nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
(git-fixes).
o NFC: SUSE specific brutal fix for runtime PM (bsc#1185589).
o NFS: Deal correctly with attribute generation counter overflow (git-fixes).
o NFS: Do not corrupt the value of pg_bytes_written in nfs_do_recoalesce()
(git-fixes).
o NFS: Do not discard pNFS layout segments that are marked for return
(git-fixes).
o NFS: Do not gratuitously clear the inode cache when lookup failed
(git-fixes).
o NFS: Do not revalidate the directory permissions on a lookup failure
(git-fixes).
o NFS: Fix a potential NULL dereference in nfs_get_client() (git-fixes).
o NFS: fix an incorrect limit in filelayout_decode_layout() (git-fixes).
o NFS: Fix an Oopsable condition in __nfs_pageio_add_request() (git-fixes).
o NFS: Fix use-after-free in nfs4_init_client() (git-fixes).
o nfsd: register pernet ops last, unregister first (git-fixes).
o NFSD: Repair misuse of sv_lock in 5.10.16-rt30 (git-fixes).
o NFSv4.2 fix handling of sr_eof in SEEK's reply (git-fixes).
o NFSv4.2: Always flush out writes in nfs42_proc_fallocate() (git-fixes).
o NFSv4.2: fix return value of _nfs4_get_security_label() (git-fixes).
o NFSv4: Do not discard segments marked for return in _pnfs_return_layout()
(git-fixes).
o NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
(git-fixes).
o NFSv4: Fix deadlock between nfs4_evict_inode() and nfs4_opendata_get_inode
() (git-fixes).
o NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config
(git-fixes).
o ocfs2: fix data corruption by fallocate (bsc#1187412).
o PCI/LINK: Remove bandwidth notification (bsc#1183712).
o PCI: aardvark: Do not rely on jiffies while holding spinlock (git-fixes).
o PCI: aardvark: Fix kernel panic during PIO transfer (git-fixes).
o PCI: Add ACS quirk for Broadcom BCM57414 NIC (git-fixes).
o PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
o PCI: Mark TI C667X to avoid bus reset (git-fixes).
o PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
o perf/x86/intel/uncore: Remove uncore extra PCI dev HSWEP_PCI_PCU_3 (bsc#
1184685).
o pid: take a reference when initializing `cad_pid` (bsc#1152489).
o platform/x86: hp-wireless: add AMD's hardware id to the supported list
(git-fixes).
o platform/x86: hp_accel: Avoid invoking _INI to speed up resume (git-fixes).
o platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI
(git-fixes).
o platform/x86: touchscreen_dmi: Add info for the Mediacom Winpad 7.0 W700
tablet (git-fixes).
o PM: sleep: Add pm_debug_messages kernel command line option (bsc#1186752).
o pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() (git-fixes).
o pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process() (git-fixes).
o qla2xxx: synchronize rport dev_loss_tmo setting (bsc#1182470 bsc#1185486).
o qlcnic: Fix an error handling path in 'qlcnic_probe()' (git-fixes).
o radeon: use memcpy_to/fromio for UVD fw upload (git-fixes).
o regulator: bd70528: Fix off-by-one for buck123 .n_voltages setting
(git-fixes).
o regulator: core: resolve supply for boot-on/always-on regulators
(git-fixes).
o regulator: max77620: Use device_set_of_node_from_dev() (git-fixes).
o Revert "ath6kl: return error code in ath6kl_wmi_set_roam_lrssi_cmd()"
(git-fixes).
o Revert "brcmfmac: add a check for the status of usb_register" (git-fixes).
o Revert "char: hpet: fix a missing check of ioremap" (git-fixes).
o Revert "char: hpet: fix a missing check of ioremap" (git-fixes).
o Revert "dmaengine: qcom_hidma: Check for driver register failure"
(git-fixes).
o Revert "ecryptfs: replace BUG_ON with error handling code" (bsc#1187413).
o Revert "ibmvnic: simplify reset_long_term_buff function" (bsc#1186206 ltc#
191041).
o Revert "isdn: mISDN: Fix potential NULL pointer dereference of kzalloc"
(git-fixes).
o Revert "isdn: mISDNinfineon: fix potential NULL pointer dereference"
(git-fixes).
o Revert "libertas: add checks for the return value of sysfs_create_group"
(git-fixes).
o Revert "media: dvb: Add check on sp8870_readreg" (git-fixes).
o Revert "media: dvb: Add check on sp8870_readreg" (git-fixes).
