openSUSE2021:0636-1: important: Security update for samba

openSUSE Security Update: Security update for samba ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0636-1 Rating: important References: #1178469 #1179156 #1183572 #1183574 #1184310 #1184677 Cross-References: CVE-2020-27840 CVE-2021-20254 CVE-2021-20277
CVSS scores: CVE-2020-27840 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-20254 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2021-20277 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that solves three vulnerabilities and has three fixes is now available.
Description:
This update for samba fixes the following issues:
– CVE-2021-20277: Fixed an out of bounds read in ldb_handler_fold (bsc#1183574). – CVE-2021-20254: Fixed a buffer overrun in sids_to_unixids() (bsc#1184677). – CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs (bsc#1183572). – Avoid free’ing our own pointer in memcache when memcache_trim attempts to reduce cache size (bsc#1179156). – s3-libads: use dns name to open a ldap session (bsc#1184310). – Adjust smbcacls ‘–propagate-inheritance’ feature to align with upstream (bsc#1178469).
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-636=1

Package List:
– openSUSE Leap 15.2 (i586 x86_64):
ctdb-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 ctdb-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 ctdb-pcp-pmda-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 ctdb-pcp-pmda-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 ctdb-tests-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 ctdb-tests-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-binding0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-binding0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-samr-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-samr0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-samr0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-krb5pac-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-krb5pac0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-krb5pac0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-nbt-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-nbt0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-nbt0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-standard-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-standard0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-standard0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libnetapi-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libnetapi0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libnetapi0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-credentials-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-credentials0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-credentials0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-errors-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-errors0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-errors0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-hostconfig-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-hostconfig0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-hostconfig0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-passdb-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-passdb0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-passdb0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-policy-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-policy-python3-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-policy0-python3-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-policy0-python3-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-util-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-util0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-util0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamdb-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamdb0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamdb0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbclient-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbclient0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbclient0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbconf-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbconf0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbconf0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbldap-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbldap2-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbldap2-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libtevent-util-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libtevent-util0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libtevent-util0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libwbclient-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libwbclient0-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libwbclient0-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-ad-dc-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-ad-dc-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-client-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-client-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-core-devel-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-debugsource-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-dsdb-modules-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-dsdb-modules-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-python3-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-python3-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-python3-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-python3-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-test-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-test-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-winbind-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-winbind-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1
– openSUSE Leap 15.2 (noarch):
samba-doc-4.11.14+git.247.8c858f7ee14-lp152.3.19.1
– openSUSE Leap 15.2 (x86_64):
libdcerpc-binding0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-samr0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc-samr0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libdcerpc0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-krb5pac0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-nbt0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-standard0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr-standard0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libndr0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libnetapi-devel-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libnetapi0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libnetapi0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-credentials0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-errors0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-hostconfig0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-passdb0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-policy0-python3-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-policy0-python3-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-util0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamba-util0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamdb0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsamdb0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbclient0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbclient0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbconf0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbconf0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbldap2-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libsmbldap2-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libtevent-util0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libtevent-util0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libwbclient0-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 libwbclient0-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-ad-dc-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-ad-dc-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-ceph-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-ceph-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-client-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-client-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-python3-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-libs-python3-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-winbind-32bit-4.11.14+git.247.8c858f7ee14-lp152.3.19.1 samba-winbind-32bit-debuginfo-4.11.14+git.247.8c858f7ee14-lp152.3.19.1
References:
www.suse.com/security/cve/CVE-2020-27840.html www.suse.com/security/cve/CVE-2021-20254.html www.suse.com/security/cve/CVE-2021-20277.html bugzilla.suse.com/1178469 bugzilla.suse.com/1179156 bugzilla.suse.com/1183572 bugzilla.suse.com/1183574 bugzilla.suse.com/1184310 bugzilla.suse.com/1184677

openSUSE2021:0639-1: important: Security update for cifs-utils

openSUSE Security Update: Security update for cifs-utils ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0639-1 Rating: important References: #1152930 #1174477 #1183239 #1184815 Cross-References: CVE-2020-14342 CVE-2021-20208 CVSS scores: CVE-2020-14342 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14342 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2021-20208 (NVD) : 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N CVE-2021-20208 (SUSE): 6.1 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that solves two vulnerabilities and has two fixes is now available.
Description:
This update for cifs-utils fixes the following security issues:
– CVE-2021-20208: Fixed a potential kerberos auth leak escaping from container. (bsc#1183239) – CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs. (bsc#1174477)
This update for cifs-utils fixes the following issues:
– Solve invalid directory mounting. When attempting to change the current working directory into non-existing directories, mount.cifs crashes. (bsc#1152930)
– Fixed a bug where it was no longer possible to mount CIFS filesystem after the last maintenance update. (bsc#1184815)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-639=1

