From sle-security-updates at lists.suse.com Thu Sep 1 07:15:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 09:15:39 +0200 (CEST)
Subject: SUSE-SU-2022:2962-1: important: Security update for open-vm-tools
Message-ID: <20220901071539.954E7F3D4@maintenance.suse.de>
SUSE Security Update: Security update for open-vm-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2962-1
Rating: important
References: #1202657
Cross-References: CVE-2022-31676
CVSS scores:
CVE-2022-31676 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP3-BCL
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for open-vm-tools fixes the following issues:
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-2962=1
Package List:
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libvmtools0-10.3.10-3.34.1
libvmtools0-debuginfo-10.3.10-3.34.1
open-vm-tools-10.3.10-3.34.1
open-vm-tools-debuginfo-10.3.10-3.34.1
open-vm-tools-debugsource-10.3.10-3.34.1
open-vm-tools-desktop-10.3.10-3.34.1
open-vm-tools-desktop-debuginfo-10.3.10-3.34.1
References:
https://www.suse.com/security/cve/CVE-2022-31676.html
https://bugzilla.suse.com/1202657
From sle-security-updates at lists.suse.com Thu Sep 1 07:37:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 09:37:39 +0200 (CEST)
Subject: SUSE-CU-2022:1995-1: Security update of suse/sle15
Message-ID: <20220901073739.62121FE10@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1995-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.604
Container Release : 4.22.604
Severity : important
Type : security
References : 1181475 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libprocps7-3.3.15-150000.7.25.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:03:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:03:46 +0200 (CEST)
Subject: SUSE-CU-2022:1996-1: Security update of suse/sle15
Message-ID: <20220901080346.B7C43F3D4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1996-1
Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.665
Container Release : 6.2.665
Severity : important
Type : security
References : 1181475 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libprocps7-3.3.15-150000.7.25.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:23:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:23:17 +0200 (CEST)
Subject: SUSE-CU-2022:1999-1: Security update of suse/sle15
Message-ID: <20220901082317.01D1AF3D4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:1999-1
Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.23 , suse/sle15:15.3 , suse/sle15:15.3.17.20.23
Container Release : 17.20.23
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:25:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:25:05 +0200 (CEST)
Subject: SUSE-CU-2022:2000-1: Security update of bci/dotnet-sdk
Message-ID: <20220901082505.ABE73F3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2000-1
Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-45.14 , bci/dotnet-sdk:3.1.28 , bci/dotnet-sdk:3.1.28-45.14
Container Release : 45.14
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:sles15-image-15.0.0-27.11.16 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:26:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:26:59 +0200 (CEST)
Subject: SUSE-CU-2022:2001-1: Security update of bci/golang
Message-ID: <20220901082659.7744DF3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2001-1
Container Tags : bci/golang:1.16 , bci/golang:1.16-30.15
Container Release : 30.15
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:sles15-image-15.0.0-27.11.16 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:28:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:28:58 +0200 (CEST)
Subject: SUSE-CU-2022:2002-1: Security update of bci/golang
Message-ID: <20220901082858.85E2CF3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2002-1
Container Tags : bci/golang:1.17 , bci/golang:1.17-29.16
Container Release : 29.16
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:sles15-image-15.0.0-27.11.16 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:29:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:29:34 +0200 (CEST)
Subject: SUSE-CU-2022:2003-1: Security update of bci/golang
Message-ID: <20220901082934.92D00F3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2003-1
Container Tags : bci/golang:1.19 , bci/golang:1.19-2.13 , bci/golang:latest
Container Release : 2.13
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:sles15-image-15.0.0-27.11.15 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:30:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:30:58 +0200 (CEST)
Subject: SUSE-CU-2022:2004-1: Security update of bci/bci-init
Message-ID: <20220901083058.DCA16F3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2004-1
Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.21.15 , bci/bci-init:latest
Container Release : 21.15
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:sles15-image-15.0.0-27.11.16 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:31:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:31:19 +0200 (CEST)
Subject: SUSE-CU-2022:2005-1: Security update of bci/bci-minimal
Message-ID: <20220901083119.261CFF3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2005-1
Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.14.4 , bci/bci-minimal:latest
Container Release : 14.4
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/bci-minimal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:32:35 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:32:35 +0200 (CEST)
Subject: SUSE-CU-2022:2006-1: Security update of bci/nodejs
Message-ID: <20220901083235.A3B38F3D4@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2006-1
Container Tags : bci/node:14 , bci/node:14-33.15 , bci/nodejs:14 , bci/nodejs:14-33.15
Container Release : 33.15
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:sles15-image-15.0.0-27.11.16 updated
From sle-security-updates at lists.suse.com Thu Sep 1 08:34:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 10:34:06 +0200 (CEST)
Subject: SUSE-CU-2022:2007-1: Security update of suse/pcp
Message-ID: <20220901083406.04ABBF3D4@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2007-1
Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-9.30 , suse/pcp:latest
Container Release : 9.30
Severity : important
Type : security
References : 1201298 1202175 1202310 1202645 CVE-2022-37434
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2939-1
Released: Mon Aug 29 14:49:17 2022
Summary: Recommended update for mozilla-nss
Type: recommended
Severity: moderate
References: 1201298,1202645
This update for mozilla-nss fixes the following issues:
Update to NSS 3.79.1 (bsc#1202645)
* compare signature and signatureAlgorithm fields in legacy certificate verifier.
* Uninitialized value in cert_ComputeCertType.
* protect SFTKSlot needLogin with slotLock.
* avoid data race on primary password change.
* check for null template in sec_asn1{d,e}_push_state.
- FIPS: unapprove the rest of the DSA ciphers, keeping signature verification only (bsc#1201298).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- timezone-2022a-150000.75.10.1 updated
- libfreebl3-3.79.1-150400.3.10.2 updated
- libfreebl3-hmac-3.79.1-150400.3.10.2 updated
- mozilla-nss-certs-3.79.1-150400.3.10.2 updated
- libsoftokn3-3.79.1-150400.3.10.2 updated
- mozilla-nss-3.79.1-150400.3.10.2 updated
- libsoftokn3-hmac-3.79.1-150400.3.10.2 updated
- container:bci-bci-init-15.4-15.4-21.15 updated
From sle-security-updates at lists.suse.com Thu Sep 1 14:51:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:51:45 +0200 (CEST)
Subject: SUSE-SU-2022:2839-2: important: Security update for podman
Message-ID: <20220901145145.61C59F3D4@maintenance.suse.de>
SUSE Security Update: Security update for podman
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2839-2
Rating: important
References: #1182428 #1196338 #1197284
Cross-References: CVE-2022-1227 CVE-2022-21698 CVE-2022-27191
CVSS scores:
CVE-2022-1227 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1227 (SUSE): 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27191 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27191 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for podman fixes the following issues:
Updated to version 3.4.7:
- CVE-2022-1227: Fixed an issue that could allow an attacker to publish a
malicious image to a public registry and run arbitrary code in the
victim's context via the 'podman top' command (bsc#1182428).
- CVE-2022-27191: Fixed a potential crash via SSH under specific
configurations (bsc#1197284).
- CVE-2022-21698: Fixed a potential denial of service that affected
servers that used Prometheus instrumentation (bsc#1196338).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2839=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
podman-3.4.7-150300.9.9.2
podman-debuginfo-3.4.7-150300.9.9.2
- openSUSE Leap Micro 5.2 (noarch):
podman-cni-config-3.4.7-150300.9.9.2
References:
https://www.suse.com/security/cve/CVE-2022-1227.html
https://www.suse.com/security/cve/CVE-2022-21698.html
https://www.suse.com/security/cve/CVE-2022-27191.html
https://bugzilla.suse.com/1182428
https://bugzilla.suse.com/1196338
https://bugzilla.suse.com/1197284
From sle-security-updates at lists.suse.com Thu Sep 1 14:52:35 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:52:35 +0200 (CEST)
Subject: SUSE-SU-2022:2985-1: important: Security update for open-vm-tools
Message-ID: <20220901145235.DD2B1F3D4@maintenance.suse.de>
SUSE Security Update: Security update for open-vm-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2985-1
Rating: important
References: #1202657
Cross-References: CVE-2022-31676
CVSS scores:
CVE-2022-31676 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for open-vm-tools fixes the following issues:
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2985=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2985=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2985=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2985=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2985=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2985=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2985=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2985=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2985=1
Package List:
- SUSE Manager Server 4.1 (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Manager Proxy 4.1 (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
- SUSE Enterprise Storage 7 (x86_64):
libvmtools-devel-11.3.5-150200.5.16.11.1
libvmtools0-11.3.5-150200.5.16.11.1
libvmtools0-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-11.3.5-150200.5.16.11.1
open-vm-tools-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-debugsource-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-11.3.5-150200.5.16.11.1
open-vm-tools-desktop-debuginfo-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-11.3.5-150200.5.16.11.1
open-vm-tools-sdmp-debuginfo-11.3.5-150200.5.16.11.1
References:
https://www.suse.com/security/cve/CVE-2022-31676.html
https://bugzilla.suse.com/1202657
From sle-security-updates at lists.suse.com Thu Sep 1 14:53:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:53:16 +0200 (CEST)
Subject: SUSE-SU-2022:2327-2: important: Security update for curl
Message-ID: <20220901145316.2B94AF3D4@maintenance.suse.de>
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2327-2
Rating: important
References: #1200735 #1200737
Cross-References: CVE-2022-32206 CVE-2022-32208
CVSS scores:
CVE-2022-32206 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-32206 (SUSE): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32208 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-32208 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2327=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
curl-7.66.0-150200.4.36.1
curl-debuginfo-7.66.0-150200.4.36.1
curl-debugsource-7.66.0-150200.4.36.1
libcurl4-7.66.0-150200.4.36.1
libcurl4-debuginfo-7.66.0-150200.4.36.1
References:
https://www.suse.com/security/cve/CVE-2022-32206.html
https://www.suse.com/security/cve/CVE-2022-32208.html
https://bugzilla.suse.com/1200735
https://bugzilla.suse.com/1200737
From sle-security-updates at lists.suse.com Thu Sep 1 14:53:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:53:53 +0200 (CEST)
Subject: SUSE-SU-2022:2936-2: important: Security update for open-vm-tools
Message-ID: <20220901145353.B904EF3D4@maintenance.suse.de>
SUSE Security Update: Security update for open-vm-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2936-2
Rating: important
References: #1202657 #1202733
Cross-References: CVE-2022-31676
CVSS scores:
CVE-2022-31676 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for open-vm-tools fixes the following issues:
- Updated to version 12.1.0 (build 20219665) (bsc#1202733):
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2936=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
libvmtools0-12.1.0-150300.19.1
libvmtools0-debuginfo-12.1.0-150300.19.1
open-vm-tools-12.1.0-150300.19.1
open-vm-tools-debuginfo-12.1.0-150300.19.1
open-vm-tools-debugsource-12.1.0-150300.19.1
References:
https://www.suse.com/security/cve/CVE-2022-31676.html
https://bugzilla.suse.com/1202657
https://bugzilla.suse.com/1202733
From sle-security-updates at lists.suse.com Thu Sep 1 14:54:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:54:31 +0200 (CEST)
Subject: SUSE-SU-2022:2405-2: moderate: Security update for p11-kit
Message-ID: <20220901145431.26DB0F3D4@maintenance.suse.de>
SUSE Security Update: Security update for p11-kit
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2405-2
Rating: moderate
References: #1180065
Cross-References: CVE-2020-29362
CVSS scores:
CVE-2020-29362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2020-29362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for p11-kit fixes the following issues:
- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array
which could lead to crashes (bsc#1180065)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2405=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libp11-kit0-0.23.2-150000.4.16.1
libp11-kit0-debuginfo-0.23.2-150000.4.16.1
p11-kit-0.23.2-150000.4.16.1
p11-kit-debuginfo-0.23.2-150000.4.16.1
p11-kit-debugsource-0.23.2-150000.4.16.1
p11-kit-tools-0.23.2-150000.4.16.1
p11-kit-tools-debuginfo-0.23.2-150000.4.16.1
References:
https://www.suse.com/security/cve/CVE-2020-29362.html
https://bugzilla.suse.com/1180065
From sle-security-updates at lists.suse.com Thu Sep 1 14:55:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:55:03 +0200 (CEST)
Subject: SUSE-SU-2022:2349-2: moderate: Security update for ignition
Message-ID: <20220901145503.1DE4EF3D4@maintenance.suse.de>
SUSE Security Update: Security update for ignition
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2349-2
Rating: moderate
References: #1199524
Cross-References: CVE-2022-1706
CVSS scores:
CVE-2022-1706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1706 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ignition fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in
VMs running on VMware products (bsc#1199524).
- Update to version 2.14.0
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2349=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
ignition-2.14.0-150300.6.7.1
ignition-debuginfo-2.14.0-150300.6.7.1
ignition-dracut-grub2-2.14.0-150300.6.7.1
References:
https://www.suse.com/security/cve/CVE-2022-1706.html
https://bugzilla.suse.com/1199524
From sle-security-updates at lists.suse.com Thu Sep 1 14:55:40 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:55:40 +0200 (CEST)
Subject: SUSE-SU-2022:2357-2: important: Security update for python3
Message-ID: <20220901145540.CFA10F3D4@maintenance.suse.de>
SUSE Security Update: Security update for python3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2357-2
Rating: important
References: #1198511
Cross-References: CVE-2015-20107
CVSS scores:
CVE-2015-20107 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2015-20107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module
(bsc#1198511).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2357=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libpython3_6m1_0-3.6.15-150300.10.27.1
libpython3_6m1_0-debuginfo-3.6.15-150300.10.27.1
python3-3.6.15-150300.10.27.1
python3-base-3.6.15-150300.10.27.1
python3-base-debuginfo-3.6.15-150300.10.27.1
python3-core-debugsource-3.6.15-150300.10.27.1
python3-debuginfo-3.6.15-150300.10.27.1
python3-debugsource-3.6.15-150300.10.27.1
References:
https://www.suse.com/security/cve/CVE-2015-20107.html
https://bugzilla.suse.com/1198511
From sle-security-updates at lists.suse.com Thu Sep 1 14:57:24 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 16:57:24 +0200 (CEST)
Subject: SUSE-SU-2022:2424-2: important: Security update for the Linux Kernel
Message-ID: <20220901145724.D32F3F3D4@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2424-2
Rating: important
References: #1065729 #1179195 #1180814 #1184924 #1185762
#1192761 #1193629 #1194013 #1195504 #1195775
#1196901 #1197362 #1197754 #1198020 #1198924
#1199482 #1199487 #1199489 #1199657 #1200217
#1200263 #1200343 #1200442 #1200571 #1200599
#1200600 #1200608 #1200619 #1200622 #1200692
#1200806 #1200807 #1200809 #1200810 #1200813
#1200816 #1200820 #1200821 #1200822 #1200825
#1200828 #1200829 #1200925 #1201050 #1201080
#1201143 #1201147 #1201149 #1201160 #1201171
#1201177 #1201193 #1201222 SLE-15442
Cross-References: CVE-2021-26341 CVE-2021-4157 CVE-2022-1012
CVE-2022-1679 CVE-2022-20132 CVE-2022-20154
CVE-2022-29900 CVE-2022-29901 CVE-2022-33981
CVE-2022-34918
CVSS scores:
CVE-2021-26341 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-26341 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-4157 (NVD) : 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4157 (SUSE): 3.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
CVE-2022-1012 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-1679 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1679 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20132 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-20132 (SUSE): 4.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2022-20154 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20154 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29901 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-29901 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-33981 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVE-2022-33981 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-34918 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34918 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 10 vulnerabilities, contains one
feature and has 43 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to 3.12.31 to
receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-29900, CVE-2022-29901: Fixed the RETBLEED attack, a new Spectre
like Branch Target Buffer attack, that can leak arbitrary kernel
information (bsc#1199657).
- CVE-2022-34918: Fixed a buffer overflow with nft_set_elem_init() that
could be used by a local attacker to escalate privileges (bnc#1201171).
- CVE-2021-26341: Some AMD CPUs may transiently execute beyond
unconditional direct branches, which may potentially result in data
leakage (bsc#1201050).
- CVE-2022-1679: Fixed a use-after-free in the Atheros wireless driver in
the way a user forces the ath9k_htc_wait_for_target function to fail
with some input messages (bsc#1199487).
- CVE-2022-20132: Fixed out of bounds read due to improper input
validation in lg_probe and related functions of hid-lg.c (bsc#1200619).
- CVE-2022-1012: Fixed information leak caused by small table perturb size
in the TCP source port generation algorithm (bsc#1199482).
- CVE-2022-33981: Fixed use-after-free in floppy driver (bsc#1200692)
- CVE-2021-4157: Fixed an out of memory bounds write flaw in the NFS
subsystem, related to the replication of files with NFS. A user could
potentially crash the system or escalate privileges on the system
(bsc#1194013).
- CVE-2022-20154: Fixed a use after free due to a race condition in
lock_sock_nested of sock.c. This could lead to local escalation of
privilege with System execution privileges needed (bsc#1200599).
The following non-security bugs were fixed:
- Add missing recommends of kernel-install-tools to kernel-source-vanilla
(bsc#1200442)
- Add various fsctl structs (bsc#1200217).
- ALSA: hda/conexant: Fix missing beep setup (git-fixes).
- ALSA: hda/realtek - Add HW8326 support (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (git-fixes).
- ALSA: hda/realtek - ALC897 headset MIC no sound (git-fixes).
- ALSA: hda/via: Fix missing beep setup (git-fixes).
- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399
(git-fixes)
- arm64: ftrace: fix branch range checks (git-fixes)
- ASoC: cs35l36: Update digital volume TLV (git-fixes).
- ASoC: cs42l52: Correct TLV for Bypass Volume (git-fixes).
- ASoC: cs42l52: Fix TLV scales for mixer controls (git-fixes).
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls
(git-fixes).
- ASoC: cs53l30: Correct number of volume levels on SX controls
(git-fixes).
- ASoC: es8328: Fix event generation for deemphasis control (git-fixes).
- ASoC: nau8822: Add operation for internal PLL off and on (git-fixes).
- ASoC: wm8962: Fix suspend while playing music (git-fixes).
- ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint
(git-fixes).
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo()
(git-fixes).
- bcache: avoid journal no-space deadlock by reserving 1 journal bucket
(git-fixes).
- bcache: avoid unnecessary soft lockup in kworker update_writeback_rate()
(bsc#1197362).
- bcache: fixup multiple threads crash (git-fixes).
- bcache: improve multithreaded bch_btree_check() (git-fixes).
- bcache: improve multithreaded bch_sectors_dirty_init() (git-fixes).
- bcache: memset on stack variables in bch_btree_check() and
bch_sectors_dirty_init() (git-fixes).
- bcache: remove incremental dirty sector counting for
bch_sectors_dirty_init() (git-fixes).
- bio: fix page leak bio_add_hw_page failure (git-fixes).
- blk-cgroup: fix a hd_struct leak in blkcg_fill_root_iostats (git-fixes).
- blk-iolatency: Fix inflight count imbalances and IO hangs on offline
(bsc#1200825).
- blk-mq: clear active_queues before clearing BLK_MQ_F_TAG_QUEUE_SHARED
(bsc#1200263).
- blk-mq: do not update io_ticks with passthrough requests (bsc#1200816).
- blk-mq: drop workarounds for cpu hotplug queue management (bsc#1185762)
- blk-mq: update hctx->dispatch_busy in case of real scheduler (git-fixes).
- block: advance iov_iter on bio_add_hw_page failure (git-fixes).
- block: do not merge across cgroup boundaries if blkcg is enabled
(bsc#1198020).
- block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
(bsc#1185762).
- block: Fix kABI in blk-merge.c (bsc#1198020).
