Malware Devil

Loading...

Monday, October 12, 2020

ESB-2020.2256.2 – UPDATE [Win][UNIX/Linux][Linux][AIX] Db2: Access confidential data – Existing account 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2256.2
           IBM Db2 could allow a local user to obtain sensitive
           information using a race condition of a symbolic link
                              12 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Db2
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Windows
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4386  

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6242342

Revision History:  October 12 2020: Linux/Unix images updated V9.7
                   July     1 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM Db2 is vulnerable to an information disclosure. (CVE-2020-4386)

Security Bulletin

Summary

IBM Db2 could allow a local user to obtain sensitive information using a race
condition of a symbolic link.

Vulnerability Details

CVEID: CVE-2020-4386
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
could allow a local user to obtain sensitive information using a race condition
of a symbolic link.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179268 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on
all platforms are affected.

Remediation/Fixes

Customers running any vulnerable fixpack level of an affected Program can
download the special build containing the interim fix for this issue from Fix
Central. These special builds are available based on the most recent fixpack
level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, 11.1 FP5,
and V11.5 GA. They can be applied to any affected fixpack level of the
appropriate release to remediate this vulnerability.

+-------+----------------+-------+--------------------------------------------+
|Release|Fixed in fix    |APAR   |Download URL                                |
|       |pack            |       |                                            |
+-------+----------------+-------+--------------------------------------------+
|V9.7   |TBD             |IT32740|Special Build for V9.7 FP11:                |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |HP-UX 64-bit                                |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER big endian              |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Solaris 64-bit, x86-64                      |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
|       |                |       |                                            |
|       |                |       |Note: Windows images updated 2020/08/18     |
|       |                |       |                                            |
|       |                |       |Linux/Unix images updated 2020/10/09        |
+-------+----------------+-------+--------------------------------------------+
|V10.1  |TBD             |IT32739|Special Build for V10.1 FP6:                |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |HP-UX 64-bit                                |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER big endian              |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Solaris 64-bit, x86-64                      |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
+-------+----------------+-------+--------------------------------------------+
|V10.5  |TBD             |IT32738|Special Build for V10.5 FP11:               |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |HP-UX 64-bit                                |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER big endian              |
|       |                |       |Linux 64-bit, POWER little endian           |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Solaris 64-bit, x86-64                      |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
|       |                |       |Inspur                                      |
+-------+----------------+-------+--------------------------------------------+
|V11.1  |TBD             |IT32737|Special Build for V11.1 FP5:                |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER little endian           |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
+-------+----------------+-------+--------------------------------------------+
|V11.5  |TBD             |IT32714|Build for V11.5.4 GA:                       |
|       |                |       |                                            |
|       |                |       |https://www.ibm.com/support/pages/node/     |
|       |                |       |6241724                                     |
+-------+----------------+-------+--------------------------------------------+

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4PtKeNLKJtyKPYoAQg9Eg/6AwBNHZv7jh4u951UYK6UaefDjjnG8eHb
6Do6LpN009/C/iK4iRVPEQ94Q2SCbzFILZwOgh7i9nW0IuJVhXevViVuNfbvTzMq
lHcGdnOAdFxjuVjsarAfmkcLcJHV72xVUXBhPfud0Jv5vz7rHRRYRZV4TnR2KIld
ThX4yHFt/cjuoY2quHv5E6dkyrNXdoaXs5czLtIX/qn45wvOrsN1Tp/4UdF8ZBBZ
JyAnclJgbZ3raf7mYZplzxq070D6bVz9B7bZY6TN82fj7rfYyRrhJa78I/Gv9OZc
uB7+E29DvnGW5xgKCsKgTACosnrW9qHwLaFi7n+Rste84uk34uWPsSwtkMuznjX6
QtaCf03ReOvA8GG5sJxXeNQYu1PWxzKitQ0BY556Rivv1cltexfkQslDK+QIy8+w
/ukTLdytxUuc/38LGRCqH4D5BqSJ38Q8IgLEWKoHwYRyE7uhvTp9uUiCHxoxIMwj
YAN6Jbh3G3vuiueV0cxqJidTW4s00nmDL1bXpaY0S9GPiDZQXgSHCOI5x1eszkim
/lG0iifQ+CWERRF2B9QPDv4JQ7pttDfb7uI+mh6WP0PtYRGPMP8mdFFDKDQj62db
L36dwCRF2qfPQFL9cvlNzL/HBsUVnjg3cFH49pFeTXqQsGh8KNX5buxqAOH4LL+Y
fxCODcltAok=
=WKAV
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.2256.2 – UPDATE [Win][UNIX/Linux][Linux][AIX] Db2: Access confidential data – Existing account appeared first on Malware Devil.



https://malwaredevil.com/2020/10/12/esb-2020-2256-2-update-winunix-linuxlinuxaix-db2-access-confidential-data-existing-account/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2256-2-update-winunix-linuxlinuxaix-db2-access-confidential-data-existing-account
at No comments:
Labels:

ESB-2020.2258.2 – UPDATE [Win][Linux][AIX] Db2: Multiple Vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.2258.2
          IBM Db2 is vulnerable to an information disclosure and
                     denial of service (CVE-2020-4414)
                              12 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Db2
Publisher:         IBM
Operating System:  AIX
                   Linux variants
                   Windows
Impact/Access:     Access Confidential Data -- Existing Account
                   Denial of Service        -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-4414  

Original Bulletin: 
   https://www.ibm.com/support/pages/node/6242356

Revision History:  October 12 2020: Linux/Unix images updated for V9.7
                   July     1 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

IBM Db2 is vulnerable to an information disclosure and denial of service
(CVE-2020-4414)

Security Bulletin

Summary

IBM Db2 could allow a local attacker to perform unauthorized actions on the
system, caused by improper usage of shared memory. By sending a
specially-crafted request, an attacker could exploit this vulnerability to
obtain sensitive information or cause a denial of service.

Vulnerability Details

CVEID: CVE-2020-4414
DESCRIPTION: IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server)
could allow a local attacker to perform unauthorized actions on the system,
caused by improper usage of shared memory. By sending a specially-crafted
request, an attacker could exploit this vulnerability to obtain sensitive
information or cause a denial of service.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/
179989 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Affected Products and Versions

All fix pack levels of IBM Db2 V9.7, V10.1, V10.5, V11.1, and V11.5 editions on
all platforms are affected.

Remediation/Fixes

Customers running any vulnerable fixpack level of an affected Program can
download the special build containing the interim fix for this issue from Fix
Central. These special builds are available based on the most recent fixpack
level for each impacted release: V9.7 FP11, V10.1 FP6, V10.5 FP11, 11.1 FP5,
and V11.5 GA. They can be applied to any affected fixpack level of the
appropriate release to remediate this vulnerability.

+-------+----------------+-------+--------------------------------------------+
|Release|Fixed in fix    |APAR   |Download URL                                |
|       |pack            |       |                                            |
+-------+----------------+-------+--------------------------------------------+
|V9.7   |TBD             |IT32744|Special Build for V9.7 FP11:                |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |HP-UX 64-bit                                |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER big endian              |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Solaris 64-bit, x86-64                      |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
|       |                |       |                                            |
|       |                |       |Note: Windows images updated 2020/08/18     |
|       |                |       |                                            |
|       |                |       |Linux/Unix images updated 2020/10/09        |
+-------+----------------+-------+--------------------------------------------+
|V10.1  |TBD             |IT32743|Special Build for V10.1 FP6:                |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |HP-UX 64-bit                                |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER big endian              |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Solaris 64-bit, x86-64                      |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
+-------+----------------+-------+--------------------------------------------+
|V10.5  |TBD             |IT32742|Special Build for V10.5 FP11:               |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |HP-UX 64-bit                                |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER big endian              |
|       |                |       |Linux 64-bit, POWER little endian           |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Solaris 64-bit, x86-64                      |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
|       |                |       |Inspur                                      |
+-------+----------------+-------+--------------------------------------------+
|V11.1  |TBD             |IT32741|Special Build for V11.1 FP5:                |
|       |                |       |                                            |
|       |                |       |AIX 64-bit                                  |
|       |                |       |Linux 32-bit, x86-32                        |
|       |                |       |Linux 64-bit, x86-64                        |
|       |                |       |Linux 64-bit, POWER little endian           |
|       |                |       |Linux 64-bit, System z, System z9 or zSeries|
|       |                |       |Solaris 64-bit, SPARC                       |
|       |                |       |Windows 32-bit, x86                         |
|       |                |       |Windows 64-bit, x86                         |
+-------+----------------+-------+--------------------------------------------+
|V11.5  |TBD             |IT32716|Build for V11.5.4 GA:                       |
|       |                |       |                                            |
|       |                |       |https://www.ibm.com/support/pages/node/     |
|       |                |       |6241724                                     |
+-------+----------------+-------+--------------------------------------------+

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4PtvuNLKJtyKPYoAQjBLw/+MN36zOAev9Qk+f9P+dIfrnZNi/8ePcUA
R7AjeMejRQEE72tYSwv6BdvnN4TNXQFB6NUFuOXETBIowTLGI/8hr9izINDjJ0Pv
1r1xEnL9gidekAlZmONgzhXh0Iee1FLekVL+ACsXD4e5Ii36+t/kWeue2z8En2lU
OVH5iVlyQXPeFEZ5kVpoccK1nbTWSTL7lDRVgeiS75+0HTSE7cuWBObwoMEuqfC2
FX9p3d6aPT41bgdp48fQh1AXl40QkkAmbTJerF+QVG3JO95PmrbK44mcDuAiyjPH
jQWlRMHT84xSaujdbiWL2PrCL/1aZ2U691wgZzoUfsn+SxndiujRFbCnOaHN2Y2M
9wTv7fNoTQZIgG6tIC1Ymmk/TgvFLab5OvDm4bJCeBbPqEdNnzM2x+eDtUvrQQpW
bVOpSh0wCm2gna7lbLhwYJcM92d4inVxtKNxyaNVYheWvaz9jM0K1Gab68lyHqQZ
wtUCCIepDiODHCqPZL/Th8idH8BkfF8WtL9Kuv4ooxs7L+mbFwHjo+s1s9czye9z
ftyzwhrX6XBCf6nXjl2Teht+C22YRohwNrTnfV8sKs5gqGFfNcNK6Tpb1gG5DL8O
pEJqj0Wl2OoaI2HiGQJOoLq7KQ7SnE2JgcCsybZpKnX8znmLi/qLQ9maW0OF4tth
+TjTW7jA9po=
=GE7l
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.2258.2 – UPDATE [Win][Linux][AIX] Db2: Multiple Vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/12/esb-2020-2258-2-update-winlinuxaix-db2-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-2258-2-update-winlinuxaix-db2-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.3505 – [SUSE] Linux Kernel: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3505
                   Security update for the Linux Kernel
                              12 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Linux Kernel
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Denial of Service   -- Existing Account
                   Unauthorised Access -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-26088 CVE-2020-25284 CVE-2020-14390
                   CVE-2020-14385 CVE-2020-2521 CVE-2020-0432
                   CVE-2020-0431 CVE-2020-0427 CVE-2020-0404