o Revert "media: gspca: Check the return value of write_bridge for timeout"
(git-fixes).
o Revert "media: gspca: Check the return value of write_bridge for timeout"
(git-fixes).
o Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes).
o Revert "media: gspca: mt9m111: Check write_bridge for timeout" (git-fixes).
o Revert "media: usb: gspca: add a missed check for goto_low_power"
(git-fixes).
o Revert "net: liquidio: fix a NULL pointer dereference" (git-fixes).
o Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
(git-fixes).
o Revert "qlcnic: Avoid potential NULL pointer dereference" (git-fixes).
o Revert "scsi: core: run queue if SCSI device queue isn't ready and queue is
idle" (bsc#1186949).
o Revert "serial: max310x: pass return value of spi_register_driver"
(git-fixes).
o Revert "video: hgafb: fix potential NULL pointer dereference" (git-fixes).
o Revert "video: imsttfb: fix potential NULL pointer dereferences" (bsc#
1152489)
o rpm/kernel-binary.spec.in: Correct Supplements in optional subpkg (jsc#
SLE-11796)
o rpm/kernel-binary.spec.in: Fix handling of +arch marker (bsc#1186672)
o rpm/split-modules: Avoid errors even if Module.* are not present
o s390/stack: fix possible register corruption with stack switch helper (bsc#
1185677).
o sched/debug: Fix cgroup_path[] serialization (git-fixes)
o sched/fair: Keep load_avg and load_sum synced (git-fixes)
o scsi: aacraid: Fix an oops in error handling (bsc#1187072).
o scsi: aacraid: Remove erroneous fallthrough annotation (bsc#1186950).
o scsi: aacraid: Use memdup_user() as a cleanup (bsc#1186951).
o scsi: acornscsi: Fix an error handling path in acornscsi_probe() (bsc#
1186952).
o scsi: be2iscsi: Fix a theoretical leak in beiscsi_create_eqs() (bsc#
1186953).
o scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()"
(bsc#1187067).
o scsi: bfa: Fix error return in bfad_pci_init() (bsc#1186954).
o scsi: bnx2fc: Fix Kconfig warning and CNIC build errors (bsc#1186955).
o scsi: bnx2i: Requires MMU (bsc#1186956).
o scsi: core: Fix race between handling STS_RESOURCE and completion (bsc#
1187883).
o scsi: csiostor: Fix wrong return value in csio_hw_prep_fw() (bsc#1186957).
o scsi: cumana_2: Fix different dev_id between request_irq() and free_irq()
(bsc#1186958).
o scsi: cxgb3i: Fix some leaks in init_act_open() (bsc#1186959).
o scsi: cxgb4i: Fix TLS dependency (bsc#1186960).
o scsi: eesox: Fix different dev_id between request_irq() and free_irq() (bsc
#1186961).
o scsi: fcoe: Fix mismatched fcoe_wwn_from_mac declaration (bsc#1187886).
o scsi: fnic: Fix error return code in fnic_probe() (bsc#1186962).
o scsi: hisi_sas: Fix IRQ checks (bsc#1186963).
o scsi: hisi_sas: Remove preemptible() (bsc#1186964).
o scsi: jazz_esp: Add IRQ check (bsc#1186965).
o scsi: libfc: Fix enum-conversion warning (bsc#1186966).
o scsi: libsas: Fix error path in sas_notify_lldd_dev_found() (bsc#1186967).
o scsi: libsas: Reset num_scatter if libata marks qc as NODATA (bsc#1187068).
o scsi: libsas: Set data_dir as DMA_NONE if libata marks qc as NODATA (bsc#
1186968).
o scsi: lpfc: Fix ancient double free (bsc#1186969).
o scsi: lpfc: Fix failure to transmit ABTS on FC link (git-fixes).
o scsi: megaraid_sas: Check user-provided offsets (bsc#1186970).
o scsi: megaraid_sas: Clear affinity hint (bsc#1186971).
o scsi: megaraid_sas: Do not call disable_irq from process IRQ poll (bsc#
1186972).
o scsi: megaraid_sas: Fix MEGASAS_IOC_FIRMWARE regression (bsc#1186973).
o scsi: megaraid_sas: Remove undefined ENABLE_IRQ_POLL macro (bsc#1186974).
o scsi: mesh: Fix panic after host or bus reset (bsc#1186976).
o scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (bsc#1186977).
o scsi: mpt3sas: Fix error return code of mpt3sas_base_attach() (bsc#
1186978).
o scsi: mpt3sas: Fix ioctl timeout (bsc#1186979).