- block/keyslot-manager: prevent crash when num_slots=1 (git-fixes).
- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
(git-fixes).
- caif_virtio: fix race between virtio_device_ready() and ndo_open()
(git-fixes).
- ceph: add some lockdep assertions around snaprealm handling
(bsc#1201147).
- ceph: clean up locking annotation for ceph_get_snap_realm and
__lookup_snap_realm (bsc#1201149).
- certs/blacklist_hashes.c: fix const confusion in certs blacklist
(git-fixes).
- cifs: add WARN_ON for when chan_count goes below minimum (bsc#1200217).
- cifs: adjust DebugData to use chans_need_reconnect for conn status
(bsc#1200217).
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is
empty (bsc#1200217).
- cifs: avoid parallel session setups on same channel (bsc#1200217).
- cifs: avoid race during socket reconnect between send and recv
(bsc#1200217).
- cifs: call cifs_reconnect when a connection is marked (bsc#1200217).
- cifs: call helper functions for marking channels for reconnect
(bsc#1200217).
- cifs: change smb2_query_info_compound to use a cached fid, if available
(bsc#1200217).
- cifs: check for smb1 in open_cached_dir() (bsc#1200217).
- cifs: check reconnects for channels of active tcons too (bsc#1200217).
- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (bsc#1200217).
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits
(bsc#1200217).
- cifs: clean up an inconsistent indenting (bsc#1200217).
- cifs: destage any unwritten data to the server before calling
copychunk_write (bsc#1200217).
- cifs: do not build smb1ops if legacy support is disabled (bsc#1200217).
- cifs: do not call cifs_dfs_query_info_nonascii_quirk() if nodfs was set
(bsc#1200217).
- cifs: do not use tcpStatus after negotiate completes (bsc#1200217).
- cifs: do not use uninitialized data in the owner/group sid (bsc#1200217).
- cifs: fix confusing unneeded warning message on smb2.1 and earlier
(bsc#1200217).
- cifs: fix double free race when mount fails in cifs_get_root()
(bsc#1200217).
- cifs: fix FILE_BOTH_DIRECTORY_INFO definition (bsc#1200217).
- cifs: fix handlecache and multiuser (bsc#1200217).
- cifs: fix hang on cifs_get_next_mid() (bsc#1200217).
- cifs: fix incorrect use of list iterator after the loop (bsc#1200217).
- cifs: fix minor compile warning (bsc#1200217).
- cifs: fix missed refcounting of ipc tcon (bsc#1200217).
- cifs: fix ntlmssp auth when there is no key exchange (bsc#1200217).
- cifs: fix NULL ptr dereference in refresh_mounts() (bsc#1200217).
- cifs: fix potential deadlock in direct reclaim (bsc#1200217).
- cifs: fix potential double free during failed mount (bsc#1200217).
- cifs: fix potential race with cifsd thread (bsc#1200217).
- cifs: fix set of group SID via NTSD xattrs (bsc#1200217).
- cifs: fix signed integer overflow when fl_end is OFFSET_MAX
(bsc#1200217).
- cifs: Fix smb311_update_preauth_hash() kernel-doc comment (bsc#1200217).
- cifs: fix the cifs_reconnect path for DFS (bsc#1200217).
- cifs: fix the connection state transitions with multichannel
(bsc#1200217).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
(bsc#1200217).
- cifs: fix workstation_name for multiuser mounts (bsc#1200217).
- cifs: force new session setup and tcon for dfs (bsc#1200217).
- cifs: free ntlmsspblob allocated in negotiate (bsc#1200217).
- cifs: ignore resource_id while getting fscache super cookie
(bsc#1200217).
- cifs: maintain a state machine for tcp/smb/tcon sessions (bsc#1200217).
- cifs: make status checks in version independent callers (bsc#1200217).
- cifs: mark sessions for reconnection in helper function (bsc#1200217).
- cifs: modefromsids must add an ACE for authenticated users (bsc#1200217).
- cifs: move definition of cifs_fattr earlier in cifsglob.h (bsc#1200217).
- cifs: move superblock magic defitions to magic.h (bsc#1200217).
- cifs: potential buffer overflow in handling symlinks (bsc#1200217).
- cifs: print TIDs as hex (bsc#1200217).
- cifs: protect all accesses to chan_* with chan_lock (bsc#1200217).
- cifs: quirk for STATUS_OBJECT_NAME_INVALID returned for non-ASCII dfs
refs (bsc#1200217).
- cifs: reconnect only the connection and not smb session where possible
(bsc#1200217).
- cifs: release cached dentries only if mount is complete (bsc#1200217).
- cifs: remove check of list iterator against head past the loop body
(bsc#1200217).
- cifs: remove redundant assignment to pointer p (bsc#1200217).
- cifs: remove repeated debug message on cifs_put_smb_ses() (bsc#1200217).
- cifs: remove repeated state change in dfs tree connect (bsc#1200217).
- cifs: remove unused variable ses_selected (bsc#1200217).
- cifs: return ENOENT for DFS lookup_cache_entry() (bsc#1200217).
- cifs: return the more nuanced writeback error on close() (bsc#1200217).
- cifs: sanitize multiple delimiters in prepath (bsc#1200217).
- cifs: serialize all mount attempts (bsc#1200217).
- cifs: set the CREATE_NOT_FILE when opening the directory in
use_cached_dir() (bsc#1200217).
- cifs: skip trailing separators of prefix paths (bsc#1200217).
- cifs: smbd: fix typo in comment (bsc#1200217).
- cifs: Split the smb3_add_credits tracepoint (bsc#1200217).
- cifs: take cifs_tcp_ses_lock for status checks (bsc#1200217).
- cifs: track individual channel status using chans_need_reconnect
(bsc#1200217).
- cifs: unlock chan_lock before calling cifs_put_tcp_session (bsc#1200217).
- cifs: update internal module number (bsc#1193629).
- cifs: update internal module number (bsc#1200217).
- cifs: update internal module number (bsc#1200217).
- cifs: update tcpStatus during negotiate and sess setup (bsc#1200217).
- cifs: use a different reconnect helper for non-cifsd threads
(bsc#1200217).
- cifs: use correct lock type in cifs_reconnect() (bsc#1200217).
- cifs: Use kzalloc instead of kmalloc/memset (bsc#1200217).
- cifs: use new enum for ses_status (bsc#1200217).
- cifs: use the chans_need_reconnect bitmap for reconnect status
(bsc#1200217).
- cifs: verify that tcon is valid before dereference in cifs_kill_sb
(bsc#1200217).
- cifs: version operations for smb20 unneeded when legacy support disabled
(bsc#1200217).
- cifs: wait for tcon resource_id before getting fscache super
(bsc#1200217).
- cifs: we do not need a spinlock around the tree access during umount
(bsc#1200217).
- cifs: when extending a file with falloc we should make files not-sparse
(bsc#1200217).
- drivers: cpufreq: Add missing of_node_put() in qoriq-cpufreq.c
(git-fixes).
- drm/i915/reset: Fix error_state_read ptr + offset use (git-fixes).
- drm/i915: Update TGL and RKL DMC firmware versions (bsc#1198924).
- drm/msm: Fix double pm_runtime_disable() call (git-fixes).
- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (git-fixes).
- drm/sun4i: Fix crash during suspend after component bind failure
(git-fixes).
- exec: Force single empty string when argv is empty (bsc#1200571).
- ext4: add check to prevent attempting to resize an fs with sparse_super2
(bsc#1197754).
- ext4: fix bug_on ext4_mb_use_inode_pa (bsc#1200810).
- ext4: fix bug_on in __es_tree_search (bsc#1200809).
- ext4: fix race condition between ext4_write and ext4_convert_inline_data
(bsc#1200807).
- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
(bsc#1200806).
- ext4: make variable "count" signed (bsc#1200820).
- Fix a warning about a malformed kernel doc comment in cifs (bsc#1200217).
- fuse: annotate lock in fuse_reverse_inval_entry() (bsc#1201143).
- gpio: winbond: Fix error code in winbond_gpio_get() (git-fixes).
- gtp: use icmp_ndo_send helper (git-fixes).
- hwmon: (ibmaem) do not call platform_device_del() if
platform_device_add() fails (git-fixes).
- i2c: designware: Use standard optional ref clock implementation
(git-fixes).
- ibmvnic: Properly dispose of all skbs during a failover (bsc#1200925).
- iio:accel:bma180: rearrange iio trigger get and register (git-fixes).
- iio: accel: mma8452: ignore the return value of reset operation
(git-fixes).
- iio: adc: axp288: Override TS pin bias current for some models
(git-fixes).
- iio: adc: vf610: fix conversion mode sysfs node name (git-fixes).
- iio:chemical:ccs811: rearrange iio trigger get and register (git-fixes).
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up()
(git-fixes).
- iio: trigger: sysfs: fix use-after-free on remove (git-fixes).
- init: Initialize noop_backing_dev_info early (bsc#1200822).
- inotify: show inotify mask flags in proc fdinfo (bsc#1200600).
- iomap: iomap_write_failed fix (bsc#1200829).
- ipvs: add sysctl_run_estimation to support disable estimation
(bsc#1195504).
- jfs: fix divide error in dbNextAG (bsc#1200828).
- kABI fix of sysctl_run_estimation (git-fixes).
- kabi: nvme workaround header include (bsc#1201193).
- kabi/severities: ignore KABI for NVMe target (bsc#1192761)
- linux/dim: Fix divide by 0 in RDMA DIM (git-fixes).
- md: fix update super 1.0 on rdev size change (git-fixes).
- move devm_allocate to end of structure for kABI (git-fixes).
- mtd: rawnand: gpmi: Fix setting busy timeout setting (git-fixes).
- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg
(git-fixes).
- net: ethernet: stmmac: Disable hardware multicast filter (git-fixes).
- net: ieee802154: ca8210: Stop leaking skb's (git-fixes).
- net: lantiq: Add locking for TX DMA channel (git-fixes).
- net: rose: fix UAF bugs caused by timer handler (git-fixes).
- net: stmmac: reset Tx desc base address before restarting Tx (git-fixes).
- net: usb: ax88179_178a: Fix packet receiving (git-fixes).
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (git-fixes).
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (git-fixes).
- NFC: nxp-nci: Do not issue a zero length i2c_master_read() (git-fixes).
- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (git-fixes).
- NFS: Do not report errors from nfs_pageio_complete() more than once
(git-fixes).
- NFS: Do not report flush errors in nfs_write_end() (git-fixes).
- NFS: Further fixes to the writeback error handling (git-fixes).
- NFS: Memory allocation failures are not server fatal errors (git-fixes).
- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout
(git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm/region: Fix default alignment for small regions (git-fixes).
- nvme: add CNTRLTYPE definitions for 'identify controller' (bsc#1192761).
- nvme: Add connect option 'discovery' (bsc#1192761).
- nvme: add new discovery log page entry definitions (bsc#1192761).
- nvme: display correct subsystem NQN (bsc#1192761).
- nvme: expose subsystem type in sysfs attribute 'subsystype'
(bsc#1192761).
- nvme: kabi fix nvme subsystype change (bsc#1192761)
- nvmet: add nvmet_is_disc_subsys() helper (bsc#1192761).
- nvmet: add nvmet_req_subsys() helper (bsc#1192761).
- nvme-tcp: fix H2CData PDU send accounting (again) (git-fixes).
- nvmet: do not check iosqes,iocqes for discovery controllers
(bsc#1192761).
- nvmet: fix freeing unallocated p2pmem (git-fixes).
- nvmet: make discovery NQN configurable (bsc#1192761).
- nvmet-rdma: Fix NULL deref when SEND is completed with error (git-fixes).
- nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY
(git-fixes).
- nvmet: register discovery subsystem as 'current' (bsc#1192761).
- nvmet: set 'CNTRLTYPE' in the identify controller data (bsc#1192761).
- nvmet: switch check for subsystem type (bsc#1192761).
- pahole 1.22 required for full BTF features. also recommend pahole for
kernel-source to make the kernel buildable with standard config
- phy: aquantia: Fix AN when higher speeds than 1G are not advertised
(git-fixes).
- pNFS: Do not keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- powerpc/idle: Fix return value of __setup() handler (bsc#1065729).
- powerpc/perf: Fix the threshold compare group constraint for power9
(bsc#1065729).
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address
(bsc#1200343 ltc#198477).
- random: Add and use pr_fmt() (bsc#1184924).
- random: remove unnecessary unlikely() (bsc#1184924).
- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips
(git-fixes).
- Revert "block: Fix a lockdep complaint triggered by request queue
flushing" (git-fixes).
- rpm/check-for-config-changes: ignore GCC12/CC_NO_ARRAY_BOUNDS
- rpm/kernel-obs-build.spec.in: add systemd-initrd and terminfo dracut
module (bsc#1195775)
- rpm/kernel-obs-build.spec.in: Also depend on dracut-systemd (bsc#1195775)
- scsi: core: Show SCMD_LAST in text form (git-fixes).
- scsi: ibmvfc: Allocate/free queue resource only during probe/remove
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: ibmvfc: Store vhost pointer during subcrq allocation
(jsc#SLE-15442 bsc#1180814 ltc#187461 git-fixes).
- scsi: lpfc: Add more logging of cmd and cqe information for aborted NVMe
cmds (bsc#1201193).
- scsi: lpfc: Address NULL pointer dereference after starget_to_rport()
(bsc#1201193).
- scsi: lpfc: Add support for ATTO Fibre Channel devices (bsc#1201193).
- scsi: lpfc: Add support for VMID tagging of NVMe I/Os (bsc#1201193).
- scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd
completion (bsc#1201193).
- scsi: lpfc: Commonize VMID code location (bsc#1201193).
- scsi: lpfc: Correct BDE type for XMIT_SEQ64_WQE in
lpfc_ct_reject_event() (bsc#1201193).
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology
(bsc#1201193).
- scsi: lpfc: Resolve NULL ptr dereference after an ELS LOGO is aborted
(bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following abort path refactoring
(bsc#1201193).
- scsi: lpfc: Resolve some cleanup issues following SLI path refactoring
(bsc#1201193).
- scsi: lpfc: Rework lpfc_vmid_get_appid() to be protocol independent
(bsc#1201193).
- scsi: lpfc: Update lpfc version to 14.2.0.4 (bsc#1201193).
- scsi: nvme: Added a new sysfs attribute appid_store (bsc#1201193).
- scsi: nvme-fc: Add new routine nvme_fc_io_getuuid() (bsc#1201193).
- scsi: qla2xxx: Add a new v2 dport diagnostic feature (bsc#1201160).
- scsi: qla2xxx: Add debug prints in the device remove path (bsc#1201160).
- scsi: qla2xxx: edif: Add bsg interface to read doorbell events
(bsc#1201160).
- scsi: qla2xxx: edif: Add retry for ELS passthrough (bsc#1201160).
- scsi: qla2xxx: edif: bsg refactor (bsc#1201160).
- scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription
(bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n discovery issue with secure target
(bsc#1201160).
- scsi: qla2xxx: edif: Fix n2n login retry for secure device (bsc#1201160).
- scsi: qla2xxx: edif: Fix no login after app start (bsc#1201160).
- scsi: qla2xxx: edif: Fix no logout on delete for N2N (bsc#1201160).
- scsi: qla2xxx: edif: Fix potential stuck session in sa update
(bsc#1201160).
- scsi: qla2xxx: edif: Fix session thrash (bsc#1201160).
- scsi: qla2xxx: edif: Fix slow session teardown (bsc#1201160).
- scsi: qla2xxx: edif: Reduce disruption due to multiple app start
(bsc#1201160).
- scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing (bsc#1201160).
- scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time
(bsc#1201160).
- scsi: qla2xxx: edif: Remove old doorbell interface (bsc#1201160).
- scsi: qla2xxx: edif: Send LOGO for unexpected IKE message (bsc#1201160).
- scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication
application (bsc#1201160).
- scsi: qla2xxx: edif: Tear down session if keys have been removed
(bsc#1201160).
- scsi: qla2xxx: edif: Wait for app to ack on sess down (bsc#1201160).
- scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts
(bsc#1201160).
- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection
(bsc#1201160).
- scsi: qla2xxx: Fix excessive I/O error messages by default (bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests
(bsc#1201160).
- scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os
(bsc#1201160).
- scsi: qla2xxx: Fix losing target when it reappears during delete
(bsc#1201160).
- scsi: qla2xxx: Remove setting of 'req' and 'rsp' parameters
(bsc#1201160).
- scsi: qla2xxx: Remove unused 'ql_dm_tgt_ex_pct' parameter (bsc#1201160).
- scsi: qla2xxx: Turn off multi-queue for 8G adapters (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.500-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.600-k (bsc#1201160).
- scsi: qla2xxx: Update version to 10.02.07.700-k (bsc#1201160).
- scsi: qla2xxx: Wind down adapter after PCIe error (bsc#1201160).
- scsi: sd: sd_zbc: Do not pass GFP_NOIO to kvcalloc (git-fixes).
- scsi: sd: sd_zbc: Fix handling of host-aware ZBC disks (git-fixes).
- scsi: sd: sd_zbc: Fix ZBC disk initialization (git-fixes).
- scsi: sd: Signal drive managed SMR disks (git-fixes).
- scsi: sd_zbc: Do not limit max_zone_append sectors to (git-fixes).
- scsi: sd_zbc: Ensure buffer size is aligned to SECTOR_SIZE (git-fixes).
- scsi: sd_zbc: Improve zone revalidation (git-fixes).
- scsi: sd_zbc: Remove unused inline functions (git-fixes).
- scsi: sd_zbc: Support disks with more than 2**32 logical (git-fixes).
- scsi: smartpqi: create module parameters for LUN reset (bsc#1179195
bsc#1200622).
- smb3: add mount parm nosparse (bsc#1200217).
- smb3: add trace point for lease not found issue (bsc#1200217).
- smb3: add trace point for oplock not found (bsc#1200217).
- smb3: check for null tcon (bsc#1200217).
- smb3: cleanup and clarify status of tree connections (bsc#1200217).
- smb3: do not set rc when used and unneeded in query_info_compound
(bsc#1200217).
- SMB3: EBADF/EIO errors in rename/open caused by race condition in
smb2_compound_op (bsc#1200217).
- smb3: fix incorrect session setup check for multiuser mounts
(bsc#1200217).
- smb3: fix ksmbd bigendian bug in oplock break, and move its struct to
smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: fix snapshot mount option (bsc#1200217).
- [smb3] improve error message when mount options conflict with posix
(bsc#1200217).
- smb3: move defines for ioctl protocol header and SMB2 sizes to
smbfs_common (bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: move defines for query info and query fsinfo to smbfs_common
(bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- [smb3] move more common protocol header definitions to smbfs_common
(bsc#1200217). [ ematsumiya: remove ksmbd parts ]
- smb3: send NTLMSSP version information (bsc#1200217).
- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe
(git-fixes).
- spi: Fix use-after-free with devm_spi_alloc_* (git-fixes).
- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer()
(git-fixes).
- sunvnet: use icmp_ndo_send helper (git-fixes).
- tty: goldfish: Fix free_irq() on remove (git-fixes).
- usb: chipidea: udc: check request status before setting device address
(git-fixes).
- usb: dwc2: Fix memory leak in dwc2_hcd_init (git-fixes).
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
(git-fixes).
- usb: gadget: u_ether: fix regression in setting fixed MAC address
(git-fixes).
- usbnet: fix memory allocation in helpers (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- USB: serial: option: add Quectel EM05-G modem (git-fixes).
- USB: serial: option: add Quectel RM500K module support (git-fixes).
- USB: serial: option: add support for Cinterion MV31 with new baseline
(git-fixes).
- USB: serial: option: add Telit LE910Cx 0x1250 composition (git-fixes).
