Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2452
Security update for the Linux Kernel
21 July 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kernel
Publisher: SUSE
Operating System: SUSE
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-33909 CVE-2021-22555 CVE-2021-3612
CVE-2021-3609 CVE-2020-36385
Reference: ESB-2021.2444
ESB-2021.2443
ESB-2021.2439
ESB-2021.2437
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212416-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212415-1
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2416-1
Rating: important
References: #1065729 #1085224 #1094840 #1153720 #1170511 #1183871
#1184114 #1185032 #1185308 #1185791 #1185995 #1187050
#1187215 #1187585 #1187934 #1188062 #1188116 #1188273
#1188274
Cross-References: CVE-2020-36385 CVE-2021-22555 CVE-2021-33909 CVE-2021-3609
CVE-2021-3612
Affected Products:
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 14 fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:
o CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/
x_tables.c that could allow local provilege escalation. (bsc#1188116)
o CVE-2021-33909: Fixed an out-of-bounds write in the filesystem layer that
allows to obtain full root privileges. (bsc#1188062)
o CVE-2021-3609: Fixed a race condition in the CAN BCM networking protocol
which allows for local privilege escalation. (bsc#1187215)
o CVE-2021-3612: Fixed an out-of-bounds memory write flaw which could allows
a local user to crash the system or possibly escalate their privileges on
the system. (bsc#1187585)
o CVE-2020-36385: Fixed a use-after-free flaw in ucma.c which allows for
local privilege escalation. (bsc#1187050)
The following non-security bugs were fixed:
o ACPI: property: Constify stubs for CONFIG_ACPI=n case (git-fixes).
o ACPI: sysfs: Fix a buffer overrun problem with description_show()
(git-fixes).
o ALSA: isa: Fix error return code in snd_cmi8330_probe() (git-fixes).
o arm_pmu: Fix write counter incorrect in ARMv7 big-endian mode (git-fixes).
o arm64/mm: Fix ttbr0 values stored in struct thread_info for software-pan
(git-fixes).
o ASoC: cs42l42: Correct definition of CS42L42_ADC_PDN_MASK (git-fixes).
o ASoC: hisilicon: fix missing clk_disable_unprepare() on error in
hi6210_i2s_startup() (git-fixes).
o ata: ahci_sunxi: Disable DIPM (git-fixes).
o ath10k: Fix an error code in ath10k_add_interface() (git-fixes).
o Bluetooth: mgmt: Fix slab-out-of-bounds in tlv_data_is_valid (git-fixes).
o brcmfmac: correctly report average RSSI in station info (git-fixes).
o brcmfmac: fix setting of station info chains bitmask (git-fixes).
o brcmsmac: mac80211_if: Fix a resource leak in an error handling path
(git-fixes).
o can: gw: synchronize rcu operations before removing gw job entry
(git-fixes).
o can: hi311x: hi3110_can_probe(): silence clang warning (git-fixes).
o can: peak_pciefd: pucan_handle_status(): fix a potential starvation issue
in TX path (git-fixes).
o cfg80211: call cfg80211_leave_ocb when switching away from OCB (git-fixes).
o char: pcmcia: error out if 'num_bytes_read' is greater than 4 in
set_protocol() (git-fixes).
o crypto: cavium/nitrox - Fix an error rhandling path in 'nitrox_probe()'
(git-fixes).
o cxgb4: fix wrong shift (git-fixes).
o drm: qxl: ensure surf.data is ininitialized (git-fixes).
o drm/nouveau: wait for moving fence after pinning v2 (git-fixes).
o drm/radeon: wait for moving fence after pinning (git-fixes).
o drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on error in
cdn_dp_grf_write() (git-fixes).
o extcon: max8997: Add missing modalias string (git-fixes).
o extcon: sm5502: Drop invalid register write in sm5502_reg_data (git-fixes).
o fpga: stratix10-soc: Add missing fpga_mgr_free() call (git-fixes).
o fuse: check connected before queueing on fpq->io (bsc#1188273).
o fuse: reject internal errno (bsc#1188274).
o genirq: Disable interrupts for force threaded handlers (git-fixes)
o genirq: Fix reference leaks on irq affinity notifiers (git-fixes)
o genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (git-fixes)
o genirq/irqdomain: Do not try to free an interrupt that has no (git-fixes)
o gve: Fix swapped vars when fetching max queues (git-fixes).
o HID: Add BUS_VIRTUAL to hid_connect logging (git-fixes).