Package List:
– openSUSE Leap 15.2 (i586 x86_64):
cifs-utils-6.9-lp152.2.3.1 cifs-utils-debuginfo-6.9-lp152.2.3.1 cifs-utils-debugsource-6.9-lp152.2.3.1 cifs-utils-devel-6.9-lp152.2.3.1 pam_cifscreds-6.9-lp152.2.3.1 pam_cifscreds-debuginfo-6.9-lp152.2.3.1
References:
www.suse.com/security/cve/CVE-2020-14342.html www.suse.com/security/cve/CVE-2021-20208.html bugzilla.suse.com/1152930 bugzilla.suse.com/1174477 bugzilla.suse.com/1183239 bugzilla.suse.com/1184815

openSUSE2021:0629-1: critical: Security update for Chromium

openSUSE Security Update: Security update for Chromium ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0629-1 Rating: critical References: #11845047 #1184764 #1185398 Cross-References: CVE-2021-21201 CVE-2021-21202 CVE-2021-21203 CVE-2021-21204 CVE-2021-21205 CVE-2021-21207 CVE-2021-21208 CVE-2021-21209 CVE-2021-21210 CVE-2021-21211 CVE-2021-21212 CVE-2021-21213 CVE-2021-21221 CVE-2021-21222 CVE-2021-21223 CVE-2021-21224 CVE-2021-21225 CVE-2021-21226 CVE-2021-21227 CVE-2021-21228 CVE-2021-21229 CVE-2021-21230 CVE-2021-21231 CVE-2021-21232 CVE-2021-21233 CVSS scores: CVE-2021-21201 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-21202 (NVD) : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-21203 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21204 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21205 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2021-21207 (NVD) : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-21208 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-21209 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-21210 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-21211 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-21212 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-21213 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21221 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-21222 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-21223 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-21224 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21225 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-21226 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes 25 vulnerabilities is now available.
Description:
This update for chromium fixes the following issues:
– Chromium was updated to 90.0.4430.93 (boo#1184764,boo#1185047,boo#1185398) * CVE-2021-21227: Insufficient data validation in V8. * CVE-2021-21232: Use after free in Dev Tools. * CVE-2021-21233: Heap buffer overflow in ANGLE. * CVE-2021-21228: Insufficient policy enforcement in extensions. * CVE-2021-21229: Incorrect security UI in downloads. * CVE-2021-21230: Type Confusion in V8. * CVE-2021-21231: Insufficient data validation in V8. * CVE-2021-21222: Heap buffer overflow in V8 * CVE-2021-21223: Integer overflow in Mojo * CVE-2021-21224: Type Confusion in V8 * CVE-2021-21225: Out of bounds memory access in V8 * CVE-2021-21226: Use after free in navigation * CVE-2021-21201: Use after free in permissions * CVE-2021-21202: Use after free in extensions * CVE-2021-21203: Use after free in Blink * CVE-2021-21204: Use after free in Blink * CVE-2021-21205: Insufficient policy enforcement in navigation * CVE-2021-21221: Insufficient validation of untrusted input in Mojo * CVE-2021-21207: Use after free in IndexedDB * CVE-2021-21208: Insufficient data validation in QR scanner * CVE-2021-21209: Inappropriate implementation in storage * CVE-2021-21210: Inappropriate implementation in Network * CVE-2021-21211: Inappropriate implementation in Navigatio * CVE-2021-21212: Incorrect security UI in Network Config UI * CVE-2021-21213: Use after free in WebMIDI
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-629=1