- usb: xhci: Workaround for S3 issue on AMD SNPS 3.0 xHC (git-fixes).
- veth: fix races around rq->rx_notify_masked (git-fixes).
- virtio-mmio: fix missing put_device() when vm_cmdline_parent
registration failed (git-fixes).
- virtio-net: fix race between ndo_open() and virtio_device_ready()
(git-fixes).
- virtio_net: fix xdp_rxq_info bug after suspend/resume (git-fixes).
- virtio-pci: Remove wrong address verification in vp_del_vqs()
(git-fixes).
- vmxnet3: fix minimum vectors alloc issue (bsc#1199489).
- writeback: Avoid skipping inode writeback (bsc#1200813).
- writeback: Fix inode->i_io_list not be protected by inode->i_lock error
(bsc#1200821).
- xhci: Add reset resume quirk for AMD xhci controller (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2424=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
kernel-rt-5.3.18-150300.96.1
kernel-rt-debuginfo-5.3.18-150300.96.1
kernel-rt-debugsource-5.3.18-150300.96.1
References:
https://www.suse.com/security/cve/CVE-2021-26341.html
https://www.suse.com/security/cve/CVE-2021-4157.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-1679.html
https://www.suse.com/security/cve/CVE-2022-20132.html
https://www.suse.com/security/cve/CVE-2022-20154.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-29901.html
https://www.suse.com/security/cve/CVE-2022-33981.html
https://www.suse.com/security/cve/CVE-2022-34918.html
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1179195
https://bugzilla.suse.com/1180814
https://bugzilla.suse.com/1184924
https://bugzilla.suse.com/1185762
https://bugzilla.suse.com/1192761
https://bugzilla.suse.com/1193629
https://bugzilla.suse.com/1194013
https://bugzilla.suse.com/1195504
https://bugzilla.suse.com/1195775
https://bugzilla.suse.com/1196901
https://bugzilla.suse.com/1197362
https://bugzilla.suse.com/1197754
https://bugzilla.suse.com/1198020
https://bugzilla.suse.com/1198924
https://bugzilla.suse.com/1199482
https://bugzilla.suse.com/1199487
https://bugzilla.suse.com/1199489
https://bugzilla.suse.com/1199657
https://bugzilla.suse.com/1200217
https://bugzilla.suse.com/1200263
https://bugzilla.suse.com/1200343
https://bugzilla.suse.com/1200442
https://bugzilla.suse.com/1200571
https://bugzilla.suse.com/1200599
https://bugzilla.suse.com/1200600
https://bugzilla.suse.com/1200608
https://bugzilla.suse.com/1200619
https://bugzilla.suse.com/1200622
https://bugzilla.suse.com/1200692
https://bugzilla.suse.com/1200806
https://bugzilla.suse.com/1200807
https://bugzilla.suse.com/1200809
https://bugzilla.suse.com/1200810
https://bugzilla.suse.com/1200813
https://bugzilla.suse.com/1200816
https://bugzilla.suse.com/1200820
https://bugzilla.suse.com/1200821
https://bugzilla.suse.com/1200822
https://bugzilla.suse.com/1200825
https://bugzilla.suse.com/1200828
https://bugzilla.suse.com/1200829
https://bugzilla.suse.com/1200925
https://bugzilla.suse.com/1201050
https://bugzilla.suse.com/1201080
https://bugzilla.suse.com/1201143
https://bugzilla.suse.com/1201147
https://bugzilla.suse.com/1201149
https://bugzilla.suse.com/1201160
https://bugzilla.suse.com/1201171
https://bugzilla.suse.com/1201177
https://bugzilla.suse.com/1201193
https://bugzilla.suse.com/1201222
From sle-security-updates at lists.suse.com Thu Sep 1 15:03:01 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:03:01 +0200 (CEST)
Subject: SUSE-SU-2022:2892-2: important: Security update for the Linux Kernel
Message-ID: <20220901150301.5D9E4F746@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2892-2
Rating: important
References: #1178134 #1196616 #1196867 #1198829 #1199364
#1199647 #1199648 #1199665 #1199670 #1199695
#1200521 #1200598 #1200644 #1200651 #1200762
#1200910 #1201196 #1201206 #1201251 #1201381
#1201429 #1201442 #1201458 #1201635 #1201636
#1201644 #1201645 #1201664 #1201672 #1201673
#1201676 #1201742 #1201752 #1201846 #1201930
#1201940 #1201941 #1201954 #1201956 #1201958
#1202087 #1202154 #1202312 SLE-24559
Cross-References: CVE-2020-36516 CVE-2020-36557 CVE-2020-36558
CVE-2021-33655 CVE-2021-33656 CVE-2022-1116
CVE-2022-1462 CVE-2022-20166 CVE-2022-21505
CVE-2022-2318 CVE-2022-26365 CVE-2022-2639
CVE-2022-29581 CVE-2022-33740 CVE-2022-33741
CVE-2022-33742 CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 17 vulnerabilities, contains one
feature and has 26 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds
write in reserve_sfa_size() (bsc#1202154).
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the
mixed IPID assignment method (bnc#1196616).
- CVE-2022-36946: Fixed an incorrect packet trucation operation which
could lead to denial of service (bnc#1201940).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched
that could cause root privilege escalation (bnc#1199665).
- CVE-2022-20166: Fixed several possible memory safety issues due to
unsafe operations (bsc#1200598).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX which could
lead to a NULL pointer dereference and general protection fault
(bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl
and closing/opening of TTYs could lead to a use-after-free (bnc#1201429).
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy
(bsc#1201458).
- CVE-2021-33656: Fixed memory out of bounds write related to ioctl cmd
PIO_FONT (bnc#1201636).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
(bnc#1201635).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TTY subsystem
(bnc#1198829).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which
allowed a local attacker to cause memory corruption and escalate
privileges to root (bnc#1199647).
- CVE-2022-2318: Fixed a use-after-free vulnerability in the timer handler
in Rose subsystem that allowed unprivileged attackers to crash the
system (bsc#1201251).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
multiple potential data leaks with Block and Network devices when using
untrusted backends (bsc#1200762).
The following non-security bugs were fixed:
- Fix bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676 All
are reports of the same problem - the IBRS_* regs push/popping was wrong
but it needs 1b331eeea7b8 ("x86/entry: Remove skip_r11rcx") too.
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
(git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name
only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
(git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
(git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- Fixed a regression where smart batteries would not be detected on Mac
(bsc#1201206).
- Fixed an issue where qla2xxx would prevent nvme port discovery
(bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
(git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- Fix 1201644, 1201664, 1201672, 1201673, 1201676 All are reports of the
same problem - the IBRS_* regs push/popping was wrong but it needs
1b331eeea7b8 ("x86/entry: Remove skip_r11rcx") too.
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
(git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access
exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val
(git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs
(git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
(git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request
(git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
(git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error
(git-fixes).
- PCI/portdrv: Do not disable AER reporting in
get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
(git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
(git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless
comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: asm: Add new-style position independent function annotations
(git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return
(git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
(git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA
(git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled
(git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
(git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
(git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes
(git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
(git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature
(bsc#1199364).
- bpf: enable BPF type format (BTF) (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
(git-fixes).
- can: m_can: process interrupt only when not runtime suspended
(git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the
(git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in
dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
(git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable "recalculate" feature (git-fixes).
- dm integrity: fix a crash if "recalculate" used without "internal_hash"
(git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest
size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too
(git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload
sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size
(git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots
(git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
(git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
(git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
(git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled
(git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()
failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
(git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
(git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state()
(git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
(git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges
(git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync
during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
(bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer
(bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large
(git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement
(git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kvm/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
(git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down
(git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device
(git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle
(git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod
(git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()
(git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
(git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
(git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes
(mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
(git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle
(git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
(git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK
RQs (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of
the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning
(git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP
(git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
(git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
(git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock
(git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets
(git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware
(git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is
running (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe()
(git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
(git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test
(git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
(git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret
(git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
(git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
(git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846
ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions
(git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
(git-fixes).
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes
(sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state()
(git fixes (sched/membarrier)).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to
RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
(git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
(git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
(bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
(bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
(bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error
(git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource()
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
(git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes
(kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
(git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
(git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/entry: Remove skip_r11rcx (bsc#1201644).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
(bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2892=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
kernel-rt-5.3.18-150300.99.1
kernel-rt-debuginfo-5.3.18-150300.99.1
kernel-rt-debugsource-5.3.18-150300.99.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2020-36557.html
https://www.suse.com/security/cve/CVE-2020-36558.html
https://www.suse.com/security/cve/CVE-2021-33655.html
https://www.suse.com/security/cve/CVE-2021-33656.html
https://www.suse.com/security/cve/CVE-2022-1116.html
https://www.suse.com/security/cve/CVE-2022-1462.html
https://www.suse.com/security/cve/CVE-2022-20166.html
https://www.suse.com/security/cve/CVE-2022-21505.html
https://www.suse.com/security/cve/CVE-2022-2318.html
https://www.suse.com/security/cve/CVE-2022-26365.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-33740.html
https://www.suse.com/security/cve/CVE-2022-33741.html
https://www.suse.com/security/cve/CVE-2022-33742.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1198829
https://bugzilla.suse.com/1199364
https://bugzilla.suse.com/1199647
https://bugzilla.suse.com/1199648
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200521
https://bugzilla.suse.com/1200598
https://bugzilla.suse.com/1200644
https://bugzilla.suse.com/1200651
https://bugzilla.suse.com/1200762
https://bugzilla.suse.com/1200910
https://bugzilla.suse.com/1201196
https://bugzilla.suse.com/1201206
https://bugzilla.suse.com/1201251
https://bugzilla.suse.com/1201381
https://bugzilla.suse.com/1201429
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201458
https://bugzilla.suse.com/1201635
https://bugzilla.suse.com/1201636
https://bugzilla.suse.com/1201644
https://bugzilla.suse.com/1201645
https://bugzilla.suse.com/1201664
https://bugzilla.suse.com/1201672
https://bugzilla.suse.com/1201673
https://bugzilla.suse.com/1201676
https://bugzilla.suse.com/1201742
https://bugzilla.suse.com/1201752
https://bugzilla.suse.com/1201846
https://bugzilla.suse.com/1201930
https://bugzilla.suse.com/1201940
https://bugzilla.suse.com/1201941
https://bugzilla.suse.com/1201954
https://bugzilla.suse.com/1201956
https://bugzilla.suse.com/1201958
https://bugzilla.suse.com/1202087
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202312
From sle-security-updates at lists.suse.com Thu Sep 1 15:06:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:06:58 +0200 (CEST)
Subject: SUSE-SU-2022:2881-2: important: Security update for spice
Message-ID: <20220901150658.37854F746@maintenance.suse.de>
SUSE Security Update: Security update for spice
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2881-2
Rating: important
References: #1181686
Cross-References: CVE-2021-20201
CVSS scores:
CVE-2021-20201 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2021-20201 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for spice fixes the following issues:
- CVE-2021-20201: Fixed an issue which could allow clients to cause a
denial of service by repeatedly renegotiating a connection (bsc#1181686).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2881=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libspice-server1-0.14.3-150300.3.3.1
libspice-server1-debuginfo-0.14.3-150300.3.3.1
spice-debugsource-0.14.3-150300.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-20201.html
https://bugzilla.suse.com/1181686
From sle-security-updates at lists.suse.com Thu Sep 1 15:07:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:07:30 +0200 (CEST)
Subject: SUSE-SU-2022:2866-2: moderate: Security update for
systemd-presets-common-SUSE
Message-ID: <20220901150730.63CD7F746@maintenance.suse.de>
SUSE Security Update: Security update for systemd-presets-common-SUSE
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2866-2
Rating: moderate
References: #1199524 #1200485
Cross-References: CVE-2022-1706
CVSS scores:
CVE-2022-1706 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1706 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in
VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE not
enabling new user systemd service preset configuration just as it
handles system service presets. By passing an (optional) second
parameter "user", the save/apply-changes commands now work with user
services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default in
SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2866=1
Package List:
- openSUSE Leap Micro 5.2 (noarch):
systemd-presets-common-SUSE-15-150100.8.17.1
References:
https://www.suse.com/security/cve/CVE-2022-1706.html
https://bugzilla.suse.com/1199524
https://bugzilla.suse.com/1200485
From sle-security-updates at lists.suse.com Thu Sep 1 15:08:44 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:08:44 +0200 (CEST)
Subject: SUSE-SU-2022:2586-2: important: Security update for ldb, samba
Message-ID: <20220901150844.01801F746@maintenance.suse.de>
SUSE Security Update: Security update for ldb, samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2586-2
Rating: important
References: #1196224 #1198255 #1199247 #1199734 #1200556
#1200964 #1201490 #1201492 #1201493 #1201495
#1201496
Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744
CVE-2022-32745 CVE-2022-32746
CVSS scores:
CVE-2022-2031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2031 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-32744 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32745 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
CVE-2022-32746 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 5 vulnerabilities and has 6 fixes is
now available.
Description:
This update for ldb, samba fixes the following issues:
- CVE-2022-32746: Fixed a use-after-free occurring in database audit
logging (bsc#1201490).
- CVE-2022-32745: Fixed a remote server crash with an LDAP add or modify
request (bsc#1201492).
- CVE-2022-2031: Fixed AD restrictions bypass associated with changing
passwords (bsc#1201495).
- CVE-2022-32742: Fixed a memory leak in SMB1 (bsc#1201496).
- CVE-2022-32744: Fixed an arbitrary password change request for any AD
user (bsc#1201493).
The following security bugs were fixed:
samba was updated to 4.15.8:
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had
been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted server;
(bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python 3.11;
(bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python 3.11;
(bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package samba-client-libs
and remove samba-libs requirement from samba-winbind; (bsc#1200964);
(bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);
- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).
ldb was updated to version 2.4.3
* Fix build problems, waf produces incorrect names for python extensions;
(bso#15071);
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2586=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
ldb-debugsource-2.4.3-150300.3.20.1
libldb2-2.4.3-150300.3.20.1
libldb2-debuginfo-2.4.3-150300.3.20.1
samba-client-libs-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-client-libs-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debuginfo-4.15.8+git.500.d5910280cc7-150300.3.37.1
samba-debugsource-4.15.8+git.500.d5910280cc7-150300.3.37.1
References:
https://www.suse.com/security/cve/CVE-2022-2031.html
https://www.suse.com/security/cve/CVE-2022-32742.html
https://www.suse.com/security/cve/CVE-2022-32744.html
https://www.suse.com/security/cve/CVE-2022-32745.html
https://www.suse.com/security/cve/CVE-2022-32746.html
https://bugzilla.suse.com/1196224
https://bugzilla.suse.com/1198255
https://bugzilla.suse.com/1199247
https://bugzilla.suse.com/1199734
https://bugzilla.suse.com/1200556
https://bugzilla.suse.com/1200964
https://bugzilla.suse.com/1201490
https://bugzilla.suse.com/1201492
https://bugzilla.suse.com/1201493
https://bugzilla.suse.com/1201495
https://bugzilla.suse.com/1201496
From sle-security-updates at lists.suse.com Thu Sep 1 15:10:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:10:05 +0200 (CEST)
Subject: SUSE-SU-2022:2647-2: Security update for tiff
Message-ID: <20220901151005.C4B92F3D4@maintenance.suse.de>
SUSE Security Update: Security update for tiff
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2647-2
Rating: low
References: #1201174 #1201175 #1201176
Cross-References: CVE-2022-2056 CVE-2022-2057 CVE-2022-2058
CVSS scores:
CVE-2022-2056 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2056 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2057 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2057 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2058 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2058 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for tiff fixes the following issues:
- CVE-2022-2056: Fixed a division by zero denial of service (bsc#1201176).
- CVE-2022-2057: Fixed a division by zero denial of service (bsc#1201175).
- CVE-2022-2058: Fixed a division by zero denial of service (bsc#1201174).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2647=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libtiff5-4.0.9-150000.45.11.1
libtiff5-debuginfo-4.0.9-150000.45.11.1
tiff-debuginfo-4.0.9-150000.45.11.1
tiff-debugsource-4.0.9-150000.45.11.1
References:
https://www.suse.com/security/cve/CVE-2022-2056.html
https://www.suse.com/security/cve/CVE-2022-2057.html
https://www.suse.com/security/cve/CVE-2022-2058.html
https://bugzilla.suse.com/1201174
https://bugzilla.suse.com/1201175
https://bugzilla.suse.com/1201176
From sle-security-updates at lists.suse.com Thu Sep 1 15:10:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:10:45 +0200 (CEST)
Subject: SUSE-SU-2022:2717-2: moderate: Security update for ncurses
Message-ID: <20220901151045.BC830F3D4@maintenance.suse.de>
SUSE Security Update: Security update for ncurses
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2717-2
Rating: moderate
References: #1198627
Cross-References: CVE-2022-29458
CVSS scores:
CVE-2022-29458 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2022-29458 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings
in tinfo/read_entry.c (bsc#1198627).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2717=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libncurses6-6.1-150000.5.12.1
libncurses6-debuginfo-6.1-150000.5.12.1
ncurses-debugsource-6.1-150000.5.12.1
ncurses-utils-6.1-150000.5.12.1
ncurses-utils-debuginfo-6.1-150000.5.12.1
terminfo-6.1-150000.5.12.1
terminfo-base-6.1-150000.5.12.1
References:
https://www.suse.com/security/cve/CVE-2022-29458.html
https://bugzilla.suse.com/1198627
From sle-security-updates at lists.suse.com Thu Sep 1 15:11:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:11:57 +0200 (CEST)
Subject: SUSE-SU-2022:2533-2: important: Security update for mozilla-nss
Message-ID: <20220901151157.C65EAF3D4@maintenance.suse.de>
SUSE Security Update: Security update for mozilla-nss
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2533-2
Rating: important
References: #1192079 #1192080 #1192086 #1192087 #1192228
#1198486 #1200027
Cross-References: CVE-2022-31741
CVSS scores:
CVE-2022-31741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update for mozilla-nss fixes the following issues:
Various FIPS 140-3 related fixes were backported from SUSE Linux
Enterprise 15 SP4:
- Makes the PBKDF known answer test compliant with NIST SP800-132.
(bsc#1192079).
- FIPS: Add on-demand integrity tests through
sftk_FIPSRepeatIntegrityCheck() (bsc#1198980).
- FIPS: mark algorithms as approved/non-approved according to security
policy (bsc#1191546, bsc#1201298).
- FIPS: remove hard disabling of unapproved algorithms. This requirement
is now fulfilled by the service level indicator (bsc#1200325).
- Run test suite at build time, and make it pass (bsc#1198486).
- FIPS: skip algorithms that are hard disabled in FIPS mode.
- Prevent expired PayPalEE cert from failing the tests.
- Allow checksumming to be disabled, but only if we entered FIPS mode due
to NSS_FIPS being set, not if it came from /proc.
- FIPS: Make the PBKDF known answer test compliant with NIST SP800-132.
- Update FIPS validation string to version-release format.
- FIPS: remove XCBC MAC from list of FIPS approved algorithms.
- Enable NSS_ENABLE_FIPS_INDICATORS and set NSS_FIPS_MODULE_ID for build.
- FIPS: claim 3DES unapproved in FIPS mode (bsc#1192080).
- FIPS: allow testing of unapproved algorithms (bsc#1192228).
- FIPS: add version indicators. (bmo#1729550, bsc#1192086).
- FIPS: fix some secret clearing (bmo#1697303, bsc#1192087).
Version update to NSS 3.79:
- Use PK11_GetSlotInfo instead of raw C_GetSlotInfo calls.
- Update mercurial in clang-format docker image.
- Use of uninitialized pointer in lg_init after alloc fail.
- selfserv and tstclnt should use PR_GetPrefLoopbackAddrInfo.