o HID: gt683r: add missing MODULE_DEVICE_TABLE (git-fixes).
o HID: hid-sensor-hub: Return error for hid_set_field() failure (git-fixes).
o HID: usbhid: fix info leak in hid_submit_ctrl (git-fixes).
o hwmon: (max31722) Remove non-standard ACPI device IDs (git-fixes).
o hwmon: (max31790) Fix fan speed reporting for fan7..12 (git-fixes).
o i2c: robotfuzz-osif: fix control-request directions (git-fixes).
o ibmvnic: Allow device probe if the device is not ready at boot (bsc#1184114
ltc#192237).
o ibmvnic: fix kernel build warning (bsc#1184114 ltc#192237).
o ibmvnic: fix kernel build warning in strncpy (bsc#1184114 ltc#192237).
o ibmvnic: fix kernel build warnings in build_hdr_descs_arr (bsc#1184114 ltc#
192237).
o ibmvnic: fix send_request_map incompatible argument (bsc#1184114 ltc#
192237).>
o ibmvnic: free tx_pool if tso_pool alloc fails (bsc#1085224 ltc#164363).
o ibmvnic: parenthesize a check (bsc#1184114 ltc#192237 bsc#1183871 ltc#
192139 git-fixes).
o ibmvnic: set ltb->buff to NULL after freeing (bsc#1094840 ltc#167098).
o ibmvnic: Use list_for_each_entry() to simplify code in ibmvnic.c (bsc#
1184114 ltc#192237).
o ibmvnic: Use strscpy() instead of strncpy() (bsc#1184114 ltc#192237).
o iio: accel: bma180: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: accel: bma220: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: accel: hid: Fix buffer alignment in iio_push_to_buffers_with_timestamp
() (git-fixes).
o iio: accel: kxcjk-1013: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: accel: stk8312: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: accel: stk8ba50: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: adc: mxs-lradc: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: adc: ti-ads1015: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: adc: vf610: Fix buffer alignment in iio_push_to_buffers_with_timestamp
() (git-fixes).
o iio: adis_buffer: do not return ints in irq handlers (git-fixes).
o iio: gyro: bmg160: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: humidity: am2315: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: light: isl29125: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: light: tcs3414: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: ltr501: ltr501_read_ps(): add missing endianness conversion
(git-fixes).
o iio: ltr501: ltr559: fix initialization of LTR501_ALS_CONTR (git-fixes).
o iio: ltr501: mark register holding upper 8 bits of ALS_DATA{0,1} and
PS_DATA as volatile, too (git-fixes).
o iio: potentiostat: lmp91000: Fix alignment of buffer in
iio_push_to_buffers_with_timestamp() (git-fixes).
o iio: prox: pulsed-light: Fix buffer alignment in
iio_push_to_buffers_with_timestamp() (git-fixes).
o Input: hil_kbd - fix error return code in hil_dev_connect() (git-fixes).
o Input: usbtouchscreen - fix control-request directions (git-fixes).
o leds: ktd2692: Fix an error handling path (git-fixes).
o leds: trigger: fix potential deadlock with libata (git-fixes).
o lib/decompressors: remove set but not used variabled 'level' (git-fixes).
o lpfc: Decouple port_template and vport_template (bsc#1185032).
o mac80211: remove iwlwifi specific workaround NDPs of null_response
(git-fixes).
o mac80211: remove warning in ieee80211_get_sband() (git-fixes).
o media: dtv5100: fix control-request directions (git-fixes).
o media: dvb-usb: fix wrong definition (git-fixes).
o media: exynos4-is: Fix a use after free in isp_video_release (git-fixes).
o media: gspca/gl860: fix zero-length control requests (git-fixes).
o media: gspca/sq905: fix control-request direction (git-fixes).
o media: gspca/sunplus: fix zero-length control requests (git-fixes).
o media: I2C: change 'RST' to "RSET" to fix multiple build errors
(git-fixes).
o media: rtl28xxu: fix zero-length control request (git-fixes).
o media: s5p-g2d: Fix a memory leak on ctx->fh.m2m_ctx (git-fixes).
o media: siano: Fix out-of-bounds warnings in smscore_load_firmware_family2()
(git-fixes).
o media: tc358743: Fix error return code in tc358743_probe_of() (git-fixes).
o media: zr364xx: fix memory leak in zr364xx_start_readpipe (git-fixes).