o scsi: myrs: Fix a double free in myrs_cleanup() (bsc#1186980).
o scsi: pm80xx: Fix error return in pm8001_pci_probe() (bsc#1186981).
o scsi: powertec: Fix different dev_id between request_irq() and free_irq()
(bsc#1186982).
o scsi: qedi: Check for buffer overflow in qedi_set_path() (bsc#1186983).
o scsi: qedi: Fix error return code of qedi_alloc_global_queues() (bsc#
1186984).
o scsi: qedi: Fix missing destroy_workqueue() on error in __qedi_probe (bsc#
1186985).
o scsi: qla2xxx: Prevent PRLI in target mode (git-fixes).
o scsi: qla4xxx: Fix an error handling path in 'qla4xxx_get_host_stats()'
(bsc#1186986).
o scsi: qla4xxx: Remove in_interrupt() (bsc#1186987).
o scsi: scsi_debug: Add check for sdebug_max_queue during module init (bsc#
1186988).
o scsi: scsi_dh_alua: Retry RTPG on a different path after failure (bsc#
1174978 bsc#1185701).
o scsi: sd: Fix Opal support (bsc#1186989).
o scsi: sni_53c710: Add IRQ check (bsc#1186990).
o scsi: sun3x_esp: Add IRQ check (bsc#1186991).
o scsi: ufs-qcom: Fix scheduling while atomic issue (bsc#1187002).
o scsi: ufs: Add quirk to disallow reset of interrupt aggregation (bsc#
1186992).
o scsi: ufs: Add quirk to enable host controller without hce (bsc#1186993).
o scsi: ufs: Add quirk to fix abnormal ocs fatal error (bsc#1186994).
o scsi: ufs: Add quirk to fix mishandling utrlclr/utmrlclr (bsc#1186995).
o scsi: ufs: core: Narrow down fast path in system suspend path (bsc#
1186996).
o scsi: ufs: Do not update urgent bkops level when toggling auto bkops (bsc#
1186997).
o scsi: ufs: Fix imprecise load calculation in devfreq window (bsc#1187795).
o SCSI: ufs: fix ktime_t kabi change (bsc#1187795).
o scsi: ufs: Fix race between shutdown and runtime resume flow (bsc#1186998).
o scsi: ufs: Introduce UFSHCD_QUIRK_PRDT_BYTE_GRAN quirk (bsc#1187000).
o scsi: ufs: Make ufshcd_print_trs() consider UFSHCD_QUIRK_PRDT_BYTE_GRAN
(bsc#1187069).
o scsi: ufs: Properly release resources if a task is aborted successfully
(bsc#1187001).
o scsi: ufs: ufshcd-pltfrm depends on HAS_IOMEM (bsc#1187980).
o scsi: ufs: ufshcd-pltfrm: Fix deferred probing (bsc#1187003).
o scsi: ufshcd: use an enum for quirks (bsc#1186999).
o serial: max310x: unregister uart driver in case of failure and abort
(git-fixes).
o serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
(git-fixes).
o spi: spi-nxp-fspi: move the register operation after the clock enable
(git-fixes).
o spi: sprd: Add missing MODULE_DEVICE_TABLE (git-fixes).
o spi: stm32-qspi: Always wait BUSY bit to be cleared in stm32_qspi_wait_cmd
() (git-fixes).
o staging: rtl8723bs: Fix uninitialized variables (git-fixes).
o sunrpc: fix refcount leak for rpc auth modules (git-fixes).
o SUNRPC: Handle major timeout in xprt_adjust_timeout() (git-fixes).
o SUNRPC: Move fault injection call sites (git-fixes).
o SUNRPC: Set memalloc_nofs_save() for sync tasks (git-fixes).
o svcrdma: disable timeouts on rdma backchannel (git-fixes).
o thermal/drivers/intel: Initialize RW trip to THERMAL_TEMP_INVALID
(git-fixes).
o tpm: fix error return code in tpm2_get_cc_attrs_tbl() (git-fixes).
o tracing: Correct the length check which causes memory corruption
(git-fixes).
o tracing: Do no increment trace_clock_global() by one (git-fixes).
o tracing: Do not stop recording cmdlines when tracing is off (git-fixes).
o tracing: Do not stop recording comms if the trace file is being read
(git-fixes).
o tracing: Restructure trace_clock_global() to never block (git-fixes).
o ttyprintk: Add TTY hangup callback (git-fixes).
o usb: core: hub: Disable autosuspend for Cypress CY7C65632 (git-fixes).