Package List:
– openSUSE Leap 15.2 (x86_64):
chromedriver-90.0.4430.93-lp152.2.89.1 chromedriver-debuginfo-90.0.4430.93-lp152.2.89.1 chromium-90.0.4430.93-lp152.2.89.1 chromium-debuginfo-90.0.4430.93-lp152.2.89.1
References:
www.suse.com/security/cve/CVE-2021-21201.html www.suse.com/security/cve/CVE-2021-21202.html www.suse.com/security/cve/CVE-2021-21203.html www.suse.com/security/cve/CVE-2021-21204.html www.suse.com/security/cve/CVE-2021-21205.html www.suse.com/security/cve/CVE-2021-21207.html www.suse.com/security/cve/CVE-2021-21208.html www.suse.com/security/cve/CVE-2021-21209.html www.suse.com/security/cve/CVE-2021-21210.html www.suse.com/security/cve/CVE-2021-21211.html www.suse.com/security/cve/CVE-2021-21212.html www.suse.com/security/cve/CVE-2021-21213.html www.suse.com/security/cve/CVE-2021-21221.html www.suse.com/security/cve/CVE-2021-21222.html www.suse.com/security/cve/CVE-2021-21223.html www.suse.com/security/cve/CVE-2021-21224.html www.suse.com/security/cve/CVE-2021-21225.html www.suse.com/security/cve/CVE-2021-21226.html www.suse.com/security/cve/CVE-2021-21227.html www.suse.com/security/cve/CVE-2021-21228.html www.suse.com/security/cve/CVE-2021-21229.html www.suse.com/security/cve/CVE-2021-21230.html www.suse.com/security/cve/CVE-2021-21231.html www.suse.com/security/cve/CVE-2021-21232.html www.suse.com/security/cve/CVE-2021-21233.html bugzilla.suse.com/11845047 bugzilla.suse.com/1184764 bugzilla.suse.com/1185398

openSUSE2021:0637-1: important: Security update for webkit2gtk3

openSUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0637-1 Rating: important References: #1182719 #1184155 #1184262 Cross-References: CVE-2020-27918 CVE-2020-29623 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVSS scores: CVE-2020-27918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-29623 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2021-1765 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1788 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1789 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1799 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1801 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-1844 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-1871 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
– Update to version 2.32.0 (bsc#1184155): * Fix the authentication request port when URL omits the port. * Fix iframe scrolling when main frame is scrolled in async * scrolling mode. * Stop using g_memdup. * Show a warning message when overriding signal handler for * threading suspension. * Fix the build on RISC-V with GCC 11. * Fix several crashes and rendering issues. * Security fixes: CVE-2021-1788, CVE-2021-1844, CVE-2021-1871 – Update in version 2.30.6 (bsc#1184262): * Update user agent quirks again for Google Docs and Google Drive. * Fix several crashes and rendering issues. * Security fixes: CVE-2020-27918, CVE-2020-29623, CVE-2021-1765 CVE-2021-1789, CVE-2021-1799, CVE-2021-1801, CVE-2021-1870. – Update _constraints for armv6/armv7 (bsc#1182719) – restore NPAPI plugin support which was removed in 2.32.0
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-637=1