- Add SECMOD_LockedModuleHasRemovableSlots.
- Fix secasn1d parsing of indefinite SEQUENCE inside indefinite GROUP.
- Added RFC8422 compliant TLS <= 1.2 undefined/compressed ECPointFormat
extension alerts.
- TLS 1.3 Server: Send protocol_version alert on unsupported
ClientHello.legacy_version.
- Correct invalid record inner and outer content type alerts.
- NSS does not properly import or export pkcs12 files with large passwords
and pkcs5v2 encoding.
- improve error handling after nssCKFWInstance_CreateObjectHandle.
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple.
- NSS 3.79 should depend on NSPR 4.34
Version update to NSS 3.78.1:
- Initialize pointers passed to NSS_CMSDigestContext_FinishMultiple
Version update to NSS 3.78:
- Added TLS 1.3 zero-length inner plaintext checks and tests, zero-length
record/fragment handling tests.
- Reworked overlong record size checks and added TLS1.3 specific
boundaries.
- Add ECH Grease Support to tstclnt
- Add a strict variant of moz::pkix::CheckCertHostname.
- Change SSL_REUSE_SERVER_ECDHE_KEY default to false.
- Make SEC_PKCS12EnableCipher succeed
- Update zlib in NSS to 1.2.12.
Version update to NSS 3.77:
- Fix link to TLS page on wireshark wiki
- Add two D-TRUST 2020 root certificates.
- Add Telia Root CA v2 root certificate.
- Remove expired explicitly distrusted certificates from certdata.txt.
- support specific RSA-PSS parameters in mozilla::pkix
- Remove obsolete stateEnd check in SEC_ASN1DecoderUpdate.
- Remove token member from NSSSlot struct.
- Provide secure variants of mpp_pprime and mpp_make_prime.
- Support UTF-8 library path in the module spec string.
- Update nssUTF8_Length to RFC 3629 and fix buffer overrun.
- Update googletest to 1.11.0
- Add SetTls13GreaseEchSize to experimental API.
- TLS 1.3 Illegal legacy_version handling/alerts.
- Fix calculation of ECH HRR Transcript.
- Allow ld path to be set as environment variable.
- Ensure we don't read uninitialized memory in ssl gtests.
- Fix DataBuffer Move Assignment.
- internal_error alert on Certificate Request with sha1+ecdsa in TLS 1.3
- rework signature verification in mozilla::pkix
Version update to NSS 3.76.1
- Remove token member from NSSSlot struct.
- Hold tokensLock through nssToken_GetSlot calls in
nssTrustDomain_GetActiveSlots.
- Check return value of PK11Slot_GetNSSToken.
- Use Wycheproof JSON for RSASSA-PSS
- Add SHA256 fingerprint comments to old certdata.txt entries.
- Avoid truncating files in nss-release-helper.py.
- Throw illegal_parameter alert for illegal extensions in handshake
message.
Version update to NSS 3.75
- Make DottedOIDToCode.py compatible with python3.
- Avoid undefined shift in SSL_CERT_IS while fuzzing.
- Remove redundant key type check.
- Update ABI expectations to match ECH changes.
- Enable CKM_CHACHA20.
- check return on NSS_NoDB_Init and NSS_Shutdown.
- Run ECDSA test vectors from bltest as part of the CI tests.
- Add ECDSA test vectors to the bltest command line tool.
- Allow to build using clang's integrated assembler.
- Allow to override python for the build.
- test HKDF output rather than input.
- Use ASSERT macros to end failed tests early.
- move assignment operator for DataBuffer.
- Add test cases for ECH compression and unexpected extensions in SH.
- Update tests for ECH-13.
- Tidy up error handling.
- Add tests for ECH HRR Changes.
- Server only sends GREASE HRR extension if enabled by preference.
- Update generation of the Associated Data for ECH-13.
- When ECH is accepted, reject extensions which were only advertised in
the Outer Client Hello.
- Allow for compressed, non-contiguous, extensions.
- Scramble the PSK extension in CHOuter.
- Split custom extension handling for ECH.
- Add ECH-13 HRR Handling.
- Client side ECH padding.
- Stricter ClientHelloInner Decompression.
- Remove ECH_inner extension, use new enum format.
- Update the version number for ECH-13 and adjust the ECHConfig size.
Version update to NSS 3.74
- mozilla::pkix: support SHA-2 hashes in CertIDs in OCSP responses
- Ensure clients offer consistent ciphersuites after HRR
- NSS does not properly restrict server keys based on policy
- Set nssckbi version number to 2.54
- Replace Google Trust Services LLC (GTS) R4 root certificate
- Replace Google Trust Services LLC (GTS) R3 root certificate
- Replace Google Trust Services LLC (GTS) R2 root certificate
- Replace Google Trust Services LLC (GTS) R1 root certificate
- Replace GlobalSign ECC Root CA R4
- Remove Expired Root Certificates - DST Root CA X3
- Remove Expiring Cybertrust Global Root and GlobalSign root certificates
- Add renewed Autoridad de Certificacion Firmaprofesional CIF A62634068
root certificate
- Add iTrusChina ECC root certificate
- Add iTrusChina RSA root certificate
- Add ISRG Root X2 root certificate
- Add Chunghwa Telecom's HiPKI Root CA - G1 root certificate
- Avoid a clang 13 unused variable warning in opt build
- Check for missing signedData field
- Ensure DER encoded signatures are within size limits
- enable key logging option (boo#1195040)
Version update to NSS 3.73.1:
- Add SHA-2 support to mozilla::pkix's OSCP implementation
Version update to NSS 3.73
- check for missing signedData field.
- Ensure DER encoded signatures are within size limits.
- NSS needs FiPS 140-3 version indicators.
- pkix_CacheCert_Lookup doesn't return cached certs
- sunset Coverity from NSS
Fixed MFSA 2021-51 (bsc#1193170) CVE-2021-43527: Memory corruption via
DER-encoded DSA and RSA-PSS signatures
Version update to NSS 3.72
- Fix nsinstall parallel failure.
- Increase KDF cache size to mitigate perf regression in about:logins
Version update to NSS 3.71
- Set nssckbi version number to 2.52.
- Respect server requirements of
tlsfuzzer/test-tls13-signature-algorithms.py
- Import of PKCS#12 files with Camellia encryption is not supported
- Add HARICA Client ECC Root CA 2021.
- Add HARICA Client RSA Root CA 2021.
- Add HARICA TLS ECC Root CA 2021.
- Add HARICA TLS RSA Root CA 2021.
- Add TunTrust Root CA certificate to NSS.
Version update to NSS 3.70
- Update test case to verify fix.
- Explicitly disable downgrade check in
TlsConnectStreamTls13.EchOuterWith12Max
- Explicitly disable downgrade check in
TlsConnectTest.DisableFalseStartOnFallback
- Avoid using a lookup table in nssb64d.
- Use HW accelerated SHA2 on AArch64 Big Endian.
- Change default value of enableHelloDowngradeCheck to true.
- Cache additional PBE entries.
- Read HPKE vectors from official JSON.
Version update to NSS 3.69.1:
- Disable DTLS 1.0 and 1.1 by default
- integrity checks in key4.db not happening on private components with
AES_CBC
NSS 3.69:
- Disable DTLS 1.0 and 1.1 by default (backed out again)
- integrity checks in key4.db not happening on private components with
AES_CBC (backed out again)
- SSL handling of signature algorithms ignores environmental invalid
algorithms.
- sqlite 3.34 changed it's open semantics, causing nss failures.
- Gtest update changed the gtest reports, losing gtest details in all.sh
reports.
- NSS incorrectly accepting 1536 bit DH primes in FIPS mode
- SQLite calls could timeout in starvation situations.
- Coverity/cpp scanner errors found in nss 3.67
- Import the NSS documentation from MDN in nss/doc.
- NSS using a tempdir to measure sql performance not active
Version Update to 3.68.4 (bsc#1200027)
- CVE-2022-31741: Initialize pointers passed to
NSS_CMSDigestContext_FinishMultiple. (bmo#1767590)
Mozilla NSPR was updated to version 4.34:
* add an API that returns a preferred loopback IP on hosts that have two
IP stacks available.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2533=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libfreebl3-3.79-150000.3.74.1
libfreebl3-debuginfo-3.79-150000.3.74.1
libfreebl3-hmac-3.79-150000.3.74.1
libsoftokn3-3.79-150000.3.74.1
libsoftokn3-debuginfo-3.79-150000.3.74.1
libsoftokn3-hmac-3.79-150000.3.74.1
mozilla-nspr-4.34-150000.3.23.1
mozilla-nspr-debuginfo-4.34-150000.3.23.1
mozilla-nspr-debugsource-4.34-150000.3.23.1
mozilla-nss-3.79-150000.3.74.1
mozilla-nss-certs-3.79-150000.3.74.1
mozilla-nss-certs-debuginfo-3.79-150000.3.74.1
mozilla-nss-debuginfo-3.79-150000.3.74.1
mozilla-nss-debugsource-3.79-150000.3.74.1
mozilla-nss-tools-3.79-150000.3.74.1
mozilla-nss-tools-debuginfo-3.79-150000.3.74.1
References:
https://www.suse.com/security/cve/CVE-2022-31741.html
https://bugzilla.suse.com/1192079
https://bugzilla.suse.com/1192080
https://bugzilla.suse.com/1192086
https://bugzilla.suse.com/1192087
https://bugzilla.suse.com/1192228
https://bugzilla.suse.com/1198486
https://bugzilla.suse.com/1200027
From sle-security-updates at lists.suse.com Thu Sep 1 15:14:09 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:14:09 +0200 (CEST)
Subject: SUSE-SU-2022:2178-2: important: Security update for salt
Message-ID: <20220901151409.DCAC8F3D4@maintenance.suse.de>
SUSE Security Update: Security update for salt
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2178-2
Rating: important
References: #1200566
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for salt fixes the following issues:
- CVE-2022-22967: Fixed missing check for PAM_ACCT_MGM return value that
could be used to bypass PAM authentication (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2178=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
python3-salt-3004-150300.53.24.1
salt-3004-150300.53.24.1
salt-minion-3004-150300.53.24.1
salt-transactional-update-3004-150300.53.24.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1200566
From sle-security-updates at lists.suse.com Thu Sep 1 15:15:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:15:10 +0200 (CEST)
Subject: SUSE-SU-2022:2960-2: moderate: Security update for ucode-intel
Message-ID: <20220901151510.E9CB4F3D4@maintenance.suse.de>
SUSE Security Update: Security update for ucode-intel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2960-2
Rating: moderate
References: #1201727
Cross-References: CVE-2022-21233
CVSS scores:
CVE-2022-21233 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21233 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ucode-intel fixes the following issues:
Updated to Intel CPU Microcode 20220809 release (bsc#1201727):
- CVE-2022-21233: Fixed an issue where stale data may have been leaked
from the legacy xAPIC MMIO region, which could be used to compromise an
SGX enclave (INTEL-SA-00657). See also:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-0
0657.html
Other fixes:
- Update for functional issues. See also:
https://www.intel.com/content/www/us/en/processors/xeon/scalable/xeon-scala
ble-spec-update.html?wapkw=processor+specification+update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver |
Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| SKX-SP | B1 | 06-55-03/97 | 0100015d | 0100015e | Xeon
Scalable | SKX-SP | H0/M0/U0 | 06-55-04/b7 | 02006d05 | 02006e05 |
Xeon Scalable | SKX-D | M1 | 06-55-04/b7 | 02006d05 |
02006e05 | Xeon D-21xx | ICX-SP | D0 | 06-6a-06/87 |
0d000363 | 0d000375 | Xeon Scalable Gen3 | GLK | B0 |
06-7a-01/01 | 0000003a | 0000003c | Pentium Silver N/J5xxx, Celeron
N/J4xxx | GLK-R | R0 | 06-7a-08/01 | 0000001e | 00000020 |
Pentium J5040/N5030, Celeron J4125/J4025/N4020/N4120 | ICL-U/Y |
D1 | 06-7e-05/80 | 000000b0 | 000000b2 | Core Gen10 Mobile |
TGL-R | C0 | 06-8c-02/c2 | 00000026 | 00000028 | Core Gen11
Mobile | TGL-H | R0 | 06-8d-01/c2 | 0000003e | 00000040 |
Core Gen11 Mobile | RKL-S | B0 | 06-a7-01/02 | 00000053 |
00000054 | Core Gen11 | ADL | C0 | 06-97-02/03 | 0000001f
| 00000022 | Core Gen12 | ADL | C0 | 06-97-05/03 |
0000001f | 00000022 | Core Gen12 | ADL | L0 | 06-9a-03/80
| 0000041c | 00000421 | Core Gen12 | ADL | L0 |
06-9a-04/80 | 0000041c | 00000421 | Core Gen12 | ADL | C0
| 06-bf-02/03 | 0000001f | 00000022 | Core Gen12 | ADL |
C0 | 06-bf-05/03 | 0000001f | 00000022 | Core Gen12
------------------------------------------------------------------
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2960=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
ucode-intel-20220809-150200.18.1
References:
https://www.suse.com/security/cve/CVE-2022-21233.html
https://bugzilla.suse.com/1201727
From sle-security-updates at lists.suse.com Thu Sep 1 15:15:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:15:46 +0200 (CEST)
Subject: SUSE-SU-2022:2986-1: important: Security update for open-vm-tools
Message-ID: <20220901151546.65CDCF3D4@maintenance.suse.de>
SUSE Security Update: Security update for open-vm-tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2986-1
Rating: important
References: #1202657
Cross-References: CVE-2022-31676
CVSS scores:
CVE-2022-31676 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31676 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for open-vm-tools fixes the following issues:
- CVE-2022-31676: Fixed an issue that could allow unprivileged users
inside a virtual machine to escalate privileges (bsc#1202657).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2986=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2986=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2986=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2986=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2986=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2986=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
- SUSE Enterprise Storage 6 (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
- SUSE CaaS Platform 4.0 (x86_64):
libvmtools-devel-11.3.5-150100.4.37.13.1
libvmtools0-11.3.5-150100.4.37.13.1
libvmtools0-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-11.3.5-150100.4.37.13.1
open-vm-tools-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-debugsource-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-11.3.5-150100.4.37.13.1
open-vm-tools-desktop-debuginfo-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-11.3.5-150100.4.37.13.1
open-vm-tools-sdmp-debuginfo-11.3.5-150100.4.37.13.1
References:
https://www.suse.com/security/cve/CVE-2022-31676.html
https://bugzilla.suse.com/1202657
From sle-security-updates at lists.suse.com Thu Sep 1 15:16:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:16:59 +0200 (CEST)
Subject: SUSE-SU-2022:2251-2: moderate: Security update for openssl-1_1
Message-ID: <20220901151659.0E2AAF3D4@maintenance.suse.de>
SUSE Security Update: Security update for openssl-1_1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2251-2
Rating: moderate
References: #1185637 #1199166 #1200550
Cross-References: CVE-2022-1292 CVE-2022-2068
CVSS scores:
CVE-2022-1292 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1292 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2068 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2068 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash.
(bsc#1200550)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2251=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libopenssl-1_1-devel-1.1.1d-150200.11.48.1
libopenssl1_1-1.1.1d-150200.11.48.1
libopenssl1_1-debuginfo-1.1.1d-150200.11.48.1
libopenssl1_1-hmac-1.1.1d-150200.11.48.1
openssl-1_1-1.1.1d-150200.11.48.1
openssl-1_1-debuginfo-1.1.1d-150200.11.48.1
openssl-1_1-debugsource-1.1.1d-150200.11.48.1
References:
https://www.suse.com/security/cve/CVE-2022-1292.html
https://www.suse.com/security/cve/CVE-2022-2068.html
https://bugzilla.suse.com/1185637
https://bugzilla.suse.com/1199166
https://bugzilla.suse.com/1200550
From sle-security-updates at lists.suse.com Thu Sep 1 15:19:04 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:19:04 +0200 (CEST)
Subject: SUSE-SU-2022:2984-1: important: Security update for MozillaFirefox
Message-ID: <20220901151904.18361F3D4@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2984-1
Rating: important
References: #1202645
Cross-References: CVE-2022-38472 CVE-2022-38473 CVE-2022-38478
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error
handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could
inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2984=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2984=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2984=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2984=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2984=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2984=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2984=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2984=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2984=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2984=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
- SUSE CaaS Platform 4.0 (x86_64):
MozillaFirefox-91.13.0-150000.150.53.1
MozillaFirefox-debuginfo-91.13.0-150000.150.53.1
MozillaFirefox-debugsource-91.13.0-150000.150.53.1
MozillaFirefox-devel-91.13.0-150000.150.53.1
MozillaFirefox-translations-common-91.13.0-150000.150.53.1
MozillaFirefox-translations-other-91.13.0-150000.150.53.1
References:
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://bugzilla.suse.com/1202645
From sle-security-updates at lists.suse.com Thu Sep 1 15:21:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:21:47 +0200 (CEST)
Subject: SUSE-SU-2022:2875-2: important: Security update for the Linux Kernel
Message-ID: <20220901152147.EDAA7F3D4@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2875-2
Rating: important
References: #1178134 #1196616 #1198829 #1199364 #1199647
#1199665 #1199670 #1200015 #1200521 #1200598
#1200644 #1200651 #1200762 #1200910 #1201196
#1201206 #1201251 #1201381 #1201429 #1201442
#1201458 #1201635 #1201636 #1201644 #1201645
#1201664 #1201672 #1201673 #1201676 #1201846
#1201930 #1201940 #1201954 #1201956 #1201958
#1202154 SLE-24559
Cross-References: CVE-2020-36516 CVE-2020-36557 CVE-2020-36558
CVE-2021-33655 CVE-2021-33656 CVE-2022-1116
CVE-2022-1462 CVE-2022-20166 CVE-2022-21505
CVE-2022-2318 CVE-2022-26365 CVE-2022-2639
CVE-2022-29581 CVE-2022-32250 CVE-2022-33740
CVE-2022-33741 CVE-2022-33742 CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33655 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-33656 (SUSE): 6.3 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1462 (NVD) : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1462 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-21505 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2318 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-26365 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-26365 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-33740 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33740 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33741 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33741 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-33742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2022-33742 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 18 vulnerabilities, contains one
feature and has 18 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the
mixed IPID assignment method (bnc#1196616).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl
and closing/opening of ttys that could lead to a use-after-free
(bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could
lead to a NULL pointer dereference and general protection fault
(bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO
(bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT
(bnc#1201636).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which
allowed a local attacker to cause memory corruption and escalate
privileges to root (bnc#1199647).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe
subsystem (bnc#1198829).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer
handler in net/rose/rose_timer.c that allow attackers to crash the
system without any privileges (bsc#1201251).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds
write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf
unsafety that could cause local escalation of privilege (bnc#1200598)
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy
(bsc#1201458).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed
multiple potential data leaks with Block and Network devices when using
untrusted backends (bsc#1200762).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched
that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c
that could allow local privilege escalation (bnc#1200015).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that
could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
(git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name
only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model
(git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221
(git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671
(git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array
(git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in
skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control
(git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR
(git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA
(git-fixes).
- Fixed a system crash related to the recent RETBLEED mitigation
(bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- Fixed battery detection problem on macbooks (bnc#1201206).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs
(git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access
exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val
(git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines
(bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs
(git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1
(git-fixes).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in
intel_pmu_refresh() (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request
(git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks
(git-fixes).
- KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is
adjusted (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error
(git-fixes).
- PCI/portdrv: Do not disable AER reporting in
get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
(git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier()
(git-fixes).
- Sort in RETbleed backport into the sorted section Now that it is
upstream..
- USB: Follow-up to SPDX identifiers addition - remove now useless
comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- amd-xgbe: Update DMA coherency values (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of
(git-fixes)
- arm64: asm: Add new-style position independent function annotations
(git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return
(git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function
(git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA
(git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled
(git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing
(git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN
(git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes
(git-fixes).