o usb: core: reduce power-on-good delay time of root hub (git-fixes).
o usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
o usb: dwc3: core: fix kernel panic when do reboot (git-fixes).
o usb: dwc3: debugfs: Add and remove endpoint dirs dynamically (git-fixes).
o usb: dwc3: ep0: fix NULL pointer exception (git-fixes).
o USB: f_ncm: ncm_bitrate (speed) is unsigned (git-fixes).
o usb: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
o usb: f_ncm: only first packet of aggregate needs to start timer
(git-fixes).
o usb: fix various gadget panics on 10gbps cabling (git-fixes).
o usb: fix various gadget panics on 10gbps cabling (git-fixes).
o usb: fix various gadgets null ptr deref on 10gbps cabling (git-fixes).
o usb: gadget: eem: fix wrong eem header operation (git-fixes).
o usb: gadget: eem: fix wrong eem header operation (git-fixes).
o usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
o usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind
(git-fixes).
o usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling (git-fixes).
o usb: pd: Set PD_T_SINK_WAIT_CAP to 310ms (git-fixes).
o USB: serial: cp210x: fix alternate function for CP2102N QFN20 (git-fixes).
o USB: serial: ftdi_sio: add IDs for IDS GmbH Products (git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: ftdi_sio: add NovaTech OrionMX product ID (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o USB: serial: omninet: add device id for Zyxel Omni 56K Plus (git-fixes).
o USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011
(git-fixes).
o USB: serial: pl2303: add device id for ADLINK ND-6530 GC (git-fixes).
o USB: serial: quatech2: fix control-request directions (git-fixes).
o USB: serial: ti_usb_3410_5052: add startech.com device id (git-fixes).
o usb: typec: mux: Fix copy-paste mistake in typec_mux_match (git-fixes).
o usb: typec: mux: Fix matching with typec_altmode_desc (git-fixes).
o usb: typec: tcpm: Use LE to CPU conversion when accessing msg->header
(git-fixes).
o usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path
(git-fixes).
o usb: typec: wcove: Use LE to CPU conversion when accessing msg->header
(git-fixes).
o USB: usbfs: Do not WARN about excessively large memory allocations
(git-fixes).
o vfio/pci: Fix error return code in vfio_ecap_init() (git-fixes).
o vfio/pci: zap_vma_ptes() needs MMU (git-fixes).
o vfio/platform: fix module_put call in error flow (git-fixes).
o video: hgafb: correctly handle card detect failure during probe
(git-fixes).
o video: hgafb: fix potential NULL pointer dereference (git-fixes).
o vmlinux.lds.h: Avoid orphan section with !SMP (git-fixes).
o vrf: fix maximum MTU (git-fixes).
o vsock/vmci: log once the failed queue pair allocation (git-fixes).
o wireguard: allowedips: initialize list head in selftest (git-fixes).
o wireguard: do not use -O3 (git-fixes).
o wireguard: peer: allocate in kmem_cache (git-fixes).
o wireguard: peer: put frequently used members above cache lines (git-fixes).
o wireguard: queueing: get rid of per-peer ring buffers (git-fixes).
o wireguard: selftests: make sure rp_filter is disabled on vethc (git-fixes).
o wireguard: selftests: remove old conntrack kconfig value (git-fixes).
o wireguard: use synchronize_net rather than synchronize_rcu (git-fixes).
o x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (bsc#
1152489).
o x86/fault: Do not send SIGSEGV twice on SEGV_PKUERR (bsc#1152489).
o x86/pkru: Write hardware init value to PKRU when xstate is init (bsc#
1152489).
o x86/process: Check PF_KTHREAD and not current->mm for kernel threads (bsc#
1152489).
o x86: fix seq_file iteration for pat.c (git-fixes).
o xen-blkback: fix compatibility bug with single page rings (git-fixes).
o xen-pciback: reconfigure also from backend watch handler (git-fixes).
o xen-pciback: redo VF placement in the virtual topology (git-fixes).
o xen/evtchn: Change irq_info lock to raw_spinlock_t (git-fixes).
o xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype (bsc#1185675).
o xprtrdma: Avoid Receive Queue wrapping (git-fixes).