o memory: atmel-ebi: add missing of_node_put for loop iteration (git-fixes).
o memory: fsl_ifc: fix leak of IO mapping on probe failure (git-fixes).
o memory: fsl_ifc: fix leak of private memory on probe failure (git-fixes).
o memory: gpmc: fix out of bounds read and dereference on gpmc_cs[]
(git-fixes).
o mmc: block: Disable CMDQ on the ioctl path (git-fixes).
o mmc: core: clear flags before allowing to retune (git-fixes).
o mmc: sdhci-esdhc-imx: remove unused is_imx6q_usdhc (git-fixes).
o mmc: sdhci: Fix warning message when accessing RPMB in HS400 mode
(git-fixes).
o mmc: usdhi6rol0: fix error return code in usdhi6_probe() (git-fixes).
o mmc: vub3000: fix control-request direction (git-fixes).
o mwifiex: re-fix for unaligned accesses (git-fixes).
o net: usb: fix possible use-after-free in smsc75xx_bind (git-fixes).
o netsec: restore phy power state after controller reset (git-fixes).
o nvme: verify MNAN value if ANA is enabled (bsc#1185791).
o PCI: Mark some NVIDIA GPUs to avoid bus reset (git-fixes).
o PCI: Mark TI C667X to avoid bus reset (git-fixes).
o PCI: Work around Huawei Intelligent NIC VF FLR erratum (git-fixes).
o r8152: Avoid memcpy() over-reading of ETH_SS_STATS (git-fixes).
o reset: a10sr: add missing of_match_table reference (git-fixes).
o reset: bail if try_module_get() fails (git-fixes).
o reset: sti: reset-syscfg: fix struct description warnings (git-fixes).
o Revert "ALSA: bebob/oxfw: fix Kconfig entry for Mackie d.2 Pro"
(git-fixes).
o Revert "hwmon: (lm80) fix a missing check of bus read in lm80 probe"
(git-fixes).
o Revert "ibmvnic: remove duplicate napi_schedule call in open function" (bsc
#1065729).
o Revert "PCI: PM: Do not read power state in pci_enable_device_flags()"
(git-fixes).
o Revert "USB: cdc-acm: fix rounding error in TIOCSSERIAL" (git-fixes).
o sched/cpufreq/schedutil: Fix error path mutex unlock (git-fixes)
o sched/fair: Do not assign runtime for throttled cfs_rq (git-fixes)
o sched/fair: Fix unfairness caused by missing load decay (git-fixes)
o sched/numa: Fix a possible divide-by-zero (git-fixes)
o scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (bsc#1185995).
o scsi: qedf: Do not put host in qedf_vport_create() unconditionally (bsc#
1170511).
o serial: mvebu-uart: clarify the baud rate derivation (git-fixes).
o serial: mvebu-uart: correctly calculate minimal possible baudrate
(git-fixes).
o serial: mvebu-uart: do not allow changing baudrate when uartclk is not
available (git-fixes).
o serial: mvebu-uart: fix calculation of clock divisor (git-fixes).
o spi: spi-sun6i: Fix chipselect/clock bug (git-fixes).
o spi: tegra114: Fix an error message (git-fixes).
o staging: gdm724x: check for buffer overflow in gdm_lte_multi_sdu_pkt()
(git-fixes).
o staging: gdm724x: check for overflow in gdm_lte_netif_rx() (git-fixes).
o tty: nozomi: Fix a resource leak in an error handling function (git-fixes).
o tty: nozomi: Fix the error handling path of 'nozomi_card_init()'
(git-fixes).
o usb: typec: Add the missed altmode_id_remove() in typec_register_altmode()
(git-fixes).
o watchdog: aspeed: fix hardware timeout calculation (git-fixes).
o watchdog: sp805: Fix kernel doc description (git-fixes).
o wcn36xx: Move hal_buf allocation to devm_kmalloc in probe (git-fixes).
o wireless: carl9170: fix LEDS build errors and warnings (git-fixes).
o x86/debug: Extend the lower bound of crash kernel low reservations (bsc#
1153720).
o x86/kvm: Disable all PV features on crash (bsc#1185308).
o x86/kvm: Disable kvmclock on all CPUs on shutdown (bsc#1185308).
o x86/kvm: Fix pr_info() for async PF setup/teardown (bsc#1185308).
o x86/kvm: Teardown PV features on boot CPU as well (bsc#1185308).