- block: do not delete queue kobject before its children (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit
(git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature
(bsc#1199364).
- bpf: Add config to allow loading modules with BTF mismatches
(jsc#SLE-24559).
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- bpf: Assign ID to vmlinux BTF and return extra info for BTF in
GET_OBJ_INFO (jsc#SLE-24559).
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
(git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- config: enable DEBUG_INFO_BTF This option allows users to access the btf
type information for vmlinux but not kernel modules.
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the
(git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in
dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc()
(git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable "recalculate" feature (git-fixes).
- dm integrity: fix a crash if "recalculate" used without "internal_hash"
(git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest
size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too
(git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload
sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size
(git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots
(git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block()
(git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly
(git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate
(git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate
(git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled
(git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()
failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector()
(git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
(git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on
panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state()
(git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
(git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges
(git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync
during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values
(bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer
(bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be
unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large
(git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement
(git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports
it (jsc#SLE-24559).
- kbuild: Skip module BTF generation for out-of-tree external modules
(jsc#SLE-24559).
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild
(jsc#SLE-24559).
- kbuild: rebuild modules when module linker scripts are updated
(jsc#SLE-24559).
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- kbuild: split final module linking out into Makefile.modfinal
(jsc#SLE-24559).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check
(git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down
(git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device
(git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in
detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle
(git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod
(git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device()
(git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll
(git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
(git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer
(git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/slub: add missing TID updates on slab deactivation (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes
(mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
(git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle
(git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
(git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine
(bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK
RQs (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of
the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning
(git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP
(git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout
(git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE
(git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock
(git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets
(git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware
(git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe()
(git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10
(git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test
(git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing
(git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret
(git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr
(git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe
(git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846
ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM
(bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846
ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651
bsc#1200644 bsc#1201954 bsc#1201958).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions
(git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
(git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer
Dwarves 1.22 or newer is required to build kernels with BTF information
embedded in modules.
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes
(sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state()
(git fixes (sched/membarrier)).
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from
SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to
RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released
(git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error
(git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
(bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
(bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
(bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in
resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error
(git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource()
(git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry
(git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes
(kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
(git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
(git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue
(bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors
(git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2875=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kernel-default-5.3.18-150300.59.90.1
kernel-default-base-5.3.18-150300.59.90.1.150300.18.52.1
kernel-default-debuginfo-5.3.18-150300.59.90.1
kernel-default-debugsource-5.3.18-150300.59.90.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2020-36557.html
https://www.suse.com/security/cve/CVE-2020-36558.html
https://www.suse.com/security/cve/CVE-2021-33655.html
https://www.suse.com/security/cve/CVE-2021-33656.html
https://www.suse.com/security/cve/CVE-2022-1116.html
https://www.suse.com/security/cve/CVE-2022-1462.html
https://www.suse.com/security/cve/CVE-2022-20166.html
https://www.suse.com/security/cve/CVE-2022-21505.html
https://www.suse.com/security/cve/CVE-2022-2318.html
https://www.suse.com/security/cve/CVE-2022-26365.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://www.suse.com/security/cve/CVE-2022-33740.html
https://www.suse.com/security/cve/CVE-2022-33741.html
https://www.suse.com/security/cve/CVE-2022-33742.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1178134
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1198829
https://bugzilla.suse.com/1199364
https://bugzilla.suse.com/1199647
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1200015
https://bugzilla.suse.com/1200521
https://bugzilla.suse.com/1200598
https://bugzilla.suse.com/1200644
https://bugzilla.suse.com/1200651
https://bugzilla.suse.com/1200762
https://bugzilla.suse.com/1200910
https://bugzilla.suse.com/1201196
https://bugzilla.suse.com/1201206
https://bugzilla.suse.com/1201251
https://bugzilla.suse.com/1201381
https://bugzilla.suse.com/1201429
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201458
https://bugzilla.suse.com/1201635
https://bugzilla.suse.com/1201636
https://bugzilla.suse.com/1201644
https://bugzilla.suse.com/1201645
https://bugzilla.suse.com/1201664
https://bugzilla.suse.com/1201672
https://bugzilla.suse.com/1201673
https://bugzilla.suse.com/1201676
https://bugzilla.suse.com/1201846
https://bugzilla.suse.com/1201930
https://bugzilla.suse.com/1201940
https://bugzilla.suse.com/1201954
https://bugzilla.suse.com/1201956
https://bugzilla.suse.com/1201958
https://bugzilla.suse.com/1202154
From sle-security-updates at lists.suse.com Thu Sep 1 15:25:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:25:58 +0200 (CEST)
Subject: SUSE-SU-2022:2987-1: important: Security update for postgresql13
Message-ID: <20220901152558.7D550F3D4@maintenance.suse.de>
SUSE Security Update: Security update for postgresql13
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2987-1
Rating: important
References: #1198166 #1202368
Cross-References: CVE-2022-2625
CVSS scores:
CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for postgresql13 fixes the following issues:
- Update to 13.8:
- CVE-2022-2625: Fixed an issue where extension scripts would replace
objects not belonging to that extension (bsc#1202368).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2987=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2987=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2987=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2987=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2987=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2987=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2987=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2987=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2987=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2987=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-2987=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2987=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2987=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2987=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2987=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-llvmjit-13.8-150200.5.31.1
postgresql13-llvmjit-debuginfo-13.8-150200.5.31.1
postgresql13-llvmjit-devel-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
postgresql13-test-13.8-150200.5.31.1
- openSUSE Leap 15.4 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-llvmjit-13.8-150200.5.31.1
postgresql13-llvmjit-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
postgresql13-test-13.8-150200.5.31.1
- openSUSE Leap 15.3 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Manager Server 4.1 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Manager Proxy 4.1 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Manager Proxy 4.1 (x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
postgresql13-llvmjit-13.8-150200.5.31.1
postgresql13-llvmjit-debuginfo-13.8-150200.5.31.1
postgresql13-test-13.8-150200.5.31.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-llvmjit-13.8-150200.5.31.1
postgresql13-llvmjit-debuginfo-13.8-150200.5.31.1
postgresql13-llvmjit-devel-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
postgresql13-docs-13.8-150200.5.31.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
postgresql13-13.8-150200.5.31.1
postgresql13-contrib-13.8-150200.5.31.1
postgresql13-contrib-debuginfo-13.8-150200.5.31.1
postgresql13-debuginfo-13.8-150200.5.31.1
postgresql13-debugsource-13.8-150200.5.31.1
postgresql13-devel-13.8-150200.5.31.1
postgresql13-devel-debuginfo-13.8-150200.5.31.1
postgresql13-plperl-13.8-150200.5.31.1
postgresql13-plperl-debuginfo-13.8-150200.5.31.1
postgresql13-plpython-13.8-150200.5.31.1
postgresql13-plpython-debuginfo-13.8-150200.5.31.1
postgresql13-pltcl-13.8-150200.5.31.1
postgresql13-pltcl-debuginfo-13.8-150200.5.31.1
postgresql13-server-13.8-150200.5.31.1
postgresql13-server-debuginfo-13.8-150200.5.31.1
postgresql13-server-devel-13.8-150200.5.31.1
postgresql13-server-devel-debuginfo-13.8-150200.5.31.1
- SUSE Enterprise Storage 7 (noarch):
postgresql13-docs-13.8-150200.5.31.1
References:
https://www.suse.com/security/cve/CVE-2022-2625.html
https://bugzilla.suse.com/1198166
https://bugzilla.suse.com/1202368
From sle-security-updates at lists.suse.com Thu Sep 1 15:28:38 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:28:38 +0200 (CEST)
Subject: SUSE-SU-2022:2989-1: important: Security update for postgresql14
Message-ID: <20220901152838.DC423F3D4@maintenance.suse.de>
SUSE Security Update: Security update for postgresql14
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2989-1
Rating: important
References: #1198166 #1200437 #1202368
Cross-References: CVE-2022-2625
CVSS scores:
CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace
objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the
CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2989=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2989=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2989=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2989=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2989=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2989=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2989=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2989=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-2989=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-2989=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2989=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2989=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2989=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2989=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2989=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2989=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-llvmjit-14.5-150200.5.17.1
postgresql14-llvmjit-debuginfo-14.5-150200.5.17.1
postgresql14-llvmjit-devel-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
postgresql14-test-14.5-150200.5.17.1
- openSUSE Leap 15.4 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- openSUSE Leap 15.4 (x86_64):
libecpg6-32bit-14.5-150200.5.17.1
libecpg6-32bit-debuginfo-14.5-150200.5.17.1
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-llvmjit-14.5-150200.5.17.1
postgresql14-llvmjit-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
postgresql14-test-14.5-150200.5.17.1
- openSUSE Leap 15.3 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- openSUSE Leap 15.3 (x86_64):
libecpg6-32bit-14.5-150200.5.17.1
libecpg6-32bit-debuginfo-14.5-150200.5.17.1
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Manager Server 4.1 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Manager Server 4.1 (x86_64):
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Manager Proxy 4.1 (x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Manager Proxy 4.1 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
postgresql14-llvmjit-14.5-150200.5.17.1
postgresql14-llvmjit-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
postgresql14-test-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
postgresql14-docs-14.5-150200.5.17.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libecpg6-14.5-150200.5.17.1
libecpg6-debuginfo-14.5-150200.5.17.1
libpq5-14.5-150200.5.17.1
libpq5-debuginfo-14.5-150200.5.17.1
postgresql14-14.5-150200.5.17.1
postgresql14-contrib-14.5-150200.5.17.1
postgresql14-contrib-debuginfo-14.5-150200.5.17.1
postgresql14-debuginfo-14.5-150200.5.17.1
postgresql14-debugsource-14.5-150200.5.17.1
postgresql14-devel-14.5-150200.5.17.1
postgresql14-devel-debuginfo-14.5-150200.5.17.1
postgresql14-plperl-14.5-150200.5.17.1
postgresql14-plperl-debuginfo-14.5-150200.5.17.1
postgresql14-plpython-14.5-150200.5.17.1
postgresql14-plpython-debuginfo-14.5-150200.5.17.1
postgresql14-pltcl-14.5-150200.5.17.1
postgresql14-pltcl-debuginfo-14.5-150200.5.17.1
postgresql14-server-14.5-150200.5.17.1
postgresql14-server-debuginfo-14.5-150200.5.17.1
postgresql14-server-devel-14.5-150200.5.17.1
postgresql14-server-devel-debuginfo-14.5-150200.5.17.1
- SUSE Enterprise Storage 7 (x86_64):
libpq5-32bit-14.5-150200.5.17.1
libpq5-32bit-debuginfo-14.5-150200.5.17.1
- SUSE Enterprise Storage 7 (noarch):
postgresql14-docs-14.5-150200.5.17.1
References:
https://www.suse.com/security/cve/CVE-2022-2625.html
https://bugzilla.suse.com/1198166
https://bugzilla.suse.com/1200437
https://bugzilla.suse.com/1202368
From sle-security-updates at lists.suse.com Thu Sep 1 15:31:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:31:55 +0200 (CEST)
Subject: SUSE-SU-2022:2988-1: important: Security update for postgresql12
Message-ID: <20220901153155.7B08EF3D4@maintenance.suse.de>
SUSE Security Update: Security update for postgresql12
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2988-1
Rating: important
References: #1198166 #1202368
Cross-References: CVE-2022-2625
CVSS scores:
CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for postgresql12 fixes the following issues:
- Update to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace
objects not belonging to that extension (bsc#1202368).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2988=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2988=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2988=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2988=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2988=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2988=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2988=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2988=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-2988=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-2988=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2988=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2988=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2988=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-llvmjit-12.12-150200.8.35.1
postgresql12-llvmjit-debuginfo-12.12-150200.8.35.1
postgresql12-llvmjit-devel-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
postgresql12-test-12.12-150200.8.35.1
- openSUSE Leap 15.4 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-llvmjit-12.12-150200.8.35.1
postgresql12-llvmjit-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
postgresql12-test-12.12-150200.8.35.1
- openSUSE Leap 15.3 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Manager Server 4.1 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Manager Proxy 4.1 (x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Manager Proxy 4.1 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
postgresql12-llvmjit-12.12-150200.8.35.1
postgresql12-llvmjit-debuginfo-12.12-150200.8.35.1
postgresql12-test-12.12-150200.8.35.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
postgresql12-docs-12.12-150200.8.35.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
postgresql12-12.12-150200.8.35.1
postgresql12-contrib-12.12-150200.8.35.1
postgresql12-contrib-debuginfo-12.12-150200.8.35.1
postgresql12-debuginfo-12.12-150200.8.35.1
postgresql12-debugsource-12.12-150200.8.35.1
postgresql12-devel-12.12-150200.8.35.1
postgresql12-devel-debuginfo-12.12-150200.8.35.1
postgresql12-plperl-12.12-150200.8.35.1
postgresql12-plperl-debuginfo-12.12-150200.8.35.1
postgresql12-plpython-12.12-150200.8.35.1
postgresql12-plpython-debuginfo-12.12-150200.8.35.1
postgresql12-pltcl-12.12-150200.8.35.1
postgresql12-pltcl-debuginfo-12.12-150200.8.35.1
postgresql12-server-12.12-150200.8.35.1
postgresql12-server-debuginfo-12.12-150200.8.35.1
postgresql12-server-devel-12.12-150200.8.35.1
postgresql12-server-devel-debuginfo-12.12-150200.8.35.1
- SUSE Enterprise Storage 7 (noarch):
postgresql12-docs-12.12-150200.8.35.1
References:
https://www.suse.com/security/cve/CVE-2022-2625.html
https://bugzilla.suse.com/1198166
https://bugzilla.suse.com/1202368
From sle-security-updates at lists.suse.com Thu Sep 1 15:32:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:32:53 +0200 (CEST)
Subject: SUSE-SU-2022:2959-2: important: Security update for rsync
Message-ID: <20220901153253.099E6F3D4@maintenance.suse.de>
SUSE Security Update: Security update for rsync
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2959-2
Rating: important
References: #1201840
Cross-References: CVE-2022-29154
CVSS scores:
CVE-2022-29154 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H
CVE-2022-29154 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rsync fixes the following issues:
- CVE-2022-29154: Fixed an arbitrary file write issue that could be
triggered by a malicious remote server (bsc#1201840).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2959=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
rsync-3.1.3-150000.4.13.1
rsync-debuginfo-3.1.3-150000.4.13.1
rsync-debugsource-3.1.3-150000.4.13.1
References:
https://www.suse.com/security/cve/CVE-2022-29154.html
https://bugzilla.suse.com/1201840
From sle-security-updates at lists.suse.com Thu Sep 1 15:33:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:33:47 +0200 (CEST)
Subject: SUSE-SU-2022:2614-2: moderate: Security update for dwarves and
elfutils
Message-ID: <20220901153347.76B42F3D4@maintenance.suse.de>
SUSE Security Update: Security update for dwarves and elfutils
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2614-2
Rating: moderate
References: #1033084 #1033085 #1033086 #1033087 #1033088
#1033089 #1033090 #1082318 #1104264 #1106390
#1107066 #1107067 #1111973 #1112723 #1112726
#1123685 #1125007 SLE-24501
Cross-References: CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402
CVE-2018-16403 CVE-2018-18310 CVE-2018-18520
CVE-2018-18521 CVE-2019-7146 CVE-2019-7148
CVE-2019-7149 CVE-2019-7150 CVE-2019-7664
CVE-2019-7665
CVSS scores:
CVE-2017-7607 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7607 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-7608 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-7609 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7609 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-7610 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7610 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-7611 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7611 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-7612 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7612 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2017-7613 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2017-7613 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-16062 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-16062 (SUSE): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2018-16402 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-16402 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-16403 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-16403 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-18310 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-18310 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-18520 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-18520 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2018-18521 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2018-18521 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-7146 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-7148 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-7149 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-7150 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-7150 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-7664 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-7664 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-7665 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2019-7665 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes 19 vulnerabilities, contains one
feature is now available.
Description:
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset. Decode
DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string. dwelf_elf_begin now only
returns NULL when there is an error reading or decompressing a file. If
the file is not an ELF file an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option. Do NOT use this for system
installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 -
CVE-2019-7150: dwfl_segment_report_module doesn't check whether the
dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated
string (CVE is a bit misleading, as this is not a bug in libelf as
described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections. Recognize and parse GNU
Property, NT_VERSION and GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly. Add strip --reloc-debug-sections-only
option. Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT and
BPF_JSLE. backends: RISCV handles ADD/SUB relocations. Handle
SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function
arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in
dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files
(bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and shstrndx
correctly.
- elfcompress: Don't rewrite input file if no section data needs updating.
Try harder to keep same file mode bits (suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to generate
CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to
decompress the same section twice (bsc#1107066) Double-free crash in
nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in
/elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular
various functions now detect and break infinite loops caused by bad DIE
tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section). Removed dwarf_getscn_info, which was
never implemented.