o xprtrdma: rpcrdma_mr_pop() already does list_del_init() (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-2325=1
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-2325=1
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2325=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP2:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-2325=1
o SUSE Linux Enterprise Module for Development Tools 15-SP2:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-2325=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-2325=1
o SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-2325=1
Package List:
o SUSE MicroOS 5.0 (aarch64 x86_64):
kernel-default-5.3.18-24.70.1
kernel-default-base-5.3.18-24.70.1.9.32.1
kernel-default-debuginfo-5.3.18-24.70.1
kernel-default-debugsource-5.3.18-24.70.1
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
kernel-default-debuginfo-5.3.18-24.70.1
kernel-default-debugsource-5.3.18-24.70.1
kernel-default-extra-5.3.18-24.70.1
kernel-default-extra-debuginfo-5.3.18-24.70.1
kernel-preempt-extra-5.3.18-24.70.1
kernel-preempt-extra-debuginfo-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-24.70.1
kernel-default-debugsource-5.3.18-24.70.1
kernel-default-livepatch-5.3.18-24.70.1
kernel-default-livepatch-devel-5.3.18-24.70.1
kernel-livepatch-5_3_18-24_70-default-1-5.3.1
kernel-livepatch-5_3_18-24_70-default-debuginfo-1-5.3.1
kernel-livepatch-SLE15-SP2_Update_16-debugsource-1-5.3.1
o SUSE Linux Enterprise Module for Legacy Software 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-24.70.1
kernel-default-debugsource-5.3.18-24.70.1
reiserfs-kmp-default-5.3.18-24.70.1
reiserfs-kmp-default-debuginfo-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-24.70.1
kernel-obs-build-debugsource-5.3.18-24.70.1
kernel-syms-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-24.70.1
kernel-preempt-debugsource-5.3.18-24.70.1
kernel-preempt-devel-5.3.18-24.70.1
kernel-preempt-devel-debuginfo-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Development Tools 15-SP2 (noarch):
kernel-docs-5.3.18-24.70.1
kernel-source-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-24.70.1
kernel-default-base-5.3.18-24.70.1.9.32.1
kernel-default-debuginfo-5.3.18-24.70.1
kernel-default-debugsource-5.3.18-24.70.1
kernel-default-devel-5.3.18-24.70.1
kernel-default-devel-debuginfo-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 x86_64):
kernel-preempt-5.3.18-24.70.1
kernel-preempt-debuginfo-5.3.18-24.70.1
kernel-preempt-debugsource-5.3.18-24.70.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
kernel-devel-5.3.18-24.70.1
kernel-macros-5.3.18-24.70.1
o SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-24.70.1
cluster-md-kmp-default-debuginfo-5.3.18-24.70.1
dlm-kmp-default-5.3.18-24.70.1
dlm-kmp-default-debuginfo-5.3.18-24.70.1
gfs2-kmp-default-5.3.18-24.70.1
gfs2-kmp-default-debuginfo-5.3.18-24.70.1
kernel-default-debuginfo-5.3.18-24.70.1
kernel-default-debugsource-5.3.18-24.70.1
ocfs2-kmp-default-5.3.18-24.70.1
ocfs2-kmp-default-debuginfo-5.3.18-24.70.1
References:
o https://www.suse.com/security/cve/CVE-2020-26558.html
o https://www.suse.com/security/cve/CVE-2020-36385.html
o https://www.suse.com/security/cve/CVE-2020-36386.html
o https://www.suse.com/security/cve/CVE-2021-0129.html
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-33624.html
o https://www.suse.com/security/cve/CVE-2021-34693.html
o https://www.suse.com/security/cve/CVE-2021-3573.html
o https://bugzilla.suse.com/1152489
o https://bugzilla.suse.com/1153274
o https://bugzilla.suse.com/1154353
o https://bugzilla.suse.com/1155518
o https://bugzilla.suse.com/1164648
o https://bugzilla.suse.com/1174978
o https://bugzilla.suse.com/1176771
o https://bugzilla.suse.com/1179610
o https://bugzilla.suse.com/1182470
o https://bugzilla.suse.com/1183712
o https://bugzilla.suse.com/1184212
o https://bugzilla.suse.com/1184685
o https://bugzilla.suse.com/1185195
o https://bugzilla.suse.com/1185486
o https://bugzilla.suse.com/1185589
o https://bugzilla.suse.com/1185675
o https://bugzilla.suse.com/1185677
o https://bugzilla.suse.com/1185701
o https://bugzilla.suse.com/1186206
o https://bugzilla.suse.com/1186463
o https://bugzilla.suse.com/1186666
o https://bugzilla.suse.com/1186672
o https://bugzilla.suse.com/1186752
o https://bugzilla.suse.com/1186949
o https://bugzilla.suse.com/1186950
o https://bugzilla.suse.com/1186951
o https://bugzilla.suse.com/1186952
o https://bugzilla.suse.com/1186953
o https://bugzilla.suse.com/1186954
o https://bugzilla.suse.com/1186955
o https://bugzilla.suse.com/1186956
o https://bugzilla.suse.com/1186957
o https://bugzilla.suse.com/1186958
o https://bugzilla.suse.com/1186959