Reference:         ESB-2020.3341
                   ESB-2020.3268
                   ESB-2020.3136

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20202879-1

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for the Linux Kernel

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2879-1
Rating:            important
References:        #1055186 #1058115 #1065600 #1065729 #1094244 #1136666
                   #1152148 #1152472 #1152489 #1153274 #1154353 #1155518
                   #1155798 #1156395 #1167527 #1170232 #1170774 #1171000
                   #1171068 #1171073 #1171558 #1171688 #1171742 #1172419
                   #1172757 #1172873 #1173017 #1173060 #1173115 #1173267
                   #1173746 #1174029 #1174110 #1174111 #1174358 #1174484
                   #1174486 #1174899 #1175263 #1175667 #1175718 #1175749
                   #1175787 #1175882 #1175952 #1175996 #1175997 #1175998
                   #1175999 #1176000 #1176001 #1176019 #1176022 #1176038
                   #1176063 #1176137 #1176235 #1176236 #1176237 #1176242
                   #1176278 #1176357 #1176358 #1176359 #1176360 #1176361
                   #1176362 #1176363 #1176364 #1176365 #1176366 #1176367
                   #1176381 #1176423 #1176449 #1176482 #1176486 #1176507
                   #1176536 #1176537 #1176538 #1176539 #1176540 #1176541
                   #1176542 #1176544 #1176545 #1176546 #1176548 #1176558
                   #1176559 #1176587 #1176588 #1176659 #1176698 #1176699
                   #1176700 #1176721 #1176722 #1176725 #1176732 #1176763
                   #1176775 #1176788 #1176789 #1176833 #1176869 #1176877
                   #1176925 #1176962 #1176980 #1176990 #1177021 #1177030
Cross-References:  CVE-2020-0404 CVE-2020-0427 CVE-2020-0431 CVE-2020-0432
                   CVE-2020-14385 CVE-2020-14390 CVE-2020-2521 CVE-2020-25284
                   CVE-2020-26088
Affected Products:
                   SUSE Linux Enterprise Workstation Extension 15-SP2
                   SUSE Linux Enterprise Module for Live Patching 15-SP2
                   SUSE Linux Enterprise Module for Legacy Software 15-SP2
                   SUSE Linux Enterprise Module for Development Tools 15-SP2
                   SUSE Linux Enterprise Module for Basesystem 15-SP2
                   SUSE Linux Enterprise High Availability 15-SP2
______________________________________________________________________________

An update that solves 9 vulnerabilities and has 105 fixes is now available.

Description:

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security
and bugfixes.
The following security bugs were fixed:

  o CVE-2020-26088: Fixed an improper CAP_NET_RAW check in NFC socket creation
    could have been used by local attackers to create raw sockets, bypassing
    security mechanisms (bsc#1176990).
  o CVE-2020-14390: Fixed an out-of-bounds memory write leading to memory
    corruption or a denial of service when changing screen size (bnc#1176235).
  o CVE-2020-0432: Fixed an out of bounds write due to an integer overflow (bsc
    #1176721).
  o CVE-2020-0427: Fixed an out of bounds read due to a use after free (bsc#
    1176725).
  o CVE-2020-0431: Fixed an out of bounds write due to a missing bounds check
    (bsc#1176722).
  o CVE-2020-0404: Fixed a linked list corruption due to an unusual root cause
    (bsc#1176423).
  o CVE-2020-2521: Fixed getxattr kernel panic and memory overflow (bsc#
    1176381).
  o CVE-2020-25284: Fixed an incomplete permission checking for access to rbd
    devices, which could have been leveraged by local attackers to map or unmap
    rbd block devices (bsc#1176482).
  o CVE-2020-14385: Fixed a failure of the file system metadata validator in
    XFS which could have caused an inode with a valid, user-creatable extended
    attribute to be flagged as corrupt (bsc#1176137).


The following non-security bugs were fixed:

  o ALSA: asihpi: fix iounmap in error handler (git-fixes).
  o ALSA: ca0106: fix error code handling (git-fixes).
  o ALSA: firewire-digi00x: exclude Avid Adrenaline from detection (git-fixes).
  o ALSA: firewire-tascam: exclude Tascam FE-8 from detection (git-fixes).
  o ALSA: hda: Fix 2 channel swapping for Tegra (git-fixes).
  o ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled
    (git-fixes).
  o ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO
    (git-fixes).
  o ALSA: hda: fixup headset for ASUS GX502 laptop (git-fixes).
  o ALSA: hda: hdmi - add Rocketlake support (git-fixes).
  o ALSA: hda/hdmi: always check pin power status in i915 pin fixup
    (git-fixes).
  o ALSA: hda/realtek: Add quirk for Samsung Galaxy Book Ion NT950XCJ-X716A
    (git-fixes).
  o ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged
    (git-fixes).
  o ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation
    P520 (git-fixes).
  o ALSA: hda/realtek - Improved routing for Thinkpad X1 7th/8th Gen
    (git-fixes).
  o ALSA: hda/realtek - The Mic on a RedmiBook does not work (git-fixes).
  o ALSA: hda/tegra: Program WAKEEN register for Tegra (git-fixes).
  o ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check
    (git-fixes).
  o ALSA: usb-audio: Add basic capture support for Pioneer DJ DJM-250MK2
    (git-fixes).
  o ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).
  o ALSA: usb-audio: Add implicit feedback quirk for UR22C (git-fixes).
  o ALSA: usb-audio: Disable autosuspend for Lenovo ThinkStation P620
    (git-fixes).
  o arm64: paravirt: Initialize steal time when cpu is online (bsc#1176833).
  o ASoC: img: Fix a reference count leak in img_i2s_in_set_fmt (git-fixes).
  o ASoC: img-parallel-out: Fix a reference count leak (git-fixes).
  o ASoC: meson: axg-toddr: fix channel order on g12 platforms (git-fixes).
  o ASoC: qcom: common: Fix refcount imbalance on error (git-fixes).
  o ASoC: qcom: Set card->owner to avoid warnings (git-fixes).
  o ASoC: SOF: Intel: add PCI ID for CometLake-S (git-fixes).
  o ASoC: tegra: Fix reference count leaks (git-fixes).
  o ata: ahci: use ata_link_info() instead of ata_link_printk() (jsc#
    SLE-14459).
  o batman-adv: Add missing include for in_interrupt() (git-fixes).
  o batman-adv: Avoid uninitialized chaddr when handling DHCP (git-fixes).
  o batman-adv: bla: fix type misuse for backbone_gw hash indexing (git-fixes).
  o batman-adv: bla: use netif_rx_ni when not in interrupt context (git-fixes).
  o batman-adv: Fix own OGM check in aggregated OGMs (git-fixes).
  o batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh
    (git-fixes).
  o batman-adv: mcast: fix duplicate mcast packets in BLA backbone from LAN
    (git-fixes).
  o batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh
    (git-fixes).
  o batman-adv: mcast/TT: fix wrongly dropped or rerouted packets (git-fixes).
  o bcache: allocate meta data pages as compound pages (bsc#1172873).
  o bitfield.h: do not compile-time validate _val in FIELD_FIT (git fixes
    (bitfield)).
  o blktrace: fix debugfs use after free (git fixes (block drivers)).
  o block: add docs for gendisk / request_queue refcount helpers (git fixes
    (block drivers)).
  o block: check queue's limits.discard_granularity in __blkdev_issue_discard()
    (bsc#1152148).
  o block: improve discard bio alignment in __blkdev_issue_discard() (bsc#
    1152148).
  o block: revert back to synchronous request_queue removal (git fixes (block
    drivers)).
  o block: Use non _rcu version of list functions for tag_set_list (git-fixes).
  o Bluetooth: btrtl: Add support for RTL8761B (bsc#1177021).
  o bnxt: do not enable NAPI until rings are ready (git-fixes).
  o bnxt_en: Check for zero dir entries in NVRAM (git-fixes).
  o bnxt_en: Do not query FW when netif_running() is false (git-fixes).
  o bnxt_en: Fix completion ring sizing with TPA enabled
    (networking-stable-20_07_29).
  o bnxt_en: fix HWRM error when querying VF temperature (git-fixes).
  o bnxt_en: Fix PCI AER error recovery flow (git-fixes).
  o bnxt_en: Fix possible crash in bnxt_fw_reset_task() (jsc#SLE-8371 bsc#
    1153274).
  o bnxt_en: Fix race when modifying pause settings
    (networking-stable-20_07_29).
  o bonding: check error value of register_netdevice() immediately
    (networking-stable-20_07_29).
  o bonding: check return value of register_netdevice() in bond_newlink()
    (networking-stable-20_07_29).
  o bonding: fix a potential double-unregister (git-fixes).
  o bpf: Fix a rcu warning for bpffs map pretty-print (bsc#1155518).
  o bpf: map_seq_next should always increase position index (bsc#1155518).
  o btrfs: add a leak check for roots (bsc#1176019).
  o btrfs: add __cold attribute to more functions (bsc#1176019).
  o btrfs: add dedicated members for start and length of a block group (bsc#
    1176019).
  o btrfs: Add read_backup_root (bsc#1176019).
  o btrfs: block-group: Refactor btrfs_read_block_groups() (bsc#1176019).
  o btrfs: block-group: Reuse the item key from caller of read_one_block_group
    () (bsc#1176019).
  o btrfs: Cleanup and simplify find_newest_super_backup (bsc#1176019).
  o btrfs: clear DEAD_RELOC_TREE before dropping the reloc root (bsc#1176019).
  o btrfs: do not init a reloc root if we are not relocating (bsc#1176019).
  o btrfs: Do not use objectid_mutex during mount (bsc#1176019).
  o btrfs: drop block from cache on error in relocation (bsc#1176019).
  o btrfs: drop create parameter to btrfs_get_extent() (bsc#1176019).
  o btrfs: drop unused parameter is_new from btrfs_iget (bsc#1176019).
  o btrfs: export and rename free_fs_info (bsc#1176019).
  o btrfs: export and use btrfs_read_tree_root for tree-log (bsc#1176019).
  o btrfs: Factor out tree roots initialization during mount (bsc#1176019).
  o btrfs: fix setting last_trans for reloc roots (bsc#1176019).
  o btrfs: free more things in btrfs_free_fs_info (bsc#1176019).
  o btrfs: free the reloc_control in a consistent way (bsc#1176019).
  o btrfs: handle NULL roots in btrfs_put/btrfs_grab_fs_root (bsc#1176019).
  o btrfs: hold a ref for the root in btrfs_find_orphan_roots (bsc#1176019).
  o btrfs: hold a ref on fs roots while they're in the radix tree (bsc#
    1176019).
  o btrfs: hold a ref on the root in btrfs_check_uuid_tree_entry (bsc#1176019).
  o btrfs: hold a ref on the root in btrfs_ioctl_get_subvol_info (bsc#1176019).
  o btrfs: hold a ref on the root in btrfs_ioctl_send (bsc#1176019).
  o btrfs: hold a ref on the root in btrfs_recover_log_trees (bsc#1176019).
  o btrfs: hold a ref on the root in btrfs_recover_relocation (bsc#1176019).
  o btrfs: hold a ref on the root in __btrfs_run_defrag_inode (bsc#1176019).
  o btrfs: hold a ref on the root in btrfs_search_path_in_tree (bsc#1176019).
  o btrfs: hold a ref on the root in btrfs_search_path_in_tree_user (bsc#
    1176019).
  o btrfs: hold a ref on the root in build_backref_tree (bsc#1176019).
  o btrfs: hold a ref on the root in create_pending_snapshot (bsc#1176019).
  o btrfs: hold a ref on the root in create_reloc_inode (bsc#1176019).
  o btrfs: hold a ref on the root in create_subvol (bsc#1176019).
  o btrfs: hold a ref on the root in find_data_references (bsc#1176019).
  o btrfs: hold a ref on the root in fixup_tree_root_location (bsc#1176019).
  o btrfs: hold a ref on the root in get_subvol_name_from_objectid (bsc#
    1176019).
  o btrfs: hold a ref on the root in merge_reloc_roots (bsc#1176019).
  o btrfs: hold a ref on the root in open_ctree (bsc#1176019).
  o btrfs: hold a ref on the root in prepare_to_merge (bsc#1176019).
  o btrfs: hold a ref on the root in record_reloc_root_in_trans (bsc#1176019).
  o btrfs: hold a ref on the root in resolve_indirect_ref (bsc#1176019).
  o btrfs: hold a ref on the root in scrub_print_warning_inode (bsc#1176019).
  o btrfs: hold a ref on the root in search_ioctl (bsc#1176019).
  o btrfs: hold a ref on the root->reloc_root (bsc#1176019).
  o btrfs: hold a root ref in btrfs_get_dentry (bsc#1176019).
  o btrfs: hold ref on root in btrfs_ioctl_default_subvol (bsc#1176019).
  o btrfs: implement full reflink support for inline extents (bsc#1176019).
  o btrfs: make btrfs_find_orphan_roots use btrfs_get_fs_root (bsc#1176019).
  o btrfs: make relocation use btrfs_read_tree_root() (bsc#1176019).
  o btrfs: make the fs root init functions static (bsc#1176019).
  o btrfs: make the init of static elements in fs_info separate (bsc#1176019).
  o btrfs: move all reflink implementation code into its own file (bsc#
    1176019).
  o btrfs: move block_group_item::flags to block group (bsc#1176019).
  o btrfs: move block_group_item::used to block group (bsc#1176019).
  o btrfs: move fs_info init work into it's own helper function (bsc#1176019).
  o btrfs: move fs root init stuff into btrfs_init_fs_root (bsc#1176019).
  o btrfs: open code btrfs_read_fs_root_no_name (bsc#1176019).
  o btrfs: push btrfs_grab_fs_root into btrfs_get_fs_root (bsc#1176019).
  o btrfs: push grab_fs_root into read_fs_root (bsc#1176019).
  o btrfs: push __setup_root into btrfs_alloc_root (bsc#1176019).
  o btrfs: reloc: clean dirty subvols if we fail to start a transaction (bsc#
    1176019).
  o btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1176019).
  o btrfs: Remove block_rsv parameter from btrfs_drop_snapshot (bsc#1176019).
  o btrfs: remove btrfs_read_fs_root, not used anymore (bsc#1176019).
  o btrfs: remove embedded block_group_cache::item (bsc#1176019).
  o btrfs: Remove newest_gen argument from find_oldest_super_backup (bsc#
    1176019).
  o btrfs: Remove unused next_root_backup function (bsc#1176019).
  o btrfs: rename block_group_item on-stack accessors to follow naming (bsc#
    1176019).
  o btrfs: rename btrfs_block_group_cache (bsc#1176019).
  o btrfs: rename btrfs_put_fs_root and btrfs_grab_fs_root (bsc#1176019).
  o btrfs: rename extent buffer block group item accessors (bsc#1176019).
  o btrfs: Rename find_oldest_super_backup to init_backup_root_slot (bsc#
    1176019).
  o btrfs: require only sector size alignment for parent eb bytenr (bsc#
    1176789).
  o btrfs: reset tree root pointer after error in init_tree_roots (bsc#
    1176019).
  o btrfs: simplify inline extent handling when doing reflinks (bsc#1176019).
  o btrfs: stop clearing EXTENT_DIRTY in inode I/O tree (bsc#1176019).
  o btrfs: Streamline btrfs_fs_info::backup_root_index semantics (bsc#1176019).
  o btrfs: tree-checker: fix the error message for transid error (bsc#1176788).
  o btrfs: unset reloc control if we fail to recover (bsc#1176019).
  o btrfs: use bool argument in free_root_pointers() (bsc#1176019).
  o btrfs: use btrfs_block_group_cache_done in update_block_group (bsc#
    1176019).
  o btrfs: use btrfs_put_fs_root to free roots always (bsc#1176019).
  o ceph: do not allow setlease on cephfs (bsc#1176537).
  o ceph: fix potential mdsc use-after-free crash (bsc#1176538).
  o ceph: fix use-after-free for fsc->mdsc (bsc#1176539).
  o ceph: handle zero-length feature mask in session messages (bsc#1176540).
  o ceph: set sec_context xattr on symlink creation (bsc#1176541).
  o ceph: use frag's MDS in either mode (bsc#1176542).
  o cfg80211: regulatory: reject invalid hints (bsc#1176699).
  o char: virtio: Select VIRTIO from VIRTIO_CONSOLE (bsc#1175667).
  o cifs: Fix leak when handling lease break for cached root fid (bsc#1176242).
  o cifs/smb3: Fix data inconsistent when punch hole (bsc#1176544).
  o cifs/smb3: Fix data inconsistent when zero file range (bsc#1176536).
  o clk: davinci: Use the correct size when allocating memory (git-fixes).
  o clk: rockchip: Fix initialization of mux_pll_src_4plls_p (git-fixes).
  o crypto: ecdh - check validity of Z before export (bsc#1175718).
  o crypto: ecc - SP800-56A rev 3 local public key validation (bsc#1175718).
  o crypto: dh - check validity of Z before export (bsc#1175718).
  o crypto: dh - SP800-56A rev 3 local public key validation (bsc#1175718).
  o cxgb4: fix thermal zone device registration (git-fixes).
  o dax: do not print error message for non-persistent memory block device (bsc
    #1171073).
  o dax: print error message by pr_info() in __generic_fsdax_supported() (bsc#
    1171073).
  o debugfs: Fix module state check condition (bsc#1173746).
  o debugfs: Fix module state check condition (git-fixes).
  o dev: Defer free of skbs in flush_backlog (networking-stable-20_07_29).
  o device property: Fix the secondary firmware node handling in
    set_primary_fwnode() (git-fixes).
  o dmaengine: acpi: Put the CSRT table after using it (git-fixes).
  o dmaengine: at_hdmac: check return value of of_find_device_by_node() in
    at_dma_xlate() (git-fixes).
  o dmaengine: dw-edma: Fix scatter-gather address calculation (git-fixes).
  o dmaengine: of-dma: Fix of_dma_router_xlate's of_dma_xlate handling
    (git-fixes).
  o dmaengine: pl330: Fix burst length if burst size is smaller than bus width
    (git-fixes).
  o dm: do not call report zones for more than the user requested (git fixes
    (block drivers)).
  o dm integrity: fix integrity recalculation that is improperly skipped (git
    fixes (block drivers)).
  o dm rq: do not call blk_mq_queue_stopped() in dm_stop_queue() (git fixes
    (block drivers)).
  o dm writecache: add cond_resched to loop in persistent_memory_claim() (git
    fixes (block drivers)).
  o dm writecache: correct uncommitted_block when discarding uncommitted entry
    (git fixes (block drivers)).
  o dm zoned: assign max_io_len correctly (git fixes (block drivers)).
  o dpaa2-eth: Fix passing zero to 'PTR_ERR' warning
    (networking-stable-20_08_08).
  o dpaa_eth: Fix one possible memleak in dpaa_eth_probe (bsc#1175996).
  o driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (bsc#1176486 ltc#188130).
  o Drivers: hv: Specify receive buffer size using Hyper-V page size (bsc#
    1176877).
  o Drivers: hv: vmbus: Add timeout to vmbus_wait_for_unload (git-fixes).
  o Drivers: hv: vmbus: hibernation: do not hang forever in vmbus_bus_resume()
    (git-fixes).
  o drivers/net/wan/x25_asy: Fix to make it work (networking-stable-20_07_29).
  o drm/amd/display: fix ref count leak in amdgpu_drm_ioctl (git-fixes).