- backends: Handle BPF simple relocations. The RISCV backends now handles
ABI specific CFI and knows about RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr,
.debug_line_str, .debug_loclists, .debug_str_offsets and
.debug_rnglists. Plus the new DWARF5 and GNU DebugFission encodings of
the existing .debug sections. Also in split DWARF .dwo (DWARF object)
files. This support is mostly handled by existing functions
(dwarf_getlocation*, dwarf_getsrclines, dwarf_ranges, dwarf_form*, etc.)
now returning the data from the new sections and data formats. But some
new functions have been added to more easily get information about
skeleton and split compile units (dwarf_get_units and dwarf_cu_info),
handle new attribute data (dwarf_getabbrevattr_data) and to keep
references to Dwarf_Dies that might come from different sections or
files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf
Supplementary) files, the .debug_names index, the .debug_cu_index and
.debug_tu_index sections. Only a single .debug_info (and .debug_types)
section are currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info. libdw will now try to
resolve the alt file on first use of an alt attribute FORM when not set
yet with dwarf_set_alt. dwarf_aggregate_size() now works with
multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows. The sha1 and md5
implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language
code, calling convention, defaulted member function and macro constants
to dwarf.h. New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES. Frame pointer
unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and
application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group
(bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress
(bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi
(readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name
(eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a
crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer
over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang already
supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the
Linux Kernel BTF verification framework.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2614=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
dwarves-1.22-150300.7.3.1
dwarves-debuginfo-1.22-150300.7.3.1
dwarves-debugsource-1.22-150300.7.3.1
elfutils-0.177-150300.11.3.1
elfutils-debuginfo-0.177-150300.11.3.1
elfutils-debugsource-0.177-150300.11.3.1
libasm1-0.177-150300.11.3.1
libasm1-debuginfo-0.177-150300.11.3.1
libdw1-0.177-150300.11.3.1
libdw1-debuginfo-0.177-150300.11.3.1
libdwarves-devel-1.22-150300.7.3.1
libdwarves1-1.22-150300.7.3.1
libdwarves1-debuginfo-1.22-150300.7.3.1
libebl-plugins-0.177-150300.11.3.1
libebl-plugins-debuginfo-0.177-150300.11.3.1
libelf1-0.177-150300.11.3.1
libelf1-debuginfo-0.177-150300.11.3.1
References:
https://www.suse.com/security/cve/CVE-2017-7607.html
https://www.suse.com/security/cve/CVE-2017-7608.html
https://www.suse.com/security/cve/CVE-2017-7609.html
https://www.suse.com/security/cve/CVE-2017-7610.html
https://www.suse.com/security/cve/CVE-2017-7611.html
https://www.suse.com/security/cve/CVE-2017-7612.html
https://www.suse.com/security/cve/CVE-2017-7613.html
https://www.suse.com/security/cve/CVE-2018-16062.html
https://www.suse.com/security/cve/CVE-2018-16402.html
https://www.suse.com/security/cve/CVE-2018-16403.html
https://www.suse.com/security/cve/CVE-2018-18310.html
https://www.suse.com/security/cve/CVE-2018-18520.html
https://www.suse.com/security/cve/CVE-2018-18521.html
https://www.suse.com/security/cve/CVE-2019-7146.html
https://www.suse.com/security/cve/CVE-2019-7148.html
https://www.suse.com/security/cve/CVE-2019-7149.html
https://www.suse.com/security/cve/CVE-2019-7150.html
https://www.suse.com/security/cve/CVE-2019-7664.html
https://www.suse.com/security/cve/CVE-2019-7665.html
https://bugzilla.suse.com/1033084
https://bugzilla.suse.com/1033085
https://bugzilla.suse.com/1033086
https://bugzilla.suse.com/1033087
https://bugzilla.suse.com/1033088
https://bugzilla.suse.com/1033089
https://bugzilla.suse.com/1033090
https://bugzilla.suse.com/1082318
https://bugzilla.suse.com/1104264
https://bugzilla.suse.com/1106390
https://bugzilla.suse.com/1107066
https://bugzilla.suse.com/1107067
https://bugzilla.suse.com/1111973
https://bugzilla.suse.com/1112723
https://bugzilla.suse.com/1112726
https://bugzilla.suse.com/1123685
https://bugzilla.suse.com/1125007
From sle-security-updates at lists.suse.com Thu Sep 1 15:36:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:36:25 +0200 (CEST)
Subject: SUSE-SU-2022:2547-2: important: Security update for logrotate
Message-ID: <20220901153625.43DA1F3D4@maintenance.suse.de>
SUSE Security Update: Security update for logrotate
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2547-2
Rating: important
References: #1192449 #1200278 #1200802
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for logrotate fixes the following issues:
Security issues fixed:
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed "logrotate emits unintended warning: keyword size not properly
separated, found 0x3d" (bsc#1200278, bsc#1200802).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2547=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
logrotate-3.13.0-150000.4.7.1
logrotate-debuginfo-3.13.0-150000.4.7.1
logrotate-debugsource-3.13.0-150000.4.7.1
References:
https://bugzilla.suse.com/1192449
https://bugzilla.suse.com/1200278
https://bugzilla.suse.com/1200802
From sle-security-updates at lists.suse.com Thu Sep 1 15:38:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 17:38:55 +0200 (CEST)
Subject: SUSE-SU-2022:2599-2: important: Security update for xen
Message-ID: <20220901153855.B4FCBF3D4@maintenance.suse.de>
SUSE Security Update: Security update for xen
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2599-2
Rating: important
References: #1027519 #1199965 #1199966 #1200549 #1201394
#1201469
Cross-References: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166
CVE-2022-23816 CVE-2022-23825 CVE-2022-26362
CVE-2022-26363 CVE-2022-26364 CVE-2022-29900
CVE-2022-33745
CVSS scores:
CVE-2022-21123 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21123 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-21125 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21125 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-21166 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21166 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-23816 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-23825 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-26362 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26362 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26363 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26364 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29900 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-29900 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-33745 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2022-33745 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
This update for xen fixes the following issues:
- CVE-2022-26363, CVE-2022-26364: Fixed insufficient care with
non-coherent mappings (XSA-402) (bsc#1199966).
- CVE-2022-21123, CVE-2022-21125, CVE-2022-21166: Fixed MMIO stale data
vulnerabilities on x86 (XSA-404) (bsc#1200549).
- CVE-2022-26362: Fixed a race condition in typeref acquisition (XSA-401)
(bsc#1199965).
- CVE-2022-33745: Fixed insufficient TLB flush for x86 PV guests in shadow
mode (XSA-408) (bsc#1201394).
- CVE-2022-23816, CVE-2022-23825, CVE-2022-29900: Fixed RETBLEED
vulnerability, arbitrary speculative code execution with return
instructions (XSA-407) (bsc#1201469).
Fixed several upstream bugs (bsc#1027519).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2599=1
Package List:
- openSUSE Leap Micro 5.2 (x86_64):
xen-debugsource-4.14.5_04-150300.3.32.1
xen-libs-4.14.5_04-150300.3.32.1
xen-libs-debuginfo-4.14.5_04-150300.3.32.1
References:
https://www.suse.com/security/cve/CVE-2022-21123.html
https://www.suse.com/security/cve/CVE-2022-21125.html
https://www.suse.com/security/cve/CVE-2022-21166.html
https://www.suse.com/security/cve/CVE-2022-23816.html
https://www.suse.com/security/cve/CVE-2022-23825.html
https://www.suse.com/security/cve/CVE-2022-26362.html
https://www.suse.com/security/cve/CVE-2022-26363.html
https://www.suse.com/security/cve/CVE-2022-26364.html
https://www.suse.com/security/cve/CVE-2022-29900.html
https://www.suse.com/security/cve/CVE-2022-33745.html
https://bugzilla.suse.com/1027519
https://bugzilla.suse.com/1199965
https://bugzilla.suse.com/1199966
https://bugzilla.suse.com/1200549
https://bugzilla.suse.com/1201394
https://bugzilla.suse.com/1201469
From sle-security-updates at lists.suse.com Thu Sep 1 19:19:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 21:19:50 +0200 (CEST)
Subject: SUSE-SU-2022:2991-1: important: Security update for libtirpc
Message-ID: <20220901191950.9B602FBAF@maintenance.suse.de>
SUSE Security Update: Security update for libtirpc
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2991-1
Rating: important
References: #1198752 #1200800 #1201680
Cross-References: CVE-2021-46828
CVSS scores:
CVE-2021-46828 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46828 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which
could be exploited by remote attackers to prevent applications using the
library from accepting new connections (bsc#1201680).
Non-security fixes:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2991=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2991=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2991=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2991=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2991=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2991=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2991=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2991=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2991=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2991=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2991=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2991=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2991=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2991=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2991=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2991=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2991=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-2991=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2991=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Manager Server 4.1 (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Manager Proxy 4.1 (x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Enterprise Storage 7 (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
- SUSE Enterprise Storage 6 (x86_64):
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
- SUSE CaaS Platform 4.0 (x86_64):
libtirpc-debugsource-1.0.2-150000.3.18.1
libtirpc-devel-1.0.2-150000.3.18.1
libtirpc-netconfig-1.0.2-150000.3.18.1
libtirpc3-1.0.2-150000.3.18.1
libtirpc3-32bit-1.0.2-150000.3.18.1
libtirpc3-32bit-debuginfo-1.0.2-150000.3.18.1
libtirpc3-debuginfo-1.0.2-150000.3.18.1
References:
https://www.suse.com/security/cve/CVE-2021-46828.html
https://bugzilla.suse.com/1198752
https://bugzilla.suse.com/1200800
https://bugzilla.suse.com/1201680
From sle-security-updates at lists.suse.com Thu Sep 1 19:21:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 1 Sep 2022 21:21:20 +0200 (CEST)
Subject: SUSE-SU-2022:2990-1: important: Security update for flatpak
Message-ID: <20220901192120.10C47FBAF@maintenance.suse.de>
SUSE Security Update: Security update for flatpak
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2990-1
Rating: important
References: #1155688 #1180996 #1183459
Cross-References: CVE-2021-21261 CVE-2021-21381
CVSS scores:
CVE-2021-21261 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-21261 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CVE-2021-21381 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
CVE-2021-21381 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for flatpak fixes the following issues:
- CVE-2021-21381: Fixed an issue where a sandboxed application could read
and write arbitrary host files via special tokens in the .desktop file
(bsc#1183459).
- CVE-2021-21261: Fixed a sandbox escape issue via the flatpak-portal
service (bsc#1180996).
Non-security fixes:
- openh264 extension needs to use "extra_data". (bsc#1155688) The update
will provide the support for extra_data" in extensions and will provide
a list of versions that are supported. This will be useful for the
extra_data for extensions because that will require it to say that it is
supported for version > 1.2.5 in the 1.2 series and > 1.4.2 otherwise.
The update will includes fixes for a segfault in the function that
lists the installed references
(flatpak_installation_list_installed_refs). When an appstream update is
cancelled while downloading icons, the update will show a proper fail.
Before this fix the next update attempt will see an up-to-date
timestamp, think everyhing is ok and not download the missing icons. The
update will introduce checks in the OCI (Open Container Initiative
format) updates for validating if it is gpg verified. The update will
install the required runtime for the installed extension. The update
will prevent a crash if the "FlatpakDir" can't ensure it has a repo
configured. The update will prevent the removal of local extensions
considered remote and not locally related.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2990=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2990=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2990=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2990=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2990=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2990=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
- SUSE CaaS Platform 4.0 (x86_64):
flatpak-1.2.3-150100.4.5.2
flatpak-debuginfo-1.2.3-150100.4.5.2
flatpak-debugsource-1.2.3-150100.4.5.2
flatpak-devel-1.2.3-150100.4.5.2
flatpak-zsh-completion-1.2.3-150100.4.5.2
libflatpak0-1.2.3-150100.4.5.2
libflatpak0-debuginfo-1.2.3-150100.4.5.2
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.5.2
References:
https://www.suse.com/security/cve/CVE-2021-21261.html
https://www.suse.com/security/cve/CVE-2021-21381.html
https://bugzilla.suse.com/1155688
https://bugzilla.suse.com/1180996
https://bugzilla.suse.com/1183459
From sle-security-updates at lists.suse.com Fri Sep 2 13:21:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 15:21:43 +0200 (CEST)
Subject: SUSE-SU-2022:2995-1: moderate: Security update for gdk-pixbuf
Message-ID: <20220902132143.0FF3CFDA3@maintenance.suse.de>
SUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2995-1
Rating: moderate
References: #1201826
Cross-References: CVE-2021-46829
CVSS scores:
CVE-2021-46829 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-46829 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gdk-pixbuf fixes the following issues:
Update to version 2.42.8, including the following:
- CVE-2021-46829: Fixed a heap-based buffer overflow when compositing or
clearing frames in GIF files (bsc#1201826).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2995=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-2995=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.42.8-150400.5.3.1
gdk-pixbuf-devel-2.42.8-150400.5.3.1
gdk-pixbuf-devel-debuginfo-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-debuginfo-2.42.8-150400.5.3.1
gdk-pixbuf-thumbnailer-2.42.8-150400.5.3.1
gdk-pixbuf-thumbnailer-debuginfo-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-debuginfo-2.42.8-150400.5.3.1
typelib-1_0-GdkPixbuf-2_0-2.42.8-150400.5.3.1
typelib-1_0-GdkPixdata-2_0-2.42.8-150400.5.3.1
- openSUSE Leap 15.4 (x86_64):
gdk-pixbuf-devel-32bit-2.42.8-150400.5.3.1
gdk-pixbuf-devel-32bit-debuginfo-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-32bit-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-32bit-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.8-150400.5.3.1
- openSUSE Leap 15.4 (noarch):
gdk-pixbuf-lang-2.42.8-150400.5.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.42.8-150400.5.3.1
gdk-pixbuf-devel-2.42.8-150400.5.3.1
gdk-pixbuf-devel-debuginfo-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-debuginfo-2.42.8-150400.5.3.1
gdk-pixbuf-thumbnailer-2.42.8-150400.5.3.1
gdk-pixbuf-thumbnailer-debuginfo-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-debuginfo-2.42.8-150400.5.3.1
typelib-1_0-GdkPixbuf-2_0-2.42.8-150400.5.3.1
typelib-1_0-GdkPixdata-2_0-2.42.8-150400.5.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
gdk-pixbuf-lang-2.42.8-150400.5.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
gdk-pixbuf-query-loaders-32bit-2.42.8-150400.5.3.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-32bit-2.42.8-150400.5.3.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.8-150400.5.3.1
References:
https://www.suse.com/security/cve/CVE-2021-46829.html
https://bugzilla.suse.com/1201826
From sle-security-updates at lists.suse.com Fri Sep 2 13:22:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 15:22:22 +0200 (CEST)
Subject: SUSE-SU-2022:2993-1: important: Security update for freerdp
Message-ID: <20220902132222.BFE5BFDA3@maintenance.suse.de>
SUSE Security Update: Security update for freerdp
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2993-1
Rating: important
References: #1191895
Cross-References: CVE-2021-41159 CVE-2021-41160
CVSS scores:
CVE-2021-41159 (NVD) : 5.8 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
CVE-2021-41159 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-41160 (NVD) : 5.3 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N
CVE-2021-41160 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for freerdp fixes the following issues:
- Fixed two input validation issues (bsc#1191895):
- CVE-2021-41159: Fixed an improper validation of client input for
gateway connections.
- CVE-2021-41160: Fixed improper region checks that could lead to memory
corruption.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2993=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-2993=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2993=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
freerdp-2.4.0-150400.3.6.1
freerdp-debuginfo-2.4.0-150400.3.6.1
freerdp-debugsource-2.4.0-150400.3.6.1
freerdp-devel-2.4.0-150400.3.6.1
freerdp-proxy-2.4.0-150400.3.6.1
freerdp-proxy-debuginfo-2.4.0-150400.3.6.1
freerdp-server-2.4.0-150400.3.6.1
freerdp-server-debuginfo-2.4.0-150400.3.6.1
freerdp-wayland-2.4.0-150400.3.6.1
freerdp-wayland-debuginfo-2.4.0-150400.3.6.1
libfreerdp2-2.4.0-150400.3.6.1
libfreerdp2-debuginfo-2.4.0-150400.3.6.1
libuwac0-0-2.4.0-150400.3.6.1
libuwac0-0-debuginfo-2.4.0-150400.3.6.1
libwinpr2-2.4.0-150400.3.6.1
libwinpr2-debuginfo-2.4.0-150400.3.6.1
uwac0-0-devel-2.4.0-150400.3.6.1
winpr2-devel-2.4.0-150400.3.6.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
freerdp-2.4.0-150400.3.6.1
freerdp-debuginfo-2.4.0-150400.3.6.1
freerdp-debugsource-2.4.0-150400.3.6.1
freerdp-devel-2.4.0-150400.3.6.1
freerdp-proxy-2.4.0-150400.3.6.1
freerdp-proxy-debuginfo-2.4.0-150400.3.6.1
libfreerdp2-2.4.0-150400.3.6.1
libfreerdp2-debuginfo-2.4.0-150400.3.6.1
libwinpr2-2.4.0-150400.3.6.1
libwinpr2-debuginfo-2.4.0-150400.3.6.1
winpr2-devel-2.4.0-150400.3.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
freerdp-2.4.0-150400.3.6.1
freerdp-debuginfo-2.4.0-150400.3.6.1
freerdp-debugsource-2.4.0-150400.3.6.1
freerdp-devel-2.4.0-150400.3.6.1
freerdp-proxy-2.4.0-150400.3.6.1
freerdp-proxy-debuginfo-2.4.0-150400.3.6.1
libfreerdp2-2.4.0-150400.3.6.1
libfreerdp2-debuginfo-2.4.0-150400.3.6.1
libwinpr2-2.4.0-150400.3.6.1
libwinpr2-debuginfo-2.4.0-150400.3.6.1
winpr2-devel-2.4.0-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-41159.html
https://www.suse.com/security/cve/CVE-2021-41160.html
https://bugzilla.suse.com/1191895
From sle-security-updates at lists.suse.com Fri Sep 2 13:23:18 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 15:23:18 +0200 (CEST)
Subject: SUSE-SU-2022:2997-1: important: Security update for python-pyxdg
Message-ID: <20220902132318.5E9AAFDA3@maintenance.suse.de>
SUSE Security Update: Security update for python-pyxdg
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2997-1
Rating: important
References: #1137627
Cross-References: CVE-2019-12761
CVSS scores:
CVE-2019-12761 (NVD) : 7.5 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2019-12761 (SUSE): 7.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-pyxdg fixes the following issues:
- CVE-2019-12761: Fixed a code injection issue in Category elements of a
Menu XML (bsc#1137627).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-2997=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-2997=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-2997=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-2997=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-2997=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-2997=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-2997=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2997=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-2997=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-2997=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
python2-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
python2-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
python2-pyxdg-0.25-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
python2-pyxdg-0.25-150000.3.3.1
- SUSE Enterprise Storage 6 (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
- SUSE CaaS Platform 4.0 (noarch):
python2-pyxdg-0.25-150000.3.3.1
python3-pyxdg-0.25-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-12761.html
https://bugzilla.suse.com/1137627
From sle-security-updates at lists.suse.com Fri Sep 2 13:24:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 15:24:20 +0200 (CEST)
Subject: SUSE-SU-2022:2998-1: moderate: Security update for ImageMagick
Message-ID: <20220902132420.61288FDA3@maintenance.suse.de>
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2998-1
Rating: moderate
References: #1199350 #1202250
Cross-References: CVE-2022-2719 CVE-2022-28463
CVSS scores:
CVE-2022-2719 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2719 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-28463 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-28463 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2022-2719: Fixed a reachable assertion that could lead to denial
of service via a crafted file (bsc#1202250).