o https://bugzilla.suse.com/1186960
o https://bugzilla.suse.com/1186961
o https://bugzilla.suse.com/1186962
o https://bugzilla.suse.com/1186963
o https://bugzilla.suse.com/1186964
o https://bugzilla.suse.com/1186965
o https://bugzilla.suse.com/1186966
o https://bugzilla.suse.com/1186967
o https://bugzilla.suse.com/1186968
o https://bugzilla.suse.com/1186969
o https://bugzilla.suse.com/1186970
o https://bugzilla.suse.com/1186971
o https://bugzilla.suse.com/1186972
o https://bugzilla.suse.com/1186973
o https://bugzilla.suse.com/1186974
o https://bugzilla.suse.com/1186976
o https://bugzilla.suse.com/1186977
o https://bugzilla.suse.com/1186978
o https://bugzilla.suse.com/1186979
o https://bugzilla.suse.com/1186980
o https://bugzilla.suse.com/1186981
o https://bugzilla.suse.com/1186982
o https://bugzilla.suse.com/1186983
o https://bugzilla.suse.com/1186984
o https://bugzilla.suse.com/1186985
o https://bugzilla.suse.com/1186986
o https://bugzilla.suse.com/1186987
o https://bugzilla.suse.com/1186988
o https://bugzilla.suse.com/1186989
o https://bugzilla.suse.com/1186990
o https://bugzilla.suse.com/1186991
o https://bugzilla.suse.com/1186992
o https://bugzilla.suse.com/1186993
o https://bugzilla.suse.com/1186994
o https://bugzilla.suse.com/1186995
o https://bugzilla.suse.com/1186996
o https://bugzilla.suse.com/1186997
o https://bugzilla.suse.com/1186998
o https://bugzilla.suse.com/1186999
o https://bugzilla.suse.com/1187000
o https://bugzilla.suse.com/1187001
o https://bugzilla.suse.com/1187002
o https://bugzilla.suse.com/1187003
o https://bugzilla.suse.com/1187038
o https://bugzilla.suse.com/1187050
o https://bugzilla.suse.com/1187067
o https://bugzilla.suse.com/1187068
o https://bugzilla.suse.com/1187069
o https://bugzilla.suse.com/1187072
o https://bugzilla.suse.com/1187143
o https://bugzilla.suse.com/1187144
o https://bugzilla.suse.com/1187171
o https://bugzilla.suse.com/1187263
o https://bugzilla.suse.com/1187356
o https://bugzilla.suse.com/1187402
o https://bugzilla.suse.com/1187403
o https://bugzilla.suse.com/1187404
o https://bugzilla.suse.com/1187407
o https://bugzilla.suse.com/1187408
o https://bugzilla.suse.com/1187409
o https://bugzilla.suse.com/1187410
o https://bugzilla.suse.com/1187411
o https://bugzilla.suse.com/1187412
o https://bugzilla.suse.com/1187413
o https://bugzilla.suse.com/1187452
o https://bugzilla.suse.com/1187554
o https://bugzilla.suse.com/1187595
o https://bugzilla.suse.com/1187601
o https://bugzilla.suse.com/1187795
o https://bugzilla.suse.com/1187867
o https://bugzilla.suse.com/1187883
o https://bugzilla.suse.com/1187886
o https://bugzilla.suse.com/1187927
o https://bugzilla.suse.com/1187972
o https://bugzilla.suse.com/1187980
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for
SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2332-1
Rating: important
References: #1185901 #1187597
Cross-References: CVE-2021-0512 CVE-2021-23133
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-197_61 fixes several issues.
The following security issues were fixed:
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187597)
o CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to
kernel privilege escalation from the context of a network service or an
unprivileged process. (bsc#1185901)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2328=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2329=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2330=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2331=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2332=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2333=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2339=1
SUSE-SLE-Live-Patching-12-SP5-2021-2345=1
SUSE-SLE-Live-Patching-12-SP5-2021-2346=1
SUSE-SLE-Live-Patching-12-SP5-2021-2347=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_56-default-11-2.2
kernel-livepatch-4_12_14-197_61-default-10-2.2
kernel-livepatch-4_12_14-197_64-default-9-2.2
kernel-livepatch-4_12_14-197_67-default-9-2.2
kernel-livepatch-4_12_14-197_72-default-8-2.2
kernel-livepatch-4_12_14-197_83-default-7-2.2
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_37-default-13-2.2
kgraft-patch-4_12_14-122_41-default-12-2.2
kgraft-patch-4_12_14-122_57-default-8-2.2
kgraft-patch-4_12_14-122_63-default-6-2.2
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1187597
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for
SLE 12 SP5)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2366-1
Rating: important
References: #1185901
Cross-References: CVE-2021-23133
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-122_71 fixes one issue.