Package List:
– openSUSE Leap 15.2 (i586 x86_64):
libjavascriptcoregtk-4_0-18-2.32.0-lp152.2.13.1 libjavascriptcoregtk-4_0-18-debuginfo-2.32.0-lp152.2.13.1 libwebkit2gtk-4_0-37-2.32.0-lp152.2.13.1 libwebkit2gtk-4_0-37-debuginfo-2.32.0-lp152.2.13.1 typelib-1_0-JavaScriptCore-4_0-2.32.0-lp152.2.13.1 typelib-1_0-WebKit2-4_0-2.32.0-lp152.2.13.1 typelib-1_0-WebKit2WebExtension-4_0-2.32.0-lp152.2.13.1 webkit-jsc-4-2.32.0-lp152.2.13.1 webkit-jsc-4-debuginfo-2.32.0-lp152.2.13.1 webkit2gtk-4_0-injected-bundles-2.32.0-lp152.2.13.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.32.0-lp152.2.13.1 webkit2gtk3-debugsource-2.32.0-lp152.2.13.1 webkit2gtk3-devel-2.32.0-lp152.2.13.1 webkit2gtk3-minibrowser-2.32.0-lp152.2.13.1 webkit2gtk3-minibrowser-debuginfo-2.32.0-lp152.2.13.1
– openSUSE Leap 15.2 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.32.0-lp152.2.13.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.32.0-lp152.2.13.1 libwebkit2gtk-4_0-37-32bit-2.32.0-lp152.2.13.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.32.0-lp152.2.13.1
– openSUSE Leap 15.2 (noarch):
libwebkit2gtk3-lang-2.32.0-lp152.2.13.1
References:
www.suse.com/security/cve/CVE-2020-27918.html www.suse.com/security/cve/CVE-2020-29623.html www.suse.com/security/cve/CVE-2021-1765.html www.suse.com/security/cve/CVE-2021-1788.html www.suse.com/security/cve/CVE-2021-1789.html www.suse.com/security/cve/CVE-2021-1799.html www.suse.com/security/cve/CVE-2021-1801.html www.suse.com/security/cve/CVE-2021-1844.html www.suse.com/security/cve/CVE-2021-1870.html www.suse.com/security/cve/CVE-2021-1871.html bugzilla.suse.com/1182719 bugzilla.suse.com/1184155 bugzilla.suse.com/1184262

openSUSE2021:0630-1: important: Security update for virtualbox

openSUSE Security Update: Security update for virtualbox ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0630-1 Rating: important References: #1181197 #1181198 #1183125 #1183329 #1184542
Cross-References: CVE-2021-2074 CVE-2021-2129 CVE-2021-2264
CVSS scores: CVE-2021-2074 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-2129 (NVD) : 7.9 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N CVE-2021-2264 (NVD) : 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that solves three vulnerabilities and has two fixes is now available.
Description:
This update for virtualbox fixes the following issues:
– Version bump to 6.1.20 (released April 20 2021 by Oracle) Fixes boo#1183329 “virtualbox 6.1.18 crashes when it runs nested VM” Fixes boo#1183125 “Leap 15.3 installation in Virtualbox without VBox integration” Fixes CVE-2021-2264 and boo#1184542. The directory for the .start files for autostarting VMs is moved from /etc/vbox to /etc/vbox/autostart.d. In addition, the autostart service is hardened (by Oracle). – change the modalias for guest-tools and guest-x11 to get them to autoinstall. – Own %{_sysconfdir}/X11/xinit/xinitrc.d as default packages (eg systemd) no longer do so, breaking package build. – Update fixes_for_leap15.3 for kernel API changes between 5.3.18-45 and 5.3.18-47. – update-extpack.sh: explicitly use https:// protocol for authenticity. The http:// URL is currently redirected to https:// but don’t rely on this. – Add code to generate guest modules for Leap 15.2 and Leap 15.3. The kernel versions do not allow window resizing. Files “virtualbox-kmp-files-leap” and “vboxguestconfig.sh” are added – Fixes CVE-2021-2074, boo#1181197 and CVE-2021-2129, boo#1181198. – Under some circumstances, shared folders are mounted as root.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-630=1