- CVE-2022-28463: Fixed a buffer overflow that could be triggered by a
crafted input file (bsc#1199350).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-2998=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-2998=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-2998=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.1.0.9-150400.6.6.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.6.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.6.1
ImageMagick-debuginfo-7.1.0.9-150400.6.6.1
ImageMagick-debugsource-7.1.0.9-150400.6.6.1
ImageMagick-devel-7.1.0.9-150400.6.6.1
ImageMagick-extra-7.1.0.9-150400.6.6.1
ImageMagick-extra-debuginfo-7.1.0.9-150400.6.6.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.6.1
libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.6.1
libMagick++-devel-7.1.0.9-150400.6.6.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.6.1
libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.6.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.6.1
libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.6.1
perl-PerlMagick-7.1.0.9-150400.6.6.1
perl-PerlMagick-debuginfo-7.1.0.9-150400.6.6.1
- openSUSE Leap 15.4 (x86_64):
ImageMagick-devel-32bit-7.1.0.9-150400.6.6.1
libMagick++-7_Q16HDRI5-32bit-7.1.0.9-150400.6.6.1
libMagick++-7_Q16HDRI5-32bit-debuginfo-7.1.0.9-150400.6.6.1
libMagick++-devel-32bit-7.1.0.9-150400.6.6.1
libMagickCore-7_Q16HDRI10-32bit-7.1.0.9-150400.6.6.1
libMagickCore-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.6.1
libMagickWand-7_Q16HDRI10-32bit-7.1.0.9-150400.6.6.1
libMagickWand-7_Q16HDRI10-32bit-debuginfo-7.1.0.9-150400.6.6.1
- openSUSE Leap 15.4 (noarch):
ImageMagick-doc-7.1.0.9-150400.6.6.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.1.0.9-150400.6.6.1
ImageMagick-debugsource-7.1.0.9-150400.6.6.1
perl-PerlMagick-7.1.0.9-150400.6.6.1
perl-PerlMagick-debuginfo-7.1.0.9-150400.6.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.1.0.9-150400.6.6.1
ImageMagick-config-7-SUSE-7.1.0.9-150400.6.6.1
ImageMagick-config-7-upstream-7.1.0.9-150400.6.6.1
ImageMagick-debuginfo-7.1.0.9-150400.6.6.1
ImageMagick-debugsource-7.1.0.9-150400.6.6.1
ImageMagick-devel-7.1.0.9-150400.6.6.1
libMagick++-7_Q16HDRI5-7.1.0.9-150400.6.6.1
libMagick++-7_Q16HDRI5-debuginfo-7.1.0.9-150400.6.6.1
libMagick++-devel-7.1.0.9-150400.6.6.1
libMagickCore-7_Q16HDRI10-7.1.0.9-150400.6.6.1
libMagickCore-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.6.1
libMagickWand-7_Q16HDRI10-7.1.0.9-150400.6.6.1
libMagickWand-7_Q16HDRI10-debuginfo-7.1.0.9-150400.6.6.1
References:
https://www.suse.com/security/cve/CVE-2022-2719.html
https://www.suse.com/security/cve/CVE-2022-28463.html
https://bugzilla.suse.com/1199350
https://bugzilla.suse.com/1202250
From sle-security-updates at lists.suse.com Fri Sep 2 13:27:54 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 15:27:54 +0200 (CEST)
Subject: SUSE-SU-2022:2996-1: moderate: Security update for gdk-pixbuf
Message-ID: <20220902132754.418FCFDA3@maintenance.suse.de>
SUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2996-1
Rating: moderate
References: #1201826
Cross-References: CVE-2021-46829
CVSS scores:
CVE-2021-46829 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-46829 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gdk-pixbuf fixes the following issues:
- CVE-2021-46829: Fixed overflow when compositing or clearing frames
(bsc#1201826).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-2996=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-2996=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-2996=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-2996=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-2996=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.6.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.6.1
gdk-pixbuf-devel-2.40.0-150200.3.6.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.6.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.6.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.6.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.6.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.6.1
- openSUSE Leap 15.3 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.6.1
- openSUSE Leap 15.3 (x86_64):
gdk-pixbuf-devel-32bit-2.40.0-150200.3.6.1
gdk-pixbuf-devel-32bit-debuginfo-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.6.1
gdk-pixbuf-devel-2.40.0-150200.3.6.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.6.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.6.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.6.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.6.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.6.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.6.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.6.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.6.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-46829.html
https://bugzilla.suse.com/1201826
From sle-security-updates at lists.suse.com Fri Sep 2 16:20:11 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 18:20:11 +0200 (CEST)
Subject: SUSE-SU-2022:3004-1: Security update for curl
Message-ID: <20220902162011.36D6EFD1F@maintenance.suse.de>
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3004-1
Rating: low
References: #1202593
Cross-References: CVE-2022-35252
CVSS scores:
CVE-2022-35252 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into
cookies, which could be exploited by sister sites to cause a denial of
service (bsc#1202593).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3004=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3004=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3004=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3004=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3004=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
curl-7.66.0-150200.4.39.1
curl-debuginfo-7.66.0-150200.4.39.1
curl-debugsource-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-debuginfo-7.66.0-150200.4.39.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.39.1
curl-debuginfo-7.66.0-150200.4.39.1
curl-debugsource-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-debuginfo-7.66.0-150200.4.39.1
- openSUSE Leap 15.3 (x86_64):
libcurl-devel-32bit-7.66.0-150200.4.39.1
libcurl4-32bit-7.66.0-150200.4.39.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.39.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
curl-7.66.0-150200.4.39.1
curl-debuginfo-7.66.0-150200.4.39.1
curl-debugsource-7.66.0-150200.4.39.1
libcurl-devel-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-debuginfo-7.66.0-150200.4.39.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libcurl4-32bit-7.66.0-150200.4.39.1
libcurl4-32bit-debuginfo-7.66.0-150200.4.39.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
curl-7.66.0-150200.4.39.1
curl-debuginfo-7.66.0-150200.4.39.1
curl-debugsource-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-debuginfo-7.66.0-150200.4.39.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
curl-7.66.0-150200.4.39.1
curl-debuginfo-7.66.0-150200.4.39.1
curl-debugsource-7.66.0-150200.4.39.1
libcurl4-7.66.0-150200.4.39.1
libcurl4-debuginfo-7.66.0-150200.4.39.1
References:
https://www.suse.com/security/cve/CVE-2022-35252.html
https://bugzilla.suse.com/1202593
From sle-security-updates at lists.suse.com Fri Sep 2 16:20:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 18:20:57 +0200 (CEST)
Subject: SUSE-SU-2022:3005-1: Security update for curl
Message-ID: <20220902162057.4E3A8FD1F@maintenance.suse.de>
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3005-1
Rating: low
References: #1202593
Cross-References: CVE-2022-35252
CVSS scores:
CVE-2022-35252 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into
cookies, which could be exploited by sister sites to cause a denial of
service (bsc#1202593).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3005=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3005=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
curl-debuginfo-7.60.0-11.46.1
curl-debugsource-7.60.0-11.46.1
libcurl-devel-7.60.0-11.46.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
curl-7.60.0-11.46.1
curl-debuginfo-7.60.0-11.46.1
curl-debugsource-7.60.0-11.46.1
libcurl4-7.60.0-11.46.1
libcurl4-debuginfo-7.60.0-11.46.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libcurl4-32bit-7.60.0-11.46.1
libcurl4-debuginfo-32bit-7.60.0-11.46.1
References:
https://www.suse.com/security/cve/CVE-2022-35252.html
https://bugzilla.suse.com/1202593
From sle-security-updates at lists.suse.com Fri Sep 2 16:22:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 18:22:45 +0200 (CEST)
Subject: SUSE-SU-2022:3003-1: Security update for curl
Message-ID: <20220902162245.61B4EFD1F@maintenance.suse.de>
SUSE Security Update: Security update for curl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3003-1
Rating: low
References: #1202593
Cross-References: CVE-2022-35252
CVSS scores:
CVE-2022-35252 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters into
cookies, which could be exploited by sister sites to cause a denial of
service (bsc#1202593).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3003=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3003=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
curl-7.79.1-150400.5.6.1
curl-debuginfo-7.79.1-150400.5.6.1
curl-debugsource-7.79.1-150400.5.6.1
libcurl-devel-7.79.1-150400.5.6.1
libcurl4-7.79.1-150400.5.6.1
libcurl4-debuginfo-7.79.1-150400.5.6.1
- openSUSE Leap 15.4 (x86_64):
libcurl-devel-32bit-7.79.1-150400.5.6.1
libcurl4-32bit-7.79.1-150400.5.6.1
libcurl4-32bit-debuginfo-7.79.1-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
curl-7.79.1-150400.5.6.1
curl-debuginfo-7.79.1-150400.5.6.1
curl-debugsource-7.79.1-150400.5.6.1
libcurl-devel-7.79.1-150400.5.6.1
libcurl4-7.79.1-150400.5.6.1
libcurl4-debuginfo-7.79.1-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libcurl4-32bit-7.79.1-150400.5.6.1
libcurl4-32bit-debuginfo-7.79.1-150400.5.6.1
References:
https://www.suse.com/security/cve/CVE-2022-35252.html
https://bugzilla.suse.com/1202593
From sle-security-updates at lists.suse.com Fri Sep 2 16:25:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 18:25:22 +0200 (CEST)
Subject: SUSE-SU-2022:3001-1: important: Security update for json-c
Message-ID: <20220902162522.A596AFD1F@maintenance.suse.de>
SUSE Security Update: Security update for json-c
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3001-1
Rating: important
References: #1171479 PED-1778
Cross-References: CVE-2020-12762
CVSS scores:
CVE-2020-12762 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-12762 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for json-c fixes the following issues:
- CVE-2020-12762: Fixed an integer overflow that could lead to memory
corruption via a large JSON file (bsc#1171479).
Non-security fixes:
- Updated to version 0.12.1 (jsc#PED-1778).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3001=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3001=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3001=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3001=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3001=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3001=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3001=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3001=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
- SUSE OpenStack Cloud 9 (x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
json-c-debugsource-0.12.1-4.3.1
libjson-c-devel-0.12.1-4.3.1
libjson-c2-0.12.1-4.3.1
libjson-c2-32bit-0.12.1-4.3.1
libjson-c2-debuginfo-0.12.1-4.3.1
libjson-c2-debuginfo-32bit-0.12.1-4.3.1
References:
https://www.suse.com/security/cve/CVE-2020-12762.html
https://bugzilla.suse.com/1171479
From sle-security-updates at lists.suse.com Fri Sep 2 19:18:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 2 Sep 2022 21:18:42 +0200 (CEST)
Subject: SUSE-SU-2022:3007-1: important: Security update for MozillaFirefox
Message-ID: <20220902191842.62324FDA3@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3007-1
Rating: important
References: #1202645
Cross-References: CVE-2022-38472 CVE-2022-38473 CVE-2022-38478
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error
handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could
inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3007=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3007=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3007=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3007=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3007=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3007=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3007=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3007=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
- SUSE OpenStack Cloud 9 (x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
MozillaFirefox-91.13.0-112.127.4
MozillaFirefox-debuginfo-91.13.0-112.127.4
MozillaFirefox-debugsource-91.13.0-112.127.4
MozillaFirefox-devel-91.13.0-112.127.4
MozillaFirefox-translations-common-91.13.0-112.127.4
References:
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://bugzilla.suse.com/1202645
From sle-security-updates at lists.suse.com Sat Sep 3 07:17:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 3 Sep 2022 09:17:34 +0200 (CEST)
Subject: SUSE-CU-2022:2012-1: Security update of suse/sles/15.4/cdi-importer
Message-ID: <20220903071734.10CCDFD1F@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-importer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2012-1
Container Tags : suse/sles/15.4/cdi-importer:1.43.0 , suse/sles/15.4/cdi-importer:1.43.0-150400.2.4 , suse/sles/15.4/cdi-importer:1.43.0.16.18
Container Release : 16.18
Severity : important
Type : security
References : 1190698 1195059 1198341 1198979 1199524 1200485 1201795 1202020
CVE-2022-1706 CVE-2022-2509
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-importer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- libhogweed6-3.8.1-150500.1.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- systemd-249.12-150400.8.10.1 updated
- container:sles15-image-15.0.0-31.9 updated
From sle-security-updates at lists.suse.com Sat Sep 3 07:17:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 3 Sep 2022 09:17:53 +0200 (CEST)
Subject: SUSE-CU-2022:2015-1: Security update of
suse/sles/15.4/cdi-uploadserver
Message-ID: <20220903071753.8910AFD1F@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2015-1
Container Tags : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadserver:1.43.0.16.17
Container Release : 16.17
Severity : important
Type : security
References : 1190698 1195059 1198341 1198979 1201795 1202020 CVE-2022-2509
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-uploadserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- libhogweed6-3.8.1-150500.1.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- container:sles15-image-15.0.0-31.9 updated
From sle-security-updates at lists.suse.com Sat Sep 3 07:18:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 3 Sep 2022 09:18:12 +0200 (CEST)
Subject: SUSE-CU-2022:2018-1: Security update of suse/sles/15.4/virt-handler
Message-ID: <20220903071812.DC1E9FD1F@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2018-1
Container Tags : suse/sles/15.4/virt-handler:0.49.0 , suse/sles/15.4/virt-handler:0.49.0-150400.1.37 , suse/sles/15.4/virt-handler:0.49.0.17.18
Container Release : 17.18
Severity : important
Type : security
References : 1190698 1195059 1198341 1198979 1199524 1200485 1201795 1202020
CVE-2022-1706 CVE-2022-2509
-----------------------------------------------------------------
The container suse/sles/15.4/virt-handler was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- libhogweed6-3.8.1-150500.1.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- systemd-249.12-150400.8.10.1 updated
- gnutls-3.7.3-150400.4.10.1 updated
- container:sles15-image-15.0.0-31.9 updated
From sle-security-updates at lists.suse.com Sat Sep 3 07:18:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 3 Sep 2022 09:18:34 +0200 (CEST)
Subject: SUSE-CU-2022:2020-1: Security update of
suse/sles/15.4/libguestfs-tools
Message-ID: <20220903071834.AB27EFD1F@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2020-1
Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.17
Container Release : 16.17
Severity : important
Type : security
References : 1190698 1195059 1198341 1198979 1199524 1200485 1201795 1202020
CVE-2022-1706 CVE-2022-2509
-----------------------------------------------------------------
The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libudev1-249.12-150400.8.10.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.5-150500.9.1 updated
- btrfsprogs-udev-rules-5.14-150500.8.1 updated
- libasm1-0.185-150400.5.3.1 updated
- libnettle8-3.8.1-150500.1.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- elfutils-0.185-150400.5.3.1 updated
- libndctl6-74-150500.1.1 updated
- libhogweed6-3.8.1-150500.1.2 updated
- btrfsprogs-5.14-150500.8.1 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libgnutls30-hmac-3.7.3-150400.4.10.1 updated
- systemd-249.12-150400.8.10.1 updated
- systemd-sysvinit-249.12-150400.8.10.1 updated
- udev-249.12-150400.8.10.1 updated
- container:sles15-image-15.0.0-31.9 updated
From sle-security-updates at lists.suse.com Mon Sep 5 13:23:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 5 Sep 2022 15:23:07 +0200 (CEST)
Subject: SUSE-SU-2022:3016-1: important: Security update for libgda
Message-ID: <20220905132307.AB8DAFD1F@maintenance.suse.de>
SUSE Security Update: Security update for libgda
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3016-1
Rating: important
References: #1189849
Cross-References: CVE-2021-39359
CVSS scores:
CVE-2021-39359 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39359 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libgda fixes the following issues:
- CVE-2021-39359: Enabled TLS certificate verification (bsc#1189849).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3016=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3016=1
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3016=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3016=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3016=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3016=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3016=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3016=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3016=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
- SUSE OpenStack Cloud 9 (x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
- SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch):
libgda-5_0-4-lang-5.2.4-9.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libgda-5_0-devel-5.2.4-9.3.1
libgda-5_0-devel-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
typelib-1_0-Gda-5_0-5.2.4-9.3.1
typelib-1_0-Gdaui-5_0-5.2.4-9.3.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libgda-5_0-4-5.2.4-9.3.1
libgda-5_0-4-debuginfo-5.2.4-9.3.1
libgda-5_0-mysql-5.2.4-9.3.1
libgda-5_0-mysql-debuginfo-5.2.4-9.3.1
libgda-5_0-postgres-5.2.4-9.3.1
libgda-5_0-postgres-debuginfo-5.2.4-9.3.1
libgda-5_0-sqlite-5.2.4-9.3.1
libgda-5_0-sqlite-debuginfo-5.2.4-9.3.1
libgda-debugsource-5.2.4-9.3.1
libgda-ui-5_0-4-5.2.4-9.3.1
libgda-ui-5_0-4-debuginfo-5.2.4-9.3.1
References:
https://www.suse.com/security/cve/CVE-2021-39359.html
https://bugzilla.suse.com/1189849
From sle-security-updates at lists.suse.com Mon Sep 5 13:24:02 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 5 Sep 2022 15:24:02 +0200 (CEST)
Subject: SUSE-SU-2022:3020-1: important: Security update for php-composer2
Message-ID: <20220905132402.AA101FD1F@maintenance.suse.de>
SUSE Security Update: Security update for php-composer2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3020-1
Rating: important
References: #1198494
Cross-References: CVE-2022-24828
CVSS scores:
CVE-2022-24828 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-24828 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Web Scripting 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for php-composer2 fixes the following issues:
- CVE-2022-24828: Fixed a code injection issue that affected integrators
using specific APIs to read untrusted input files (bsc#1198494).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3020=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3020=1
Package List:
- openSUSE Leap 15.4 (noarch):
php-composer2-2.2.3-150400.3.3.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch):
php-composer2-2.2.3-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24828.html
https://bugzilla.suse.com/1198494
From sle-security-updates at lists.suse.com Mon Sep 5 19:23:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 5 Sep 2022 21:23:55 +0200 (CEST)
Subject: SUSE-SU-2022:3072-1: important: Security update for the Linux Kernel
(Live Patch 1 for SLE 15 SP4)
Message-ID: <20220905192355.BFAC2FD1F@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3072-1
Rating: important
References: #1196867 #1196959 #1201941 #1202163
Cross-References: CVE-2020-36516 CVE-2021-39698 CVE-2022-2585
CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2585 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment
method with the hash-based IPID assignment policy to inject data into a
victim's TCP session or terminate that session (bsc#1196867).
- CVE-2021-39698: Fixed possible memory corruption in
aio_poll_complete_work of aio.c, that could have led to local escalation
of privilege with no additional execution privileges needed
(bsc#1196959).
- CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bsc#1202163).
- CVE-2022-36946: Fixed a remote denial of service attack inside
nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an
nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can
encounter a negative length (bsc#1201941).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3072=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_24_11-default-2-150400.2.1
kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-2-150400.2.1
kernel-livepatch-SLE15-SP4_Update_1-debugsource-2-150400.2.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-39698.html
https://www.suse.com/security/cve/CVE-2022-2585.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1196959
https://bugzilla.suse.com/1201941
https://bugzilla.suse.com/1202163
From sle-security-updates at lists.suse.com Mon Sep 5 19:24:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 5 Sep 2022 21:24:51 +0200 (CEST)
Subject: SUSE-SU-2022:3029-1: moderate: Security update for 389-ds
Message-ID: <20220905192451.5C667FD1F@maintenance.suse.de>
SUSE Security Update: Security update for 389-ds
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3029-1
Rating: moderate
References: #1199908 #1202470
Cross-References: CVE-2022-2850
CVSS scores:
CVE-2022-2850 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl
client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 1.4.4.19~git46.c900a28c8:
* CI - makes replication/acceptance_test.py::test_modify_entry more
robust
* UI - LDAP Editor is not updated when we switch instances
- Improvements to openldap import with password policy present
(bsc#1199908)
- Update to version 1.4.4.19~git43.8ba2ea21f:
* fix covscan
* BUG - pid file handling
* Memory leak in slapi_ldap_get_lderrno
* Need a compatibility option about sub suffix handling
* Release tarballs don't contain cockpit webapp
* Replication broken after password change
* Harden ReplicationManager.wait_for_replication
* dscontainer: TypeError: unsupported operand type(s) for /: 'str' and
'int'
* CLI - dsconf backend export breaks with multiple backends
* CLI - improve task handling
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3029=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3029=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-debuginfo-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-debugsource-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-snmp-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-snmp-debuginfo-1.4.4.19~git46.c900a28c8-150300.3.22.1
lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1
libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1
libsvrcore0-debuginfo-1.4.4.19~git46.c900a28c8-150300.3.22.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
389-ds-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-debuginfo-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-debugsource-1.4.4.19~git46.c900a28c8-150300.3.22.1
389-ds-devel-1.4.4.19~git46.c900a28c8-150300.3.22.1
lib389-1.4.4.19~git46.c900a28c8-150300.3.22.1
libsvrcore0-1.4.4.19~git46.c900a28c8-150300.3.22.1
libsvrcore0-debuginfo-1.4.4.19~git46.c900a28c8-150300.3.22.1
References:
https://www.suse.com/security/cve/CVE-2022-2850.html
https://bugzilla.suse.com/1199908
https://bugzilla.suse.com/1202470
From sle-security-updates at lists.suse.com Mon Sep 5 19:25:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 5 Sep 2022 21:25:39 +0200 (CEST)
Subject: SUSE-SU-2022:3064-1: important: Security update for the Linux Kernel
(Live Patch 33 for SLE 15 SP1)
Message-ID: <20220905192539.8AB88FD1F@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 33 for SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3064-1
Rating: important
References: #1196867
Cross-References: CVE-2020-36516
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-150100_197_120 fixes one issue.
The following security issue was fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment
method with the hash-based IPID assignment policy to inject data into a
victim's TCP session or terminate that session (bsc#1196867).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3064=1
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3057=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3051=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-150100_197_120-default-2-150100.2.1
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150000_150_98-default-2-150000.2.1
kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-2-150000.2.1
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_130-default-2-2.2
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://bugzilla.suse.com/1196867
From sle-security-updates at lists.suse.com Mon Sep 5 19:26:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 5 Sep 2022 21:26:43 +0200 (CEST)
Subject: SUSE-SU-2022:3030-1: important: Security update for MozillaFirefox
Message-ID: <20220905192643.E6596FD1F@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3030-1
Rating: important
References: #1202645
Cross-References: CVE-2022-38472 CVE-2022-38473 CVE-2022-38478
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 91.13.0 ESR (bsc#1202645):
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error
handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could
inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3030=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3030=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3030=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3030=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3030=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3030=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3030=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3030=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3030=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3030=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3030=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3030=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3030=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-branding-upstream-91.13.0-150200.152.56.2
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-branding-upstream-91.13.0-150200.152.56.2
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Manager Retail Branch Server 4.1 (x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Manager Proxy 4.1 (x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-91.13.0-150200.152.56.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
- SUSE Enterprise Storage 7 (aarch64 x86_64):
MozillaFirefox-91.13.0-150200.152.56.2
MozillaFirefox-branding-SLE-91-150200.9.7.1
MozillaFirefox-debuginfo-91.13.0-150200.152.56.2
MozillaFirefox-debugsource-91.13.0-150200.152.56.2
MozillaFirefox-devel-91.13.0-150200.152.56.2
MozillaFirefox-translations-common-91.13.0-150200.152.56.2
MozillaFirefox-translations-other-91.13.0-150200.152.56.2
References:
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://bugzilla.suse.com/1202645
From sle-security-updates at lists.suse.com Mon Sep 5 22:22:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 00:22:45 +0200 (CEST)
Subject: SUSE-SU-2022:3080-1: important: Security update for the Linux Kernel
(Live Patch 23 for SLE 15 SP3)
Message-ID: <20220905222245.CE2F4FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3080-1
Rating: important
References: #1199648
Cross-References: CVE-2022-1116
CVSS scores:
CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_90 fixes one issue.
The following security issue was fixed:
- CVE-2022-1116: Fixed integer overflow or wraparound vulnerability in
io_uring, where a local attacker could have caused memory corruption and
escalate privileges to root (bsc#1199648).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3080=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_90-default-2-150300.2.1
References:
https://www.suse.com/security/cve/CVE-2022-1116.html
https://bugzilla.suse.com/1199648
From sle-security-updates at lists.suse.com Tue Sep 6 07:22:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 09:22:57 +0200 (CEST)
Subject: SUSE-SU-2022:3088-1: important: Security update for the Linux Kernel
(Live Patch 29 for SLE 15 SP2)
Message-ID: <20220906072257.18027FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3088-1
Rating: important
References: #1196867 #1199648
Cross-References: CVE-2020-36516 CVE-2022-1116
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-1116 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1116 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues.
The following security issues were fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment
method with the hash-based IPID assignment policy to inject data into a
victim's TCP session or terminate that session (bsc#1196867).
- CVE-2022-1116: Fixed integer overflow or wraparound vulnerability in
io_uring, where a local attacker could have caused memory corruption and
escalate privileges to root (bsc#1199648).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3088=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150200_24_126-default-2-150200.2.1
kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-2-150200.2.1
kernel-livepatch-SLE15-SP2_Update_29-debugsource-2-150200.2.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2022-1116.html
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1199648
From sle-security-updates at lists.suse.com Tue Sep 6 07:42:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 09:42:55 +0200 (CEST)
Subject: SUSE-CU-2022:2025-1: Security update of suse/sle15
Message-ID: <20220906074255.070E8FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2025-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.607
Container Release : 4.22.607
Severity : important
Type : security
References : 1197178 1198731 1198752 1198925 1200800 1200842 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2978-1
Released: Thu Sep 1 12:31:01 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2991-1
Released: Thu Sep 1 16:04:30 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1198752,1200800,1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed an uncontrolled file descriptor consumption,
which could be exploited by remote attackers to prevent applications
using the library from accepting new connections (bsc#1201680).
Non-security fixes:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
The following package changes have been done:
- libblkid1-2.31.1-150000.9.21.1 updated
- libfdisk1-2.31.1-150000.9.21.1 updated
- libmount1-2.31.1-150000.9.21.1 updated
- libsmartcols1-2.31.1-150000.9.21.1 updated
- libtirpc-netconfig-1.0.2-150000.3.18.1 updated
- libtirpc3-1.0.2-150000.3.18.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.31.1-150000.9.21.1 updated
- util-linux-2.31.1-150000.9.21.1 updated
From sle-security-updates at lists.suse.com Tue Sep 6 07:57:52 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 09:57:52 +0200 (CEST)
Subject: SUSE-CU-2022:2026-1: Security update of suse/sle15
Message-ID: <20220906075752.81CF0FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2026-1
Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.668
Container Release : 6.2.668
Severity : important
Type : security
References : 1198752 1198925 1200800 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2991-1
Released: Thu Sep 1 16:04:30 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1198752,1200800,1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed an uncontrolled file descriptor consumption,
which could be exploited by remote attackers to prevent applications
using the library from accepting new connections (bsc#1201680).
Non-security fixes:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
The following package changes have been done:
- libtirpc-netconfig-1.0.2-150000.3.18.1 updated
- libtirpc3-1.0.2-150000.3.18.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:10:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:10:05 +0200 (CEST)
Subject: SUSE-CU-2022:2027-1: Security update of suse/sle15
Message-ID: <20220906081005.327CFFCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2027-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.188
Container Release : 9.5.188
Severity : important
Type : security
References : 1181475 1198752 1198925 1200800 1201680 1202175 1202593 CVE-2021-46828
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2991-1
Released: Thu Sep 1 16:04:30 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1198752,1200800,1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed an uncontrolled file descriptor consumption,
which could be exploited by remote attackers to prevent applications
using the library from accepting new connections (bsc#1201680).
Non-security fixes:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libcurl4-7.66.0-150200.4.39.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libtirpc-netconfig-1.0.2-150000.3.18.1 updated
- libtirpc3-1.0.2-150000.3.18.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:14:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:14:37 +0200 (CEST)
Subject: SUSE-CU-2022:2028-1: Security update of bci/bci-init
Message-ID: <20220906081437.CF6B4FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2028-1
Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.19.6
Container Release : 19.6
Severity : important
Type : security
References : 1181475 1197178 1198731 1198925 1200842 1202175 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- container:sles15-image-15.0.0-17.20.26 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:16:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:16:27 +0200 (CEST)
Subject: SUSE-CU-2022:2029-1: Security update of bci/bci-minimal
Message-ID: <20220906081627.4EFD8FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2029-1
Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.30.31
Container Release : 30.31
Severity : important
Type : security
References : 1202175 CVE-2022-37434
-----------------------------------------------------------------
The container bci/bci-minimal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
The following package changes have been done:
- libz1-1.2.11-150000.3.33.1 updated
- container:micro-image-15.3.0-20.14 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:24:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:24:13 +0200 (CEST)
Subject: SUSE-CU-2022:2030-1: Security update of suse/sle15
Message-ID: <20220906082413.4779AFCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2030-1
Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.27 , suse/sle15:15.3 , suse/sle15:15.3.17.20.27
Container Release : 17.20.27
Severity : moderate
Type : security
References : 1197178 1198731 1198925 1200842 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- curl-7.66.0-150200.4.39.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:25:04 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:25:04 +0200 (CEST)
Subject: SUSE-CU-2022:2031-1: Security update of bci/dotnet-aspnet
Message-ID: <20220906082504.25781FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2031-1
Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-39.19 , bci/dotnet-aspnet:3.1.28 , bci/dotnet-aspnet:3.1.28-39.19
Container Release : 39.19
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:25:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:25:53 +0200 (CEST)
Subject: SUSE-CU-2022:2032-1: Security update of bci/dotnet-aspnet
Message-ID: <20220906082553.403FAFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2032-1
Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-25.22 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-25.22
Container Release : 25.22
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:26:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:26:42 +0200 (CEST)
Subject: SUSE-CU-2022:2033-1: Security update of bci/dotnet-aspnet
Message-ID: <20220906082642.D1FC2FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2033-1
Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-20.19 , bci/dotnet-aspnet:6.0.8 , bci/dotnet-aspnet:6.0.8-20.19 , bci/dotnet-aspnet:latest
Container Release : 20.19
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:27:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:27:37 +0200 (CEST)
Subject: SUSE-CU-2022:2034-1: Security update of bci/dotnet-sdk
Message-ID: <20220906082737.B81C4FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2034-1
Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-22.17 , bci/dotnet-sdk:6.0.8 , bci/dotnet-sdk:6.0.8-22.17 , bci/dotnet-sdk:latest
Container Release : 22.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:28:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:28:22 +0200 (CEST)
Subject: SUSE-CU-2022:2035-1: Security update of bci/dotnet-runtime
Message-ID: <20220906082822.5E2A9FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2035-1
Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-32.20 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-32.20
Container Release : 32.20
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:29:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:29:05 +0200 (CEST)
Subject: SUSE-CU-2022:2036-1: Security update of bci/dotnet-runtime
Message-ID: <20220906082905.5289AFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2036-1
Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-19.17 , bci/dotnet-runtime:6.0.8 , bci/dotnet-runtime:6.0.8-19.17 , bci/dotnet-runtime:latest
Container Release : 19.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:29:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:29:53 +0200 (CEST)
Subject: SUSE-CU-2022:2037-1: Security update of bci/bci-init
Message-ID: <20220906082953.09FEBFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2037-1
Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.22.4 , bci/bci-init:latest
Container Release : 22.4
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:30:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:30:43 +0200 (CEST)
Subject: SUSE-CU-2022:2038-1: Security update of bci/nodejs
Message-ID: <20220906083043.55115FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2038-1
Container Tags : bci/node:14 , bci/node:14-33.19 , bci/nodejs:14 , bci/nodejs:14-33.19
Container Release : 33.19
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:32:26 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:32:26 +0200 (CEST)
Subject: SUSE-CU-2022:2039-1: Security update of bci/openjdk-devel
Message-ID: <20220906083226.2720BFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2039-1
Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.40 , bci/openjdk-devel:latest
Container Release : 34.40
Severity : important
Type : security
References : 1197178 1198731 1198925 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- container:bci-openjdk-11-15.4-30.19 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:33:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:33:59 +0200 (CEST)
Subject: SUSE-CU-2022:2040-1: Security update of bci/ruby
Message-ID: <20220906083359.15B4CFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2040-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.18 , bci/ruby:latest
Container Release : 29.18
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- curl-7.79.1-150400.5.6.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:34:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:34:43 +0200 (CEST)
Subject: SUSE-CU-2022:2041-1: Security update of bci/rust
Message-ID: <20220906083443.4C329FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2041-1
Container Tags : bci/rust:1.59 , bci/rust:1.59-9.35
Container Release : 9.35
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:35:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:35:13 +0200 (CEST)
Subject: SUSE-CU-2022:2042-1: Security update of bci/rust
Message-ID: <20220906083513.63872FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2042-1
Container Tags : bci/rust:1.60 , bci/rust:1.60-5.18
Container Release : 5.18
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 08:35:40 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 10:35:40 +0200 (CEST)
Subject: SUSE-CU-2022:2043-1: Security update of bci/rust
Message-ID: <20220906083540.9D4FBFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2043-1
Container Tags : bci/rust:1.61 , bci/rust:1.61-6.17
Container Release : 6.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Tue Sep 6 10:27:48 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 12:27:48 +0200 (CEST)
Subject: SUSE-SU-2022:3092-1: important: Security update for java-1_8_0-openj9
Message-ID: <20220906102748.13DD5FD84@maintenance.suse.de>
SUSE Security Update: Security update for java-1_8_0-openj9
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3092-1
Rating: important
References: #1198671 #1198672 #1198673 #1198674 #1198675
#1198935 #1201684 #1201692 #1201694
Cross-References: CVE-2021-41041 CVE-2022-21426 CVE-2022-21434
CVE-2022-21443 CVE-2022-21476 CVE-2022-21496
CVE-2022-21540 CVE-2022-21541 CVE-2022-34169
CVSS scores:
CVE-2021-41041 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-34169 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 9 vulnerabilities is now available.
Description:
This update for java-1_8_0-openj9 fixes the following issues:
- Updated to OpenJDK 8u345 build 01 with OpenJ9 0.33.0 virtual machine:
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java
XSLT library that occurred when processing malicious stylesheets
(bsc#1201684).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in
the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in
the Hotspot component (bsc#1201694).
- Updated to OpenJDK 8u332 build 09 with OpenJ9 0.32.0 virtual machine:
- CVE-2021-41041: Failed an issue that could allow unverified methods to
be invoked using MethodHandles (bsc#1198935).
- CVE-2022-21426: Fixed a remote partial denial of service issue
(component: JAXP) (bsc#1198672).
- CVE-2022-21434: Fixed an issue that could allow a remote attacker to
update, insert or delete data (component: Libraries) (bsc#1198674).
- CVE-2022-21443: Fixed a remote partial denial of service issue
(component: Libraries) (bsc#1198675).
- CVE-2022-21476: Fixed an issue that could allow unauthorized access to
confidential data (component: Libraries) (bsc#1198671).
- CVE-2022-21496: Fixed an issue that could allow a remote attacker to
update, insert or delete data (component: JNDI) (bsc#1198673).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3092=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3092=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
java-1_8_0-openj9-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-accessibility-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-debuginfo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-debugsource-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-demo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-demo-debuginfo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-devel-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-devel-debuginfo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-headless-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-headless-debuginfo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-src-1.8.0.345-150200.3.24.1
- openSUSE Leap 15.4 (noarch):
java-1_8_0-openj9-javadoc-1.8.0.345-150200.3.24.1
- openSUSE Leap 15.3 (ppc64le s390x x86_64):
java-1_8_0-openj9-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-accessibility-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-debuginfo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-debugsource-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-demo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-demo-debuginfo-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-devel-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-headless-1.8.0.345-150200.3.24.1
java-1_8_0-openj9-src-1.8.0.345-150200.3.24.1
- openSUSE Leap 15.3 (noarch):
java-1_8_0-openj9-javadoc-1.8.0.345-150200.3.24.1
References:
https://www.suse.com/security/cve/CVE-2021-41041.html
https://www.suse.com/security/cve/CVE-2022-21426.html
https://www.suse.com/security/cve/CVE-2022-21434.html
https://www.suse.com/security/cve/CVE-2022-21443.html
https://www.suse.com/security/cve/CVE-2022-21476.html
https://www.suse.com/security/cve/CVE-2022-21496.html
https://www.suse.com/security/cve/CVE-2022-21540.html
https://www.suse.com/security/cve/CVE-2022-21541.html
https://www.suse.com/security/cve/CVE-2022-34169.html
https://bugzilla.suse.com/1198671
https://bugzilla.suse.com/1198672
https://bugzilla.suse.com/1198673
https://bugzilla.suse.com/1198674
https://bugzilla.suse.com/1198675
https://bugzilla.suse.com/1198935
https://bugzilla.suse.com/1201684
https://bugzilla.suse.com/1201692
https://bugzilla.suse.com/1201694
From sle-security-updates at lists.suse.com Tue Sep 6 10:30:04 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 12:30:04 +0200 (CEST)
Subject: SUSE-SU-2022:3096-1: moderate: Security update for openvswitch
Message-ID: <20220906103004.2D0C2FD84@maintenance.suse.de>
SUSE Security Update: Security update for openvswitch
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3096-1
Rating: moderate
References: #1188524
Cross-References: CVE-2021-36980
CVSS scores:
CVE-2021-36980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-36980 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvswitch fixes the following issues:
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a
RAW_ENCAP action (bsc#1188524).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3096=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3096=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_13-0-2.13.2-150200.9.17.1
libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.17.1
libovn-20_03-0-20.03.1-150200.9.17.1
libovn-20_03-0-debuginfo-20.03.1-150200.9.17.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_13-0-2.13.2-150200.9.17.1
libopenvswitch-2_13-0-debuginfo-2.13.2-150200.9.17.1
libovn-20_03-0-20.03.1-150200.9.17.1
libovn-20_03-0-debuginfo-20.03.1-150200.9.17.1
References:
https://www.suse.com/security/cve/CVE-2021-36980.html
https://bugzilla.suse.com/1188524
From sle-security-updates at lists.suse.com Tue Sep 6 10:31:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 12:31:30 +0200 (CEST)
Subject: SUSE-SU-2022:3094-1: important: Security update for libostree
Message-ID: <20220906103130.263FBFD84@maintenance.suse.de>
SUSE Security Update: Security update for libostree
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3094-1
Rating: important
References: #1201770
Cross-References: CVE-2014-9862
CVSS scores:
CVE-2014-9862 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2014-9862 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libostree fixes the following issues:
- CVE-2014-9862: Fixed a memory corruption issue that could be triggered
when diffing binary files (bsc#1201770).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3094=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3094=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3094=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libostree-1-1-2021.6-150400.3.3.1
libostree-1-1-debuginfo-2021.6-150400.3.3.1
libostree-2021.6-150400.3.3.1
libostree-debuginfo-2021.6-150400.3.3.1
libostree-debugsource-2021.6-150400.3.3.1
libostree-devel-2021.6-150400.3.3.1
typelib-1_0-OSTree-1_0-2021.6-150400.3.3.1
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
libostree-grub2-2021.6-150400.3.3.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libostree-2021.6-150400.3.3.1
libostree-debuginfo-2021.6-150400.3.3.1
libostree-debugsource-2021.6-150400.3.3.1
libostree-devel-2021.6-150400.3.3.1
typelib-1_0-OSTree-1_0-2021.6-150400.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libostree-1-1-2021.6-150400.3.3.1
libostree-1-1-debuginfo-2021.6-150400.3.3.1
libostree-debuginfo-2021.6-150400.3.3.1
libostree-debugsource-2021.6-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2014-9862.html
https://bugzilla.suse.com/1201770
From sle-security-updates at lists.suse.com Tue Sep 6 10:32:33 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 12:32:33 +0200 (CEST)
Subject: SUSE-SU-2022:3093-1: important: Security update for
python-Flask-Security-Too
Message-ID: <20220906103233.03038FD84@maintenance.suse.de>
SUSE Security Update: Security update for python-Flask-Security-Too
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3093-1
Rating: important
References: #1181058
Cross-References: CVE-2021-21241
CVSS scores:
CVE-2021-21241 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-21241 (SUSE): 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-Flask-Security-Too fixes the following issues:
- CVE-2021-21241: Fixed an issue where GET requests lacking CSRF
protection to certain endpoints could return the user's authentication
token (bsc#1181058).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3093=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3093=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3093=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3093=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3093=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3093=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3093=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3093=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3093=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3093=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3093=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3093=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3093=1
Package List:
- openSUSE Leap 15.4 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- openSUSE Leap 15.3 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Manager Server 4.1 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Manager Proxy 4.1 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
- SUSE Enterprise Storage 7 (noarch):
python3-Flask-Security-Too-3.4.2-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-21241.html
https://bugzilla.suse.com/1181058
From sle-security-updates at lists.suse.com Tue Sep 6 13:22:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:22:06 +0200 (CEST)
Subject: SUSE-SU-2022:3108-1: important: Security update for the Linux Kernel
(Live Patch 0 for SLE 15 SP4)
Message-ID: <20220906132206.B461BFD99@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3108-1
Rating: important
References: #1196867 #1201941 #1202163
Cross-References: CVE-2020-36516 CVE-2022-2585 CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-2585 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment
method with the hash-based IPID assignment policy to inject data into a
victim's TCP session or terminate that session (bsc#1196867).
- CVE-2022-2585: Fixed use-after-free in POSIX CPU timer (bsc#1202163).
- CVE-2022-36946: Fixed a remote denial of service attack inside
nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an
nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can
encounter a negative length (bsc#1201941).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3108=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_22-default-5-150400.4.12.3
kernel-livepatch-5_14_21-150400_22-default-debuginfo-5-150400.4.12.3
kernel-livepatch-SLE15-SP4_Update_0-debugsource-5-150400.4.12.3
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2022-2585.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1201941
https://bugzilla.suse.com/