  o drm/amd/display: Switch to immediate mode for updating infopackets
    (git-fixes).
  o drm/amdgpu/display: fix ref count leak when pm_runtime_get_sync fails
    (git-fixes).
  o drm/amdgpu: Fix buffer overflow in INFO ioctl (git-fixes).
  o drm/amdgpu: fix ref count leak in amdgpu_display_crtc_set_config
    (git-fixes).
  o drm/amdgpu: fix ref count leak in amdgpu_driver_open_kms (git-fixes).
  o drm/amdgpu/gfx10: refine mgcg setting (git-fixes).
  o drm/amdkfd: Fix reference count leaks (git-fixes).
  o drm/amd/pm: correct the thermal alert temperature limit settings
    (git-fixes).
  o drm/amd/pm: correct Vega10 swctf limit setting (git-fixes).
  o drm/amd/pm: correct Vega12 swctf limit setting (git-fixes).
  o drm/amd/pm: correct Vega20 swctf limit setting (git-fixes).
  o drm/amd/powerplay: correct UVD/VCE PG state on custom pptable uploading
    (git-fixes).
  o drm/amd/powerplay: correct Vega20 cached smu feature state (git-fixes).
  o drm/amd/powerplay: Fix hardmins not being sent to SMU for RV (git-fixes).
  o drm/ast: Initialize DRAM type before posting GPU (bsc#1152472) * context
    changes
  o drm/mgag200: Remove declaration of mgag200_mmap() from header file (bsc#
    1152472) * context changes
  o drm/msm/a6xx: fix crashdec section name typo (git-fixes).
  o drm/msm/adreno: fix updating ring fence (git-fixes).
  o drm/msm/gpu: make ringbuffer readonly (git-fixes).
  o drm/nouveau/drm/noveau: fix reference count leak in nouveau_fbcon_open
    (git-fixes).
  o drm/nouveau: Fix reference count leak in nouveau_connector_detect
    (git-fixes).
  o drm/nouveau: fix reference count leak in nv50_disp_atomic_commit
    (git-fixes).
  o drm/radeon: fix multiple reference count leak (git-fixes).
  o drm/radeon: Prefer lower feedback dividers (git-fixes).
  o drm/sched: Fix passing zero to 'PTR_ERR' warning v2 (git-fixes).
  o drm/sun4i: add missing put_device() call in (bsc#1152472)
  o drm/sun4i: backend: Disable alpha on the lowest plane on the A20 (bsc#
    1152472)
  o drm/sun4i: backend: Support alpha property on lowest plane (bsc#1152472)
  o drm/sun4i: Fix dsi dcs long write function (bsc#1152472)
  o drm/virtio: fix missing dma_fence_put() in (bsc#1152489) * context changes
  o drm/xen-front: Fix misused IS_ERR_OR_NULL checks (bsc#1065600).
  o EDAC/amd64: Add AMD family 17h model 60h PCI IDs (bsc#1152489).
  o EDAC/amd64: Read back the scrub rate PCI register on F15h (bsc#1152489).
  o EDAC: Fix reference count leaks (bsc#1152489).
  o efi: Add support for EFI_RT_PROPERTIES table (bsc#1174029, bsc#1174110, bsc
    #1174111).
  o efi: avoid error message when booting under Xen (bsc#1172419).
  o efi/efivars: Expose RT service availability via efivars abstraction (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o efi: libstub/tpm: enable tpm eventlog function for ARM platforms (bsc#
    1173267).
  o efi: Mark all EFI runtime services as unsupported on non-EFI boot (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o efi: Register EFI rtc platform device only when available (bsc#1174029, bsc
    #1174110, bsc#1174111).
  o efi: Store mask of supported runtime services in struct efi (bsc#1174029,
    bsc#1174110, bsc#1174111).
  o efi: Use EFI ResetSystem only when available (bsc#1174029, bsc#1174110, bsc
    #1174111).
  o efi: Use more granular check for availability for variable services (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o enetc: Remove the mdio bus on PF probe bailout
    (networking-stable-20_07_29).
  o epoll: atomically remove wait entry on wake up (bsc#1176236).
  o epoll: call final ep_events_available() check under the lock (bsc#1176237).
  o ext4: handle read only external journal device (bsc#1176063).
  o fbcon: prevent user font height or width change from causing potential
    out-of-bounds access (git-fixes).
  o felix: Fix initialization of ioremap resources (bsc#1175997).
  o Fix build error when CONFIG_ACPI is not set/enabled: (bsc#1065600).
  o HID: core: Add printk_once variants to hid_warn() etc (bsc#1176775).
  o HID: core: Correctly handle ReportSize being zero (git-fixes).
  o HID: core: fix dmesg flooding if report field larger than 32bit (bsc#
    1176775).
  o HID: core: reformat and reduce hid_printk macros (bsc#1176775).
  o HID: core: Sanitize event code and type when mapping input (git-fixes).
  o HID: elan: Fix memleak in elan_input_configured (git-fixes).
  o HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
    (git-fixes).
  o HID: i2c-hid: Always sleep 60ms after I2C_HID_PWR_ON commands (git-fixes).
  o HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller
    (git-fixes).
  o HID: quirks: add NOGET quirk for Logitech GROUP (git-fixes).
  o HID: quirks: Always poll three more Lenovo PixArt mice (git-fixes).
  o HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices
    (git-fixes).
  o hsr: use netdev_err() instead of WARN_ONCE() (bsc#1176659).
  o hv_netvsc: do not use VF device if link is down (git-fixes).
  o hv_netvsc: Fix the queue_mapping in netvsc_vf_xmit() (git-fixes).
  o hv_netvsc: Remove "unlikely" from netvsc_select_queue (git-fixes).
  o hv_utils: drain the timesync packets on onchannelcallback (bsc#1176877).
  o hv_utils: return error if host timesysnc update is stale (bsc#1176877).
  o i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).
  o i2c: core: Do not fail PRP0001 enumeration when no ID table exist
    (git-fixes).
  o i2c: i801: Fix resume bug (git-fixes).
  o i2c: mxs: use MXS_DMA_CTRL_WAIT4END instead of DMA_CTRL_ACK (git-fixes).
  o i2c: rcar: in slave mode, clear NACK earlier (git-fixes).
  o i40e: Fix crash during removing i40e driver (git-fixes).
  o i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (git-fixes).
  o ibmvnic: add missing parenthesis in do_reset() (bsc#1176700 ltc#188140).
  o iio:accel:bmc150-accel: Fix timestamp alignment and prevent data leak
    (git-fixes).
  o iio: accel: kxsd9: Fix alignment of local buffer (git-fixes).
  o iio:accel:mma7455: Fix timestamp alignment and prevent data leak
    (git-fixes).
  o iio:accel:mma8452: Fix timestamp alignment and prevent data leak
    (git-fixes).
  o iio:adc:ina2xx Fix timestamp alignment issue (git-fixes).
  o iio:adc:max1118 Fix alignment of timestamp and data leak issues
    (git-fixes).
  o iio: adc: mcp3422: fix locking on error path (git-fixes).
  o iio: adc: mcp3422: fix locking scope (git-fixes).
  o iio:adc:ti-adc081c Fix alignment and data leak issues (git-fixes).
  o iio:adc:ti-adc084s021 Fix alignment and data leak issues (git-fixes).
  o iio: adc: ti-ads1015: fix conversion when CONFIG_PM is not set (git-fixes).
  o iio:chemical:ccs811: Fix timestamp alignment and prevent data leak
    (git-fixes).
  o iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()
    (git-fixes).
  o iio:light:ltr501 Fix timestamp alignment issue (git-fixes).
  o iio:light:max44000 Fix timestamp alignment and prevent data leak
    (git-fixes).
  o iio:magnetometer:ak8975 Fix alignment and data leak issues (git-fixes).
  o iio:proximity:mb1232: Fix timestamp alignment and prevent data leak
    (git-fixes).
  o include/asm-generic/vmlinux.lds.h: align ro_after_init (git-fixes).
  o include/linux/bitops.h: avoid clang shift-count-overflow warnings
    (git-fixes).
  o include/linux/poison.h: remove obsolete comment (git-fixes).
  o infiniband: hfi1: Use EFI GetVariable only when available (bsc#1174029, bsc
    #1174110, bsc#1174111).
  o initramfs: remove clean_rootfs (git-fixes).
  o initramfs: remove the populate_initrd_image and clean_rootfs stubs
    (git-fixes).
  o Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists
    (git-fixes).
  o Input: trackpoint - add new trackpoint variant IDs (git-fixes).
  o integrity: Check properly whether EFI GetVariable() is available (bsc#
    1174029, bsc#1174110, bsc#1174111).
  o iommu/amd: Do not force direct mapping when SME is active (bsc#1174358).
  o iommu/amd: Do not use IOMMUv2 functionality when SME is active (bsc#
    1174358).
  o iommu/amd: Print extended features in one line to fix divergent log levels
    (bsc#1176357).
  o iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (bsc#1176358).
  o iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (bsc#1176359).
  o iommu/omap: Check for failure of a call to omap_iommu_dump_ctx (bsc#
    1176360).
  o iommu/vt-d: Fix PASID devTLB invalidation (bsc#1176361).
  o iommu/vt-d: Handle 36bit addressing for x86-32 (bsc#1176362).
  o iommu/vt-d: Handle non-page aligned address (bsc#1176367).
  o iommu/vt-d: Remove global page support in devTLB flush (bsc#1176363).
  o iommu/vt-d: Serialize IOMMU GCMD register modifications (bsc#1176364).
  o iommu/vt-d: Support flushing more translation cache types (bsc#1176365).
  o ipv4: Silence suspicious RCU usage warning (networking-stable-20_08_08).
  o ipv6: fix memory leaks on IPV6_ADDRFORM path (networking-stable-20_08_08).
  o ipv6: Fix nexthop refcnt leak when creating ipv6 route info
    (networking-stable-20_08_08).
  o irqdomain/treewide: Free firmware node after domain removal (git-fixes).
  o irqdomain/treewide: Keep firmware node unconditionally allocated
    (git-fixes).
  o kABI: Fix kABI after EFI_RT_PROPERTIES table backport (bsc#1174029, bsc#
    1174110, bsc#1174111).
  o kABI: net: dsa: microchip: call phy_remove_link_mode during probe (kabi).
  o kabi/severities: ignore kABI for net/ethernet/mscc/ References: bsc#
    1176001,bsc#1175999 Exported symbols from drivers/net/ethernet/mscc/ are
    only used by drivers/net/dsa/ocelot/
  o kernel/cpu_pm: Fix uninitted local in cpu_pm (git fixes (kernel/pm)).
  o kernel-syms.spec.in: Also use bz compression (boo#1175882).
  o libnvdimm: cover up struct nvdimm changes (bsc#1171742).
  o libnvdimm: cover up nvdimm_security_ops changes (bsc#1171742).
  o libnvdimm/security: fix a typo (bsc#1171742 bsc#1167527).
  o libnvdimm/security: Introduce a 'frozen' attribute (bsc#1171742).
  o libbpf: Fix readelf output parsing on powerpc with recent binutils (bsc#
    1155518).
  o libbpf: Fix readelf output parsing for Fedora (bsc#1155518).
  o libata: implement ATA_HORKAGE_MAX_TRIM_128M and apply to Sandisks (jsc#
    SLE-14459).
  o lib/mpi: Add mpi_sub_ui() (bsc#1175718).
  o md: raid0/linear: fix dereference before null check on pointer mddev (git
    fixes (block drivers)).
  o media: cedrus: Add missing v4l2_ctrl_request_hdl_put() (git-fixes).
  o media: davinci: vpif_capture: fix potential double free (git-fixes).
  o media: gpio-ir-tx: improve precision of transmitted signal due to
    scheduling (git-fixes).
  o media: pci: ttpci: av7110: fix possible buffer overflow caused by bad DMA
    value in debiirq() (git-fixes).
  o mei: fix CNL itouch device number to match the spec (bsc#1175952).
  o mei: me: disable mei interface on LBG servers (bsc#1175952).
  o mei: me: disable mei interface on Mehlow server platforms (bsc#1175952).
  o mfd: intel-lpss: Add Intel Emmitsburg PCH PCI IDs (git-fixes).
  o mlx4: disable device on shutdown (git-fixes).
  o mlxsw: destroy workqueue when trap_register in mlxsw_emad_init
    (networking-stable-20_07_29).
  o mmc: dt-bindings: Add resets/reset-names for Mediatek MMC bindings
    (git-fixes).
  o mmc: mediatek: add optional module reset property (git-fixes).
  o mmc: sdhci-acpi: Clear amd_sdhci_host on reset (git-fixes).
  o mmc: sdhci-acpi: Fix HS400 tuning for AMDI0040 (git-fixes).
  o mmc: sdhci-msm: Add retries when all tuning phases are found valid
    (git-fixes).
  o mmc: sdhci-of-esdhc: Do not walk device-tree on every interrupt
    (git-fixes).
  o mmc: sdio: Use mmc_pre_req() / mmc_post_req() (git-fixes).
  o mm: limit boost_watermark on small zones (git fixes (mm/pgalloc)).
  o mm, page_alloc: fix core hung in free_pcppages_bulk() (git fixes (mm/
    pgalloc)).
  o mm/page_alloc: silence a KASAN false positive (git fixes (mm/pgalloc)).
  o mm: remove VM_BUG_ON(PageSlab()) from page_mapcount() (git fixes (mm/
    compaction)).
  o mm/shuffle: do not move pages between zones and do not read garbage memmaps
    (git fixes (mm/pgalloc)).
  o mm/sparse: rename pfn_present() to pfn_in_present_section() (git fixes (mm/
    pgalloc)).
  o mm, thp: fix defrag setting if newline is not used (git fixes (mm/thp)).
  o net: dsa: felix: send VLANs on CPU port as egress-tagged (bsc#1175998).
  o net: dsa: microchip: call phy_remove_link_mode during probe
    (networking-stable-20_07_29).
  o net: dsa: ocelot: the MAC table on Felix is twice as large (bsc#1175999).
  o net: enetc: fix an issue about leak system resources (bsc#1176000).
  o net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init()
    (git-fixes).
  o net: ethernet: mtk_eth_soc: fix MTU warnings (networking-stable-20_08_08).
  o netfilter: ipset: Fix forceadd evaluation path (bsc#1176587).
  o net: Fix potential memory leak in proto_register()
    (networking-stable-20_08_15).
  o net: gre: recompute gre csum for sctp over gre tunnels
    (networking-stable-20_08_08).
  o net: initialize fastreuse on inet_inherit_port
    (networking-stable-20_08_15).
  o net: mscc: ocelot: fix untagged packet drops when enslaving to vlan aware
    bridge (bsc#1176001).
  o net/nfc/rawsock.c: add CAP_NET_RAW check (networking-stable-20_08_15).
  o net: refactor bind_bucket fastreuse into helper
    (networking-stable-20_08_15).
  o net: sched: initialize with 0 before setting erspan md->u (bsc#1154353).
  o net: Set fput_needed iff FDPUT_FPUT is set (networking-stable-20_08_15).
  o net/smc: put slot when connection is killed (git-fixes).
  o net-sysfs: add a newline when printing 'tx_timeout' by sysfs
    (networking-stable-20_07_29).
  o net: thunderx: use spin_lock_bh in nicvf_set_rx_mode_task()
    (networking-stable-20_08_08).
  o net/tls: Fix kmap usage (networking-stable-20_08_15).
  o net: udp: Fix wrong clean up for IS_UDPLITE macro
    (networking-stable-20_07_29).
  o NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).
  o nvme-fc: set max_segments to lldd max value (bsc#1176038).
  o nvme-pci: override the value of the controller's numa node (bsc#1176507).
  o obsolete_kmp: provide newer version than the obsoleted one (boo#1170232).
  o omapfb: fix multiple reference count leaks due to pm_runtime_get_sync
    (git-fixes).
  o openvswitch: Prevent kernel-infoleak in ovs_ct_put_key()
    (networking-stable-20_08_08).
  o PCI: Add device even if driver attach failed (git-fixes).
  o PCI: Avoid Pericom USB controller OHCI/EHCI PME# defect (git-fixes).
  o PCI: Fix pci_create_slot() reference count leak (git-fixes).
  o PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (git-fixes).
  o platform/x86: dcdbas: Check SMBIOS for protected buffer address (jsc#
    SLE-14407).
  o PM: sleep: core: Fix the handling of pending runtime resume requests
    (git-fixes).
  o powerpc/64: mark emergency stacks valid to unwind (bsc#1156395).
  o powerpc/64s: machine check do not trace real-mode handler (bsc#1094244 ltc#
    168122).
  o powerpc/64s: machine check interrupt update NMI accounting (bsc#1094244 ltc
    #168122).
  o powerpc: Add cputime_to_nsecs() (bsc#1065729).
  o powerpc/book3s64/radix: Add kernel command line option to disable radix
    GTSE (bsc#1055186 ltc#153436 jsc#SLE-13512).
  o powerpc/book3s64/radix: Fix boot failure with large amount of guest memory
    (bsc#1176022 ltc#187208).
  o powerpc: Do not flush caches when adding memory (bsc#1176980 ltc#187962).
  o powerpc: Implement ftrace_enabled() helpers (bsc#1094244 ltc#168122).
  o powerpc/kernel: Cleanup machine check function declarations (bsc#1065729).
  o powerpc/kernel: Enables memory hot-remove after reboot on pseries guests
    (bsc#1177030 ltc#187588).
  o powerpc/mm: Enable radix GTSE only if supported (bsc#1055186 ltc#153436 jsc
    #SLE-13512).
  o powerpc/mm: Limit resize_hpt_for_hotplug() call to hash guests only (bsc#
    1177030 ltc#187588).
  o powerpc/mm/radix: Create separate mappings for hot-plugged memory (bsc#
    1055186 ltc#153436).
  o powerpc/mm/radix: Fix PTE/PMD fragment count for early page table mappings
    (bsc#1055186 ltc#153436).
  o powerpc/mm/radix: Free PUD table when freeing pagetable (bsc#1055186 ltc#
    153436).
  o powerpc/mm/radix: Remove split_kernel_mapping() (bsc#1055186 ltc#153436).
  o powerpc/numa: Early request for home node associativity (bsc#1171068 ltc#
    183935).
  o powerpc/numa: Offline memoryless cpuless node 0 (bsc#1171068 ltc#183935).
  o powerpc/numa: Prefer node id queried from vphn (bsc#1171068 ltc#183935).
  o powerpc/numa: Set numa_node for all possible cpus (bsc#1171068 ltc#183935).
  o powerpc/numa: Use cpu node map of first sibling thread (bsc#1171068 ltc#
    183935).
  o powerpc/papr_scm: Limit the readability of 'perf_stats' sysfs attribute
    (bsc#1176486 ltc#188130).
  o powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1156395).
  o powerpc/prom: Enable Radix GTSE in cpu pa-features (bsc#1055186 ltc#153436
    jsc#SLE-13512).
  o powerpc/pseries: Limit machine check stack to 4GB (bsc#1094244 ltc#168122).
  o powerpc/pseries: Machine check use rtas_call_unlocked() with args on stack
    (bsc#1094244 ltc#168122).
  o powerpc/pseries/ras: Avoid calling rtas_token() in NMI paths (bsc#1094244
    ltc#168122).
  o powerpc/pseries/ras: Fix FWNMI_VALID off by one (bsc#1094244 ltc#168122).
  o powerpc/pseries/ras: fwnmi avoid modifying r3 in error case (bsc#1094244
    ltc#168122).
  o powerpc/pseries/ras: fwnmi sreset should not interlock (bsc#1094244 ltc#
    168122).
  o powerpc/traps: Do not trace system reset (bsc#1094244 ltc#168122).
  o powerpc/traps: Make unrecoverable NMIs die instead of panic (bsc#1094244
    ltc#168122).
  o powerpc/xmon: Use `dcbf` inplace of `dcbi` instruction for 64bit Book3S
    (bsc#1065729).
  o qrtr: orphan socket in qrtr_release() (networking-stable-20_07_29).
  o RDMA/bnxt_re: Do not report transparent vlan from QP1 (bsc#1173017).
  o RDMA/bnxt_re: Fix the qp table indexing (bsc#1173017).
  o RDMA/bnxt_re: Remove set but not used variable 'qplib_ctx' (bsc#1170774).
  o RDMA/bnxt_re: Remove the qp from list only if the qp destroy succeeds (bsc#
    1170774).
  o RDMA/bnxt_re: Restrict the max_gids to 256 (bsc#1173017).
  o RDMA/bnxt_re: Static NQ depth allocation (bsc#1170774).
  o RDMA/mlx4: Read pkey table length instead of hardcoded value (git-fixes).
  o RDMA/siw: Suppress uninitialized var warning (jsc#SLE-8381).
  o regulator: core: Fix slab-out-of-bounds in regulator_unlock_recursive()
    (git-fixes).
  o regulator: fix memory leak on error path of regulator_register()
    (git-fixes).
  o regulator: plug of_node leak in regulator_register()'s error path
    (git-fixes).
  o regulator: push allocation in regulator_ena_gpio_request() out of lock
    (git-fixes).
  o regulator: push allocation in regulator_init_coupling() outside of lock
    (git-fixes).
  o regulator: push allocation in set_consumer_device_supply() out of lock
    (git-fixes).
  o regulator: push allocations in create_regulator() outside of lock
    (git-fixes).
  o regulator: pwm: Fix machine constraints application (git-fixes).
  o regulator: remove superfluous lock in regulator_resolve_coupling()
    (git-fixes).
  o Revert "xen/balloon: Fix crash when ballooning on x86 32 bit PAE" (bsc#
    1065600).
  o rpadlpar_io: Add MODULE_DESCRIPTION entries to kernel modules (bsc#1176869
    ltc#188243).
  o rpm/kernel-binary.spec.in: Also sign ppc64 kernels (jsc#SLE-15857 jsc#
    SLE-13618).
  o rpm/kernel-binary.spec.in: pack .ipa-clones files for live patching When
    -fdump-ipa-clones option is enabled, GCC reports about its cloning
    operation during IPA optimizations. We use the information for live patches
    preparation, because it is crucial to know if and how functions are
    optimized. Currently, we create the needed .ipa-clones dump files manually.
    It is unnecessary, because the files may be created automatically during
    our kernel build. Prepare for the step and provide the resulting files in
    -livepatch-devel package.
  o rpm/kernel-cert-subpackage: add CA check on key enrollment (bsc#1173115) To
    avoid the unnecessary key enrollment, when enrolling the signing key of the
    kernel package, "--ca-check" is added to mokutil so that mokutil will
    ignore the request if the CA of the signing key already exists in MokList
    or UEFI db. Since the macro, %_suse_kernel_module_subpackage, is only
    defined in a kernel module package (KMP), it's used to determine whether
    the %post script is running in a kernel package, or a kernel module
    package.
  o rpm/kernel-source.spec.in: Also use bz compression (boo#1175882).
  o rpm/macros.kernel-source: pass -c proerly in kernel module package (bsc#
    1176698) The "-c" option wasn't passed down to %_kernel_module_package so
    the ueficert subpackage wasn't generated even if the certificate is
    specified in the spec file.
  o rtlwifi: rtl8192cu: Prevent leaking urb (git-fixes).
  o rxrpc: Fix race between recvmsg and sendmsg on immediate call failure
    (networking-stable-20_08_08).
  o rxrpc: Fix sendmsg() returning EPIPE due to recvmsg() returning ENODATA
    (networking-stable-20_07_29).
  o s390: Change s390_kernel_write() return type to match memcpy() (bsc#
    1176449). Prerequisite for bsc#1176449.
  o s390/dasd: fix inability to use DASD with DIAG driver (git-fixes).
  o s390: fix GENERIC_LOCKBREAK dependency typo in Kconfig (git-fixes).
  o s390/maccess: add no DAT mode to kernel_write (bsc#1176449).
  o s390/mm: fix huge pte soft dirty copying (git-fixes).
  o s390/qeth: do not process empty bridge port events (git-fixes).
  o s390/qeth: integrate RX refill worker with NAPI (git-fixes).
  o s390/qeth: tolerate pre-filled RX buffer (git-fixes).
  o s390/setup: init jump labels before command line parsing (git-fixes).
  o sbitmap: Consider cleared bits in sbitmap_bitmap_show() (git fixes (block
    drivers)).
  o sched: Add a tracepoint to track rq->nr_running (bnc#1155798 (CPU scheduler
    functional and performance backports)).
  o sched: Better document ttwu() (bnc#1155798 (CPU scheduler functional and
    performance backports)).
  o sched/cputime: Improve cputime_adjust() (bnc#1155798 (CPU scheduler
    functional and performance backports)).
  o sched/debug: Add new tracepoints to track util_est (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o sched/debug: Fix the alignment of the show-state debug output (bnc#1155798
    (CPU scheduler functional and performance backports)).
  o sched/fair: fix NOHZ next idle balance (bnc#1155798 (CPU scheduler
    functional and performance backports)).
  o sched/fair: Remove unused 'sd' parameter from scale_rt_capacity() (bnc#
    1155798 (CPU scheduler functional and performance backports)).
  o sched/fair: update_pick_idlest() Select group with lowest group_util when
    idle_cpus are equal (bnc#1155798 (CPU scheduler functional and performance
    backports)).
  o sched: Fix use of count for nr_running tracepoint (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o sched: nohz: stop passing around unused "ticks" parameter (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o sched/numa: Check numa balancing information only when enabled (bsc#
    1176588).
  o sched/numa: Avoid creating large imbalances at task creation time (bsc#
    1176588).
  o sched/pelt: Remove redundant cap_scale() definition (bnc#1155798 (CPU
    scheduler functional and performance backports)).
  o scsi: fcoe: Memory leak fix in fcoe_sysfs_fcf_del() (bsc#1174899).
  o scsi: ibmvfc: Avoid link down on FS9100 canister reboot (bsc#1176962 ltc#
    188304).
  o scsi: ibmvfc: Use compiler attribute defines instead of __attribute__()
    (bsc#1176962 ltc#188304).
  o scsi: iscsi: Use EFI GetVariable only when available (bsc#1174029, bsc#
    1174110, bsc#1174111).
  o scsi: libfc: Fix for double free() (bsc#1174899).
  o scsi: libfc: Free skb in fc_disc_gpn_id_resp() for valid cases (bsc#
    1174899).
  o scsi: lpfc: Add and rename a whole bunch of function parameter descriptions
    (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
    jsc#SLE-15449).
  o scsi: lpfc: Add dependency on CPU_FREQ (git-fixes).
  o scsi: lpfc: Add description for lpfc_release_rpi()'s 'ndlpl param (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Add missing misc_deregister() for lpfc_init() (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Avoid another null dereference in lpfc_sli4_hba_unset() (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Correct some pretty obvious misdocumentation (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Ensure variable has the same stipulations as code using it (bsc
    #1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix a bunch of kerneldoc misdemeanors (bsc#1171558 bsc#1136666
    bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix FCoE speed reporting (bsc#1171558 bsc#1136666 bsc#1174486
    bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix kerneldoc parameter formatting/misnaming/missing issues
    (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796
    jsc#SLE-15449).
  o scsi: lpfc: Fix LUN loss after cable pull (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix no message shown for lpfc_hdw_queue out of range value (bsc
    #1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix oops when unloading driver while running mds diags (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix retry of PRLI when status indicates its unsupported (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix RSCN timeout due to incorrect gidft counter (bsc#1171558
    bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Fix setting IRQ affinity with an empty CPU mask (git-fixes).
  o scsi: lpfc: Fix some function parameter descriptions (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix typo in comment for ULP (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix-up around 120 documentation issues (bsc#1171558 bsc#1136666
    bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix-up formatting/docrot where appropriate (bsc#1171558 bsc#
    1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Fix validation of bsg reply lengths (bsc#1171558 bsc#1136666
    bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: NVMe remote port devloss_tmo from lldd (bcs#1173060 bsc#1171558
    bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: nvmet: Avoid hang / use-after-free again when destroying
    targetport (bsc#1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc
    #SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Provide description for lpfc_mem_alloc()'s 'align' param (bsc#
    1171558 bsc#1136666 bsc#1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#
    SLE-15449).
  o scsi: lpfc: Quieten some printks (bsc#1171558 bsc#1136666 bsc#1174486 bsc#
    1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Remove unused variable 'pg_addr' (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Update lpfc version to 12.8.0.3 (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: lpfc: Use __printf() format notation (bsc#1171558 bsc#1136666 bsc#
    1174486 bsc#1175787 bsc#1171000 jsc#SLE-15796 jsc#SLE-15449).
  o scsi: qla2xxx: Fix regression on sparc64 (git-fixes).
  o scsi: qla2xxx: Fix the return value (bsc#1171688).
  o scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (bsc#
    1171688).
  o scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (bsc#
    1171688).
  o scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (bsc#
    1171688).
  o scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle()
    (bsc#1171688).
  o scsi: qla2xxx: Remove pci-dma-compat wrapper API (bsc#1171688).
  o scsi: qla2xxx: Remove redundant variable initialization (bsc#1171688).
  o scsi: qla2xxx: Remove superfluous memset() (bsc#1171688).
  o scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle()
    (bsc#1171688).
  o scsi: qla2xxx: Suppress two recently introduced compiler warnings
    (git-fixes).
  o scsi: qla2xxx: Warn if done() or free() are called on an already freed srb
    (bsc#1171688).
  o scsi: zfcp: Fix use-after-free in request timeout handlers (git-fixes).
  o sctp: shrink stream outq only when new outcnt