Package List:
– openSUSE Leap 15.2 (noarch):
virtualbox-guest-desktop-icons-6.1.20-lp152.2.21.1 virtualbox-guest-source-6.1.20-lp152.2.21.1 virtualbox-host-source-6.1.20-lp152.2.21.1
– openSUSE Leap 15.2 (x86_64):
python3-virtualbox-6.1.20-lp152.2.21.1 python3-virtualbox-debuginfo-6.1.20-lp152.2.21.1 virtualbox-6.1.20-lp152.2.21.1 virtualbox-debuginfo-6.1.20-lp152.2.21.1 virtualbox-debugsource-6.1.20-lp152.2.21.1 virtualbox-devel-6.1.20-lp152.2.21.1 virtualbox-guest-tools-6.1.20-lp152.2.21.1 virtualbox-guest-tools-debuginfo-6.1.20-lp152.2.21.1 virtualbox-guest-x11-6.1.20-lp152.2.21.1 virtualbox-guest-x11-debuginfo-6.1.20-lp152.2.21.1 virtualbox-kmp-debugsource-6.1.20-lp152.2.21.1 virtualbox-kmp-default-6.1.20_k5.3.18_lp152.72-lp152.2.21.1 virtualbox-kmp-default-debuginfo-6.1.20_k5.3.18_lp152.72-lp152.2.21.1 virtualbox-kmp-preempt-6.1.20_k5.3.18_lp152.72-lp152.2.21.1 virtualbox-kmp-preempt-debuginfo-6.1.20_k5.3.18_lp152.72-lp152.2.21.1 virtualbox-qt-6.1.20-lp152.2.21.1 virtualbox-qt-debuginfo-6.1.20-lp152.2.21.1 virtualbox-vnc-6.1.20-lp152.2.21.1 virtualbox-websrv-6.1.20-lp152.2.21.1 virtualbox-websrv-debuginfo-6.1.20-lp152.2.21.1
References:
www.suse.com/security/cve/CVE-2021-2074.html www.suse.com/security/cve/CVE-2021-2129.html www.suse.com/security/cve/CVE-2021-2264.html bugzilla.suse.com/1181197 bugzilla.suse.com/1181198 bugzilla.suse.com/1183125 bugzilla.suse.com/1183329 bugzilla.suse.com/1184542

openSUSE2021:0635-1: important: Security update for libnettle

openSUSE Security Update: Security update for libnettle ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0635-1 Rating: important References: #1184401 Cross-References: CVE-2021-20305 CVSS scores: CVE-2021-20305 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-20305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libnettle fixes the following issues:
– CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401).
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-635=1

Package List:
– openSUSE Leap 15.2 (i586 x86_64):
libhogweed4-3.4.1-lp152.4.3.1 libhogweed4-debuginfo-3.4.1-lp152.4.3.1 libnettle-debugsource-3.4.1-lp152.4.3.1 libnettle-devel-3.4.1-lp152.4.3.1 libnettle6-3.4.1-lp152.4.3.1 libnettle6-debuginfo-3.4.1-lp152.4.3.1 nettle-3.4.1-lp152.4.3.1 nettle-debuginfo-3.4.1-lp152.4.3.1
– openSUSE Leap 15.2 (x86_64):
libhogweed4-32bit-3.4.1-lp152.4.3.1 libhogweed4-32bit-debuginfo-3.4.1-lp152.4.3.1 libnettle-devel-32bit-3.4.1-lp152.4.3.1 libnettle6-32bit-3.4.1-lp152.4.3.1 libnettle6-32bit-debuginfo-3.4.1-lp152.4.3.1
References:
www.suse.com/security/cve/CVE-2021-20305.html bugzilla.suse.com/1184401

openSUSE2021:0634-1: important: Security update for librsvg

openSUSE Security Update: Security update for librsvg ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0634-1 Rating: important References: #1183403 Cross-References: CVE-2021-25900 CVSS scores: CVE-2021-25900 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for librsvg fixes the following issues:
– librsvg was updated to 2.46.5: * Update dependent crates that had security vulnerabilities: smallvec to 0.6.14 – RUSTSEC-2018-0003 – CVE-2021-25900 (bsc#1183403)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-634=1

Package List:
– openSUSE Leap 15.2 (i586 x86_64):
gdk-pixbuf-loader-rsvg-2.46.5-lp152.2.3.1 gdk-pixbuf-loader-rsvg-debuginfo-2.46.5-lp152.2.3.1 librsvg-2-2-2.46.5-lp152.2.3.1 librsvg-2-2-debuginfo-2.46.5-lp152.2.3.1 librsvg-debugsource-2.46.5-lp152.2.3.1 librsvg-devel-2.46.5-lp152.2.3.1 rsvg-convert-2.46.5-lp152.2.3.1 rsvg-convert-debuginfo-2.46.5-lp152.2.3.1 typelib-1_0-Rsvg-2_0-2.46.5-lp152.2.3.1
– openSUSE Leap 15.2 (noarch):
librsvg-lang-2.46.5-lp152.2.3.1 rsvg-thumbnailer-2.46.5-lp152.2.3.1
– openSUSE Leap 15.2 (x86_64):
gdk-pixbuf-loader-rsvg-32bit-2.46.5-lp152.2.3.1 gdk-pixbuf-loader-rsvg-32bit-debuginfo-2.46.5-lp152.2.3.1 librsvg-2-2-32bit-2.46.5-lp152.2.3.1 librsvg-2-2-32bit-debuginfo-2.46.5-lp152.2.3.1
References:
www.suse.com/security/cve/CVE-2021-25900.html bugzilla.suse.com/1183403