The following security issue was fixed:
o CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to
kernel privilege escalation from the context of a network service or an
unprivileged process. (bsc#1185901)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2366=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-2373=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2369=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-livepatch-5_3_18-24_52-default-6-2.2
kernel-livepatch-5_3_18-24_52-default-debuginfo-6-2.2
kernel-livepatch-5_3_18-24_61-default-3-2.1
kernel-livepatch-5_3_18-24_61-default-debuginfo-3-2.1
kernel-livepatch-SLE15-SP2_Update_11-debugsource-6-2.2
kernel-livepatch-SLE15-SP2_Update_12-debugsource-3-2.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_71-default-3-2.1
References:
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://bugzilla.suse.com/1185901
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for
SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2344-1
Rating: important
References: #1185901 #1187597 #1187687
Cross-References: CVE-2021-0512 CVE-2021-0605 CVE-2021-23133
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150_55 fixes several issues.
The following security issues were fixed:
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187687)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187597)
o CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to
kernel privilege escalation from the context of a network service or an
unprivileged process. (bsc#1185901)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2334=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2335=1
o SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-2341=1
SUSE-SLE-Module-Live-Patching-15-2021-2342=1
SUSE-SLE-Module-Live-Patching-15-2021-2343=1
SUSE-SLE-Module-Live-Patching-15-2021-2344=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2338=1
SUSE-SLE-Live-Patching-12-SP5-2021-2348=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2336=1
SUSE-SLE-Live-Patching-12-SP4-2021-2337=1
SUSE-SLE-Live-Patching-12-SP4-2021-2340=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_48-default-12-2.2
kernel-livepatch-4_12_14-197_51-default-12-2.2
o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150_55-default-12-2.2
kernel-livepatch-4_12_14-150_55-default-debuginfo-12-2.2
kernel-livepatch-4_12_14-150_58-default-11-2.2
kernel-livepatch-4_12_14-150_58-default-debuginfo-11-2.2
kernel-livepatch-4_12_14-150_63-default-9-2.2
kernel-livepatch-4_12_14-150_63-default-debuginfo-9-2.2
kernel-livepatch-4_12_14-150_66-default-7-2.2
kernel-livepatch-4_12_14-150_66-default-debuginfo-7-2.2
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_29-default-14-2.2
kgraft-patch-4_12_14-122_32-default-14-2.2
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_65-default-8-2.2
kgraft-patch-4_12_14-95_68-default-7-2.2
kgraft-patch-4_12_14-95_71-default-6-2.2
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1187597
o https://bugzilla.suse.com/1187687
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for
SLE 12 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2368-1
Rating: important
References: #1187597 #1187687
Cross-References: CVE-2021-0512 CVE-2021-0605
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-95_77 fixes several issues.
The following security issues were fixed:
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187687)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187597)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2368=1
Package List:
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_77-default-2-2.1
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://bugzilla.suse.com/1187597
o https://bugzilla.suse.com/118768
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 21 for
SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2361-1
Rating: important
References: #1185901 #1187597
Cross-References: CVE-2021-0512 CVE-2021-23133
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-197_78 fixes several issues.
The following security issues were fixed:
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187597)
o CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to
kernel privilege escalation from the context of a network service or an
unprivileged process. (bsc#1185901)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-2361=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-2362=1
SUSE-SLE-Module-Live-Patching-15-SP2-2021-2363=1
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2359=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2360=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2365=1
SUSE-SLE-Module-Live-Patching-15-SP1-2021-2371=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2357=1
SUSE-SLE-Live-Patching-12-SP5-2021-2358=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x
x86_64):
kernel-livepatch-5_3_18-24_43-default-8-2.2
kernel-livepatch-5_3_18-24_43-default-debuginfo-8-2.2
kernel-livepatch-5_3_18-24_46-default-8-2.2
kernel-livepatch-5_3_18-24_46-default-debuginfo-8-2.2
kernel-livepatch-5_3_18-24_49-default-7-2.2
kernel-livepatch-5_3_18-24_49-default-debuginfo-7-2.2
kernel-livepatch-SLE15-SP2_Update_10-debugsource-7-2.2
kernel-livepatch-SLE15-SP2_Update_8-debugsource-8-2.2
kernel-livepatch-SLE15-SP2_Update_9-debugsource-8-2.2
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_75-default-8-2.2
kernel-livepatch-4_12_14-197_78-default-8-2.3
kernel-livepatch-4_12_14-197_86-default-6-2.2
kernel-livepatch-4_12_14-197_89-default-3-2.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_46-default-10-2.2
kgraft-patch-4_12_14-122_60-default-7-2.2
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1187597
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for
SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2367-1
Rating: important
References: #1185901 #1187597 #1187687
Cross-References: CVE-2021-0512 CVE-2021-0605 CVE-2021-23133
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150_72 fixes several issues.