o x86/kvm: Unify kvm_pv_guest_cpu_reboot() with kvm_guest_cpu_offline() (bsc#
1185308).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2021-2416=1
o SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2021-2416=1
o SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-2416=1
o SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-2416=1
o SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2021-2416=1
Package List:
o SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.80.1
kernel-default-debugsource-4.12.14-122.80.1
kernel-default-extra-4.12.14-122.80.1
kernel-default-extra-debuginfo-4.12.14-122.80.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-4.12.14-122.80.1
kernel-obs-build-debugsource-4.12.14-122.80.1
o SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.80.1
o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.80.1
kernel-default-base-4.12.14-122.80.1
kernel-default-base-debuginfo-4.12.14-122.80.1
kernel-default-debuginfo-4.12.14-122.80.1
kernel-default-debugsource-4.12.14-122.80.1
kernel-default-devel-4.12.14-122.80.1
kernel-syms-4.12.14-122.80.1
o SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.80.1
o SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.80.1
kernel-macros-4.12.14-122.80.1
kernel-source-4.12.14-122.80.1
o SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.80.1
o SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.80.1
kernel-default-debugsource-4.12.14-122.80.1
kernel-default-kgraft-4.12.14-122.80.1
kernel-default-kgraft-devel-4.12.14-122.80.1
kgraft-patch-4_12_14-122_80-default-1-8.3.1
o SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.80.1
cluster-md-kmp-default-debuginfo-4.12.14-122.80.1
dlm-kmp-default-4.12.14-122.80.1
dlm-kmp-default-debuginfo-4.12.14-122.80.1
gfs2-kmp-default-4.12.14-122.80.1
gfs2-kmp-default-debuginfo-4.12.14-122.80.1
kernel-default-debuginfo-4.12.14-122.80.1
kernel-default-debugsource-4.12.14-122.80.1
ocfs2-kmp-default-4.12.14-122.80.1
ocfs2-kmp-default-debuginfo-4.12.14-122.80.1
References:
o https://www.suse.com/security/cve/CVE-2020-36385.html
o https://www.suse.com/security/cve/CVE-2021-22555.html
o https://www.suse.com/security/cve/CVE-2021-33909.html
o https://www.suse.com/security/cve/CVE-2021-3609.html
o https://www.suse.com/security/cve/CVE-2021-3612.html
o https://bugzilla.suse.com/1065729
o https://bugzilla.suse.com/1085224
o https://bugzilla.suse.com/1094840
o https://bugzilla.suse.com/1153720
o https://bugzilla.suse.com/1170511
o https://bugzilla.suse.com/1183871
o https://bugzilla.suse.com/1184114
o https://bugzilla.suse.com/1185032
o https://bugzilla.suse.com/1185308
o https://bugzilla.suse.com/1185791
o https://bugzilla.suse.com/1185995
o https://bugzilla.suse.com/1187050
o https://bugzilla.suse.com/1187215
o https://bugzilla.suse.com/1187585
o https://bugzilla.suse.com/1187934
o https://bugzilla.suse.com/1188062
o https://bugzilla.suse.com/1188116
o https://bugzilla.suse.com/1188273
o https://bugzilla.suse.com/1188274
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2415-1
Rating: important
References: #1188062 #1188116
Cross-References: CVE-2021-22555 CVE-2021-33909
Affected Products:
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security
and bugfixes.
Security issues fixed:
o CVE-2021-22555: A heap out-of-bounds write was discovered in net/netfilter/
x_tables.c (bnc#1188116).
o CVE-2021-33909: Extremely large seq buffer allocations in seq_file could
lead to buffer underruns and code execution (bsc#1188062).
The following non-security bugs were fixed:
o usb: dwc3: Fix debugfs creation flow (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-2415=1
o SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2021-2415=1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2021-2415=1
o SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2021-2415=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-2415=1
o SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2021-2415=1
Package List:
o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-59.16.1
kernel-default-debugsource-5.3.18-59.16.1
kernel-default-extra-5.3.18-59.16.1
kernel-default-extra-debuginfo-5.3.18-59.16.1
kernel-preempt-debuginfo-5.3.18-59.16.1
kernel-preempt-debugsource-5.3.18-59.16.1
kernel-preempt-extra-5.3.18-59.16.1
kernel-preempt-extra-debuginfo-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x
x86_64):
kernel-default-debuginfo-5.3.18-59.16.1
kernel-default-debugsource-5.3.18-59.16.1
kernel-default-livepatch-5.3.18-59.16.1
kernel-default-livepatch-devel-5.3.18-59.16.1
kernel-livepatch-5_3_18-59_16-default-1-7.3.1
o SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le
s390x x86_64):
kernel-default-debuginfo-5.3.18-59.16.1
kernel-default-debugsource-5.3.18-59.16.1
reiserfs-kmp-default-5.3.18-59.16.1
reiserfs-kmp-default-debuginfo-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le
s390x x86_64):
kernel-obs-build-5.3.18-59.16.1
kernel-obs-build-debugsource-5.3.18-59.16.1
kernel-syms-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-59.16.1
kernel-preempt-debugsource-5.3.18-59.16.1
kernel-preempt-devel-5.3.18-59.16.1
kernel-preempt-devel-debuginfo-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-59.16.1
kernel-source-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
kernel-default-5.3.18-59.16.1
kernel-default-base-5.3.18-59.16.1.18.8.1
kernel-default-debuginfo-5.3.18-59.16.1
kernel-default-debugsource-5.3.18-59.16.1
kernel-default-devel-5.3.18-59.16.1
kernel-default-devel-debuginfo-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-59.16.1
kernel-preempt-debuginfo-5.3.18-59.16.1
kernel-preempt-debugsource-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-59.16.1
kernel-64kb-debuginfo-5.3.18-59.16.1
kernel-64kb-debugsource-5.3.18-59.16.1
kernel-64kb-devel-5.3.18-59.16.1
kernel-64kb-devel-debuginfo-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-59.16.1
kernel-macros-5.3.18-59.16.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-59.16.1
kernel-zfcpdump-debuginfo-5.3.18-59.16.1
kernel-zfcpdump-debugsource-5.3.18-59.16.1
o SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x
x86_64):
cluster-md-kmp-default-5.3.18-59.16.1
cluster-md-kmp-default-debuginfo-5.3.18-59.16.1
dlm-kmp-default-5.3.18-59.16.1
dlm-kmp-default-debuginfo-5.3.18-59.16.1
gfs2-kmp-default-5.3.18-59.16.1
gfs2-kmp-default-debuginfo-5.3.18-59.16.1
kernel-default-debuginfo-5.3.18-59.16.1
kernel-default-debugsource-5.3.18-59.16.1
ocfs2-kmp-default-5.3.18-59.16.1
ocfs2-kmp-default-debuginfo-5.3.18-59.16.1
References:
o https://www.suse.com/security/cve/CVE-2021-22555.html
o https://www.suse.com/security/cve/CVE-2021-33909.html
o https://bugzilla.suse.com/1188062
o https://bugzilla.suse.com/1188116
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYPebieNLKJtyKPYoAQjhDg/9F704ES/kwsSozNL0wI3qGZ5Mb0LLQSiE
Gz+MIdRd64iGtXwKCYKLudZ2S+fdeYgPQgL9N4SLRcqQrkOzW7jDIReNk0n4Y0Ze
I6L7VpwKs5hQxIIFUgPin5Qjj3XItZLiDLEfSxDM66rk/b/sP/RBvoL7iNmIvQG5
1gOU7v2W64cnfMDnmIkiiXY94Z7U1RmdaVRPGlIB/0vn+Zbi5BsplHzrSkTR/r7e
SRaxCoPuvHfeXppw+Qf67h1knep74Ax6qDlvlRiMw2JcR6VsvJ+F9FTqRjNRsCXW
e/ZQKXOyQ3fpXhx37rnIHjMMrqtNb06OyE17RaT3X2Knw/zImATYzRFjIg4RxMYy
G0aOa46Xd97C9Q2NjsOgw5sMSLYPT6wA6KmuaMBggqtD2yvv34erL7MfPfVLnAEj
6i+F5VxFuLJyb+OkX7/UaCgIak41tjVJ6XPcmFS2cxktMhwMy64kJ432UkGmzB8H
/pp6ahbWhj0TH1COFs7B6PlkvxpCQtXqiMt4nXO59tFwq4tg2eC0GTInx+HwxMpR
hG1dPVnynabnbcJpAj7eZRIhNPFLPqp1HqWtsAz48v6K5G2gpgXc+J5LPbSZIWZl
yMfb2jpDTd0RP9dXKhBP3q5Fnxhkg+mdP1JsDQa+2VTDw+4Yzz1RdVds3a95d/sV
WJDhQsSNbjI=
=2Tsu
-----END PGP SIGNATURE-----