Read More

The post ESB-2020.3505 – [SUSE] Linux Kernel: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/12/esb-2020-3505-suse-linux-kernel-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3505-suse-linux-kernel-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.3504 – [SUSE] tigervnc: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3504
                       Security update for tigervnc
                              12 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           tigervnc
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Provide Misleading Information -- Remote with User Interaction
                   Access Confidential Data       -- Remote with User Interaction
                   Reduced Security               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-26117  

Reference:         ESB-2020.3457

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20202882-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20202881-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20202880-1

Comment: This bulletin contains three (3) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for tigervnc

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2882-1
Rating:            critical
References:        #1176733
Cross-References:  CVE-2020-26117
Affected Products:
                   SUSE Linux Enterprise Server for SAP 15
                   SUSE Linux Enterprise Server 15-LTSS
                   SUSE Linux Enterprise High Performance Computing 15-LTSS
                   SUSE Linux Enterprise High Performance Computing 15-ESPOS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for tigervnc fixes the following issues:

  o CVE-2020-26117: Server certificates were stored as certiticate authorities,
    allowing malicious owners of these certificates to impersonate any server
    after a client had added an exception (bsc#1176733)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Server for SAP 15:
    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-2882=1
  o SUSE Linux Enterprise Server 15-LTSS:
    zypper in -t patch SUSE-SLE-Product-SLES-15-2020-2882=1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2882=1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS:
    zypper in -t patch SUSE-SLE-Product-HPC-15-2020-2882=1

Package List:

  o SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
       libXvnc1-1.8.0-13.14.1
       libXvnc1-debuginfo-1.8.0-13.14.1
       tigervnc-1.8.0-13.14.1
       tigervnc-debuginfo-1.8.0-13.14.1
       tigervnc-debugsource-1.8.0-13.14.1
       xorg-x11-Xvnc-1.8.0-13.14.1
       xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1
  o SUSE Linux Enterprise Server for SAP 15 (noarch):
       xorg-x11-Xvnc-novnc-1.8.0-13.14.1
  o SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
       libXvnc1-1.8.0-13.14.1
       libXvnc1-debuginfo-1.8.0-13.14.1
       tigervnc-1.8.0-13.14.1
       tigervnc-debuginfo-1.8.0-13.14.1
       tigervnc-debugsource-1.8.0-13.14.1
       xorg-x11-Xvnc-1.8.0-13.14.1
       xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1
  o SUSE Linux Enterprise Server 15-LTSS (noarch):
       xorg-x11-Xvnc-novnc-1.8.0-13.14.1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
       libXvnc1-1.8.0-13.14.1
       libXvnc1-debuginfo-1.8.0-13.14.1
       tigervnc-1.8.0-13.14.1
       tigervnc-debuginfo-1.8.0-13.14.1
       tigervnc-debugsource-1.8.0-13.14.1
       xorg-x11-Xvnc-1.8.0-13.14.1
       xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1
  o SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
       xorg-x11-Xvnc-novnc-1.8.0-13.14.1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
       libXvnc1-1.8.0-13.14.1
       libXvnc1-debuginfo-1.8.0-13.14.1
       tigervnc-1.8.0-13.14.1
       tigervnc-debuginfo-1.8.0-13.14.1
       tigervnc-debugsource-1.8.0-13.14.1
       xorg-x11-Xvnc-1.8.0-13.14.1
       xorg-x11-Xvnc-debuginfo-1.8.0-13.14.1
  o SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
       xorg-x11-Xvnc-novnc-1.8.0-13.14.1


References:

  o https://www.suse.com/security/cve/CVE-2020-26117.html
  o https://bugzilla.suse.com/1176733

- -----------------------------------------------------------------------------------------------

SUSE Security Update: Security update for tigervnc

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2881-1
Rating:            critical
References:        #1176733
Cross-References:  CVE-2020-26117
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud 9
                   SUSE Linux Enterprise Server for SAP 12-SP4
                   SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Server 12-SP4-LTSS
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for tigervnc fixes the following issues:

  o CVE-2020-26117: Server certificates were stored as certiticate authorities,
    allowing malicious owners of these certificates to impersonate any server
    after a client had added an exception (bsc#1176733)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE OpenStack Cloud Crowbar 9:
    zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-2881=1
  o SUSE OpenStack Cloud 9:
    zypper in -t patch SUSE-OpenStack-Cloud-9-2020-2881=1
  o SUSE Linux Enterprise Server for SAP 12-SP4:
    zypper in -t patch SUSE-SLE-SAP-12-SP4-2020-2881=1
  o SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-2881=1
  o SUSE Linux Enterprise Server 12-SP4-LTSS:
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2020-2881=1

Package List:

  o SUSE OpenStack Cloud Crowbar 9 (x86_64):
       libXvnc1-1.6.0-22.17.1
       libXvnc1-debuginfo-1.6.0-22.17.1
       tigervnc-1.6.0-22.17.1
       tigervnc-debuginfo-1.6.0-22.17.1
       tigervnc-debugsource-1.6.0-22.17.1
       xorg-x11-Xvnc-1.6.0-22.17.1
       xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1
  o SUSE OpenStack Cloud 9 (x86_64):
       libXvnc1-1.6.0-22.17.1
       libXvnc1-debuginfo-1.6.0-22.17.1
       tigervnc-1.6.0-22.17.1
       tigervnc-debuginfo-1.6.0-22.17.1
       tigervnc-debugsource-1.6.0-22.17.1
       xorg-x11-Xvnc-1.6.0-22.17.1
       xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1
  o SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
       libXvnc1-1.6.0-22.17.1
       libXvnc1-debuginfo-1.6.0-22.17.1
       tigervnc-1.6.0-22.17.1
       tigervnc-debuginfo-1.6.0-22.17.1
       tigervnc-debugsource-1.6.0-22.17.1
       xorg-x11-Xvnc-1.6.0-22.17.1
       xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1
  o SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
       libXvnc1-1.6.0-22.17.1
       libXvnc1-debuginfo-1.6.0-22.17.1
       tigervnc-1.6.0-22.17.1
       tigervnc-debuginfo-1.6.0-22.17.1
       tigervnc-debugsource-1.6.0-22.17.1
       xorg-x11-Xvnc-1.6.0-22.17.1
       xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1
  o SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
       libXvnc1-1.6.0-22.17.1
       libXvnc1-debuginfo-1.6.0-22.17.1
       tigervnc-1.6.0-22.17.1
       tigervnc-debuginfo-1.6.0-22.17.1
       tigervnc-debugsource-1.6.0-22.17.1
       xorg-x11-Xvnc-1.6.0-22.17.1
       xorg-x11-Xvnc-debuginfo-1.6.0-22.17.1


References:

  o https://www.suse.com/security/cve/CVE-2020-26117.html
  o https://bugzilla.suse.com/1176733


- -----------------------------------------------------------------------------------------
SUSE Security Update: Security update for tigervnc

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:2880-1
Rating:            critical
References:        #1176733
Cross-References:  CVE-2020-26117
Affected Products:
                   SUSE Linux Enterprise Module for Desktop Applications 15-SP2
                   SUSE Linux Enterprise Module for Desktop Applications 15-SP1
                   SUSE Linux Enterprise Module for Basesystem 15-SP2
                   SUSE Linux Enterprise Module for Basesystem 15-SP1
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for tigervnc fixes the following issues:

  o CVE-2020-26117: Server certificates were stored as certiticate authorities,
    allowing malicious owners of these certificates to impersonate any server
    after a client had added an exception (bsc#1176733)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Linux Enterprise Module for Desktop Applications 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2020-2880=1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-2880=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-2880=1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2020-2880=1

Package List:

  o SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64
    ppc64le s390x x86_64):
       libXvnc-devel-1.9.0-19.9.1
       tigervnc-debuginfo-1.9.0-19.9.1
       tigervnc-debugsource-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64
    ppc64le s390x x86_64):
       libXvnc-devel-1.9.0-19.9.1
       tigervnc-debuginfo-1.9.0-19.9.1
       tigervnc-debugsource-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
    x86_64):
       libXvnc1-1.9.0-19.9.1
       libXvnc1-debuginfo-1.9.0-19.9.1
       tigervnc-1.9.0-19.9.1
       tigervnc-debuginfo-1.9.0-19.9.1
       tigervnc-debugsource-1.9.0-19.9.1
       xorg-x11-Xvnc-1.9.0-19.9.1
       xorg-x11-Xvnc-debuginfo-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le
    x86_64):
       xorg-x11-Xvnc-module-1.9.0-19.9.1
       xorg-x11-Xvnc-module-debuginfo-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
       xorg-x11-Xvnc-novnc-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le s390x
    x86_64):
       libXvnc1-1.9.0-19.9.1
       libXvnc1-debuginfo-1.9.0-19.9.1
       tigervnc-1.9.0-19.9.1
       tigervnc-debuginfo-1.9.0-19.9.1
       tigervnc-debugsource-1.9.0-19.9.1
       xorg-x11-Xvnc-1.9.0-19.9.1
       xorg-x11-Xvnc-debuginfo-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (aarch64 ppc64le
    x86_64):
       xorg-x11-Xvnc-module-1.9.0-19.9.1
       xorg-x11-Xvnc-module-debuginfo-1.9.0-19.9.1
  o SUSE Linux Enterprise Module for Basesystem 15-SP1 (noarch):
       xorg-x11-Xvnc-novnc-1.9.0-19.9.1


References:

  o https://www.suse.com/security/cve/CVE-2020-26117.html
  o https://bugzilla.suse.com/1176733

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4PKbONLKJtyKPYoAQgI5xAAnrhBLh972KTqXchASZ4mRqTQsfPpgi5h
9y7KSgnOZQSXmXBdUmhYF2RDyrh+XTxPKgaxCAgrbYll3gqPozL7GoOoxEg4pzrw
/hh6qZUaWq1dU0ThehCQoFvN0fa6Qr4oPpU6U0oklLC4tU/+oXKIM3LXClbJOnS/
zmP2zZLhCY16rTqXGwsB1ysAvTjiX8HUySxv9NNvm37aPSfWVR++2AdBNcMxuAbP
J2pZyVgU9UWT6O49R71lRp6yHXZ+qxJ6jOEz4pHAaUMJ8oCZ4n8Iliowt1N3PE80
Xc4K18pIcYPLiX9kkOqp6JIVrmAlprkH/yYsHhsdcAHlrsLjg8cI6cm1edDdx1Tm
u3R+w9b+utzTcNlucuD4csea/hiYE63YeeG4mtK3vvxUdt37zQl2wT3gcJ9/rS7G
Q97dc4FnHzmAJTb5oSNMit5e0v74dVxtu3wvZ56i7Hr+z9a/NE5bti2DNlHQWDsI
i36MTgrBJswkuZiMXm364N3iFXPQRKnEeZzo7dWCO5+W384TX9Y+nHOk+8mBZQz7
XRTKIGhHbN5hVBYfNxC/rPakBuzD7qXHOpTAILzOM9WwhBOkyimwz53Nbd5zKxen
XVy3nx+YaqF8mcZPlCVuuMIukmpFZ1C9CCE07ANVhNslZt74z1eUZ2Uf+WAIvZ68
xBg0NUgCenw=
=Jitc
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3504 – [SUSE] tigervnc: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/12/esb-2020-3504-suse-tigervnc-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3504-suse-tigervnc-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.3259.2 – UPDATE [Virtual] Citrix Hypervisor: Multiple vulnerabilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                              ESB-2020.3259.2
                     Citrix Hypervisor Security Update
                              12 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Citrix Hypervisor
Publisher:         Citrix
Operating System:  Citrix XenServer
Impact/Access:     Increased Privileges     -- Existing Account
                   Denial of Service        -- Existing Account
                   Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-25604 CVE-2020-25603 CVE-2020-25602
                   CVE-2020-25601 CVE-2020-25600 CVE-2020-25599
                   CVE-2020-25597 CVE-2020-25596 CVE-2020-25595

Reference:         ESB-2020.3251

Original Bulletin: 
   https://support.citrix.com/article/CTX282314

Revision History:  October   12 2020: Hotfix Update
                   September 24 2020: Initial Release

- --------------------------BEGIN INCLUDED TEXT--------------------

Citrix Hypervisor Security Update

Reference: CTX282314

Category : Medium

Created  : 23 Sep 2020

Modified : 09 Oct 2020

Applicable Products

  o Citrix Hypervisor
  o XenServer 7.1
  o XenServer 7.0

Description of Problem

Several security issues have been identified in Citrix Hypervisor (formerly
Citrix XenServer) that may allow privileged code in a guest VM to cause the
host to crash or become unresponsive. In addition, unprivileged code in a PV
guest VM may be able to cause that guest VM to crash.

These issues affect all currently supported versions of Citrix Hypervisor up to
and including Citrix Hypervisor 8.2 LTSR.

These issues have the following identifiers:

  o CVE-2020-25595
  o CVE-2020-25596
  o CVE-2020-25597
  o CVE-2020-25599
  o CVE-2020-25600
  o CVE-2020-25601
  o CVE-2020-25602
  o CVE-2020-25603
  o CVE-2020-25604

Mitigating Factors

What Customers Should Do

Citrix has released hotfixes to address these issues. Citrix recommends that
affected customers install these hotfixes as their patching schedule allows.
The hotfixes can be downloaded from the following locations:

Citrix Hypervisor 8.2 LTSR:XS82E007 - https://support.citrix.com/article/
CTX283446

Citrix Hypervisor 8.1:XS81E009 - https://support.citrix.com/article/CTX283445

Citrix XenServer 7.1 LTSR CU2:XS71ECU2047 - https://support.citrix.com/article/
CTX283444

Citrix XenServer 7.0:XS70E083 - https://support.citrix.com/article/CTX283443

A previous version of this bulletin had links to hotfixes that addressed
thesecurityissues but caused stability issues for some deployments that were
using the Hypervisor Introspection (HVI) functionality of Citrix Hypervisor.
Customers who are not using HVI functionality and who have already applied the
earlier updates need take no further action.

Acknowledgements

Changelog

+--------------------------+--------------------------------------------------+
|Date                      |Change                                            |
+--------------------------+--------------------------------------------------+
|2020-09-22                |Initial Publication                               |
+--------------------------+--------------------------------------------------+
|2020-10-09                |Hotfix Update                                     |
+--------------------------+--------------------------------------------------+

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4PKuONLKJtyKPYoAQje9g//S0fMDlOYh3BDLNhtEZisa1kqz/BLq+ri
/tfxDIcSfC0XqE8yH65oo7wrHz8aN6GOSXD72xCIjGfjbUCvtF7UBPltkYnxfD+N
0fiNFw++/5Ggb9D6e438fkNKZmheCVuxtoDnTuXhQVXDZyyZYU8OZucAG9Em5/DQ
xV7AB+1JvX1HX2m7O9NiXN+k1xFB9TXn0zFfEMg3ywG8TKLlnIY8V4qXK+Vuqt5h
iTpPFKgC38epgkgH/bLGbTnpza5Ay/nWstUo5r+asx8XObyYm/02Hy29bat4GUOC
skhgE3nDleCn4+Gyz4Pw/08DeJNf0h+csg+AYQRNqQ3AitN+AtnBsKgRlmzrA4mW
MTUYqzC6pXjT9XLYSx/XmZFe7ht7WqiLG3H2f7SZlqwGOYVhjJFd7JJ90jNLc8Rj
ho3rQ4nrRPmtmKmj9gJjtOo+RfoBkwPvdIdLhVI5qBUdDyPSACeJlYXXVA3kcXVO
FfqyS7iR0gmZoDOfMFHEjCq7Fgcg1PhI9F+nvQLeMw7LhvQLOSoOpWYKqSkw6rtO
R7u1w8XNAjZIJxRR2m4YiYhWdBHuf+S4/oz8h+KfDzVgK0ZlLlOL9sYSI0wYMeif
6/HY2HTs1CwXwVH/tfZG/OQwBYsTGQ6J+SbzbG0aBHW5EPze7XHLd0NccdGi/oIw
pl8tqa3GW9Q=
=wTlG
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3259.2 – UPDATE [Virtual] Citrix Hypervisor: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/12/esb-2020-3259-2-update-virtual-citrix-hypervisor-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3259-2-update-virtual-citrix-hypervisor-multiple-vulnerabilities
at No comments:
Labels:

ESB-2020.3503 – [Debian] spice: Multiple vulnerebilities 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.3503
                           spice security update
                              12 October 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           spice
Publisher:         Debian
Operating System:  Debian GNU/Linux 10
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account
                   Denial of Service               -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-14355  

Reference:         ESB-2020.3456.2
                   ESB-2020.3455

Original Bulletin: 
   http://www.debian.org/security/2020/dsa-4771

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4771-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
October 11, 2020                      https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : spice
CVE ID         : CVE-2020-14355
Debian Bug     : 971750

Frediano Ziglio discovered multiple buffer overflow vulnerabilities in
the QUIC image decoding process of spice, a SPICE protocol client and
server library, which could result in denial of service, or possibly,
execution of arbitrary code.

For the stable distribution (buster), this problem has been fixed in
version 0.14.0-1.3+deb10u1.

We recommend that you upgrade your spice packages.

For the detailed security status of spice please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/spice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+DCq9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QUNw/8DZv5zKZL4uCtYNOff8sVC7/MN5yQeWsnQ/cfC0/d+5L8d+B5aTu05gbJ
2F3VtbctkD/9VR2ugJkvsxq8hsgGRNPSy7izCmchCzAxWf7jpiFBt8b41bVK2mkq
pPcg8GvC2S2Lg05ULu4inrq1LvnvVSe6VcGOY68FdY8UoIaXqzYgqKBC6FyDfOgd
6mYBEwQ+nzXkX9AJsZgPrL480zMrU6pdfyTf+1Sx/FhJai0tal6azvZovcytCsej
gPNnEeWxIv1UhccJT/y48ILCbuFoA1aBHH3PhAOLr5HO1Q/HuSNbJ/ByLU7RtRMG
dKbyzeX43qE2kdFs8ZzkyiUxmM9PjUKzDeAbc4sdaJWAztM6kDl5orOAEDOe30v+
K4AwqY/Ru+EOzmimx7nS2A/2jHY0/Tx8CKJSQW8FvvXWC5TH6QTbSQIZ+gX3zyTs
nRKvKBzInWOP3zzKtFZhpdYaYJhzL/J3mRWNnmfZ7HAyyqJOBRWArfsIuS8aQz4K
0oX6fZdAYIocdGxQbEoE46KbMwjZ2jMitvRQAxpa7NlU2tS/cbbkSYfnc38nblst
vQZcg9/p0v6inXTZu9ABAVb8uFoe5YLkSabOG82xafTqJ7U6Kn9BaXmvS6C4cxxO
di/eXfkGmOpn7QkxPeASWQOegYPz0w9e6ElzwWrrelJbw02Losw=
=Rzxi
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX4O5TONLKJtyKPYoAQjPSA/7BLZnh5JflgQKiN9efU3y6iI+ZYB3ZTCB
H/MJXTkBe2xrOnArS9puiIHfr2nVG46PksJMCucWLXF8TEZA4bEs3JxpOYPX723j
kJEdZ2qBHgqnDgB8PxOuEdFmi0pwrVj+Ad4QR3OCwtcGIPL2Nbc8d6lf5ZlPtWgd
2KG8jb6FC+YoquAmTY2arRsDAKYsGEiIE52r1j5vEkXojG5skv2MuIu/4Y3XNjHX
jB26yFVpD2ZU//34Up+RjGKu1bQke/IIUyx/+q5iwcFV5+PnntoeF2mt6Y/3NkGh
8UwU3sV5ynwjnSX6HVY18CeC6PycqWHM5zrEckqHS3osdtOCk/zY/qosbv066odq
2ATFLtDhRU64Su174OyI2FYTEMl6Gzh6DjZqDzueAlOFwT0J+saRjhzdnFhi7KRb
dwKxW225oCR01/X7QkgKHE7of4W8Nk3GV4+LZDzklaBGqRcXsMvD8E7vOVbQo/H2
kRRYgmKQXkTNzxgo4j4QnDDmB7EVc/Lldpyw++VLdJSpw06GyWns2lReR0QYqmIW
ExtfE3gDNHXlDLizT58PE05fli1yZ24v05wZZnD1gIMoySkQTKDfm07FowCKM7Eh
hc9a6SlgfGrjZSk69pZOG/3O9JdZWtzO7Oq7gj69dO0ORfeMU9ok7KhrZ601PmZO
JR0jGrTbjVE=
=cUaD
-----END PGP SIGNATURE-----

Read More

The post ESB-2020.3503 – [Debian] spice: Multiple vulnerebilities appeared first on Malware Devil.



https://malwaredevil.com/2020/10/12/esb-2020-3503-debian-spice-multiple-vulnerebilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2020-3503-debian-spice-multiple-vulnerebilities
at No comments:
Labels:

Sunday, October 11, 2020

Network Security News Summary for Monday October 12 2020

A brief daily summary of what is important in cybersecurity. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minutes long, summary of current network security-related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .

The post Network Security News Summary for Monday October 12 2020 appeared first on Malware Devil.



https://malwaredevil.com/2020/10/11/network-security-news-summary-for-monday-october-12-2020/?utm_source=rss&utm_medium=rss&utm_campaign=network-security-news-summary-for-monday-october-12-2020
at No comments:
Labels:
Subscribe to: Posts (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...