The following security issues were fixed:
o CVE-2021-0605: Fixed an out-of-bounds read which could lead to local
information disclosure in the kernel with System execution privileges
needed. (bsc#1187687)
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187597)
o CVE-2021-23133: Fixed a race condition in the SCTP sockets that can lead to
kernel privilege escalation from the context of a network service or an
unprivileged process. (bsc#1185901)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-2364=1
SUSE-SLE-Module-Live-Patching-15-2021-2370=1
o SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-2355=1
SUSE-SLE-Live-Patching-12-SP4-2021-2356=1
SUSE-SLE-Live-Patching-12-SP4-2021-2367=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150_69-default-6-2.2
kernel-livepatch-4_12_14-150_69-default-debuginfo-6-2.2
kernel-livepatch-4_12_14-150_72-default-3-2.1
kernel-livepatch-4_12_14-150_72-default-debuginfo-3-2.1
o SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_57-default-12-2.2
kgraft-patch-4_12_14-95_60-default-11-2.2
kgraft-patch-4_12_14-95_74-default-3-2.1
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://www.suse.com/security/cve/CVE-2021-0605.html
o https://www.suse.com/security/cve/CVE-2021-23133.html
o https://bugzilla.suse.com/1185901
o https://bugzilla.suse.com/1187597
o https://bugzilla.suse.com/1187687
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for
SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2372-1
Rating: important
References: #1187597
Cross-References: CVE-2021-0512
Affected Products:
SUSE Linux Enterprise Module for Live Patching 15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-197_92 fixes one issue.
The following security issue was fixed:
o CVE-2021-0512: Fixed a possible out-of-bounds write which could lead to
local escalation of privilege with no additional execution privileges
needed. (bsc#1187597)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-2372=1
Package List:
o SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_92-default-2-2.1
References:
o https://www.suse.com/security/cve/CVE-2021-0512.html
o https://bugzilla.suse.com/1187597
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYPDYseNLKJtyKPYoAQjm7Q//cmulFFRg5psdqEXkF47CUFb1RtDuSzPl
AlR6kkXgLyeTbpsBqx8GLfF4196ojJVfqF81tWs8u38w7ZrBSEkoTjWCra4F1ie1
RkR6jAvNhgl2cVXXmLNhlVfTqPwaYxVxtB4dqePQSkDPS2u/1xmGaxwklYYSdkDt
UUMCVdYjZ1xTjJ66U4hJs13Lu8B4hPL8dwEysQbiw6DBPiSiu254AfO+6tgdvYsh
IVhJD/HkKanpEyQCF0tNKZ2Me4VnxyyTS6cggShQri9i/7ueQHH5FnrNmoqiKa2Q
f5+xHDHCp+XxShcoR4HXdIJQ8MP+BkeH9mC1Hk1cTn2Iz8nXvJ3bK9w+1f4wEWPV
mH1txXS6ZSBniz70uFyOBigMPDO0Yni0laiukT6L86kVQZtlMG8nyYP074/s7sfj
580SZU830fR8MneDaqKQFuia8U7aBnuJCSZvZv7eA9ejSeTaniWmtHtKxiZyn0Y2
y/lmlmjatPiJY9W7kJC4xEvVTFta1f48gtXZSfW8rvjeod/6VwmrCOWIWJAAiGlw
mwXU+LHbOZPbDF858nd6AeBzJibM+/NYp7zFUmGMs8aVTOsGI5UqWNkKpnhz6cdt
SR821Mpp/g5Vc3kMhGLX3oriuLHens0jAszV3gjALGFE74/5NieDQJ4ADyjBEyDk
ESa4C8NO5f0=
=5bCk
-----END PGP SIGNATURE-----