openSUSE2021:0632-1: important: Security update for gsoap

openSUSE Security Update: Security update for gsoap ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0632-1 Rating: important References: #1182098 Cross-References: CVE-2020-13576 CVSS scores: CVE-2020-13576 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gsoap fixes the following issues:
– CVE-2020-13576: Fixed a remote code execution via specially crafted SOAP request inside the WS-Addressing plugin (boo#1182098)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-632=1

Package List:
– openSUSE Leap 15.2 (x86_64):
gsoap-debuginfo-2.8.102-lp152.2.3.1 gsoap-debugsource-2.8.102-lp152.2.3.1 gsoap-devel-2.8.102-lp152.2.3.1 gsoap-devel-debuginfo-2.8.102-lp152.2.3.1 libgsoap-2_8_102-2.8.102-lp152.2.3.1 libgsoap-2_8_102-debuginfo-2.8.102-lp152.2.3.1
– openSUSE Leap 15.2 (noarch):
gsoap-doc-2.8.102-lp152.2.3.1
References:
www.suse.com/security/cve/CVE-2020-13576.html bugzilla.suse.com/1182098

openSUSE2021:0638-1: important: Security update for cups

openSUSE Security Update: Security update for cups ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0638-1 Rating: important References: #1184161 Cross-References: CVE-2021-25317 CVSS scores: CVE-2021-25317 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cups fixes the following issues:
– CVE-2021-25317: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks (bsc#1184161)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-638=1

Package List:
– openSUSE Leap 15.2 (i586 x86_64):
cups-2.2.7-lp152.9.9.1 cups-client-2.2.7-lp152.9.9.1 cups-client-debuginfo-2.2.7-lp152.9.9.1 cups-config-2.2.7-lp152.9.9.1 cups-ddk-2.2.7-lp152.9.9.1 cups-ddk-debuginfo-2.2.7-lp152.9.9.1 cups-debuginfo-2.2.7-lp152.9.9.1 cups-debugsource-2.2.7-lp152.9.9.1 cups-devel-2.2.7-lp152.9.9.1 libcups2-2.2.7-lp152.9.9.1 libcups2-debuginfo-2.2.7-lp152.9.9.1 libcupscgi1-2.2.7-lp152.9.9.1 libcupscgi1-debuginfo-2.2.7-lp152.9.9.1 libcupsimage2-2.2.7-lp152.9.9.1 libcupsimage2-debuginfo-2.2.7-lp152.9.9.1 libcupsmime1-2.2.7-lp152.9.9.1 libcupsmime1-debuginfo-2.2.7-lp152.9.9.1 libcupsppdc1-2.2.7-lp152.9.9.1 libcupsppdc1-debuginfo-2.2.7-lp152.9.9.1
– openSUSE Leap 15.2 (x86_64):
cups-devel-32bit-2.2.7-lp152.9.9.1 libcups2-32bit-2.2.7-lp152.9.9.1 libcups2-32bit-debuginfo-2.2.7-lp152.9.9.1 libcupscgi1-32bit-2.2.7-lp152.9.9.1 libcupscgi1-32bit-debuginfo-2.2.7-lp152.9.9.1 libcupsimage2-32bit-2.2.7-lp152.9.9.1 libcupsimage2-32bit-debuginfo-2.2.7-lp152.9.9.1 libcupsmime1-32bit-2.2.7-lp152.9.9.1 libcupsmime1-32bit-debuginfo-2.2.7-lp152.9.9.1 libcupsppdc1-32bit-2.2.7-lp152.9.9.1 libcupsppdc1-32bit-debuginfo-2.2.7-lp152.9.9.1
References:
www.suse.com/security/cve/CVE-2021-25317.html bugzilla.suse.com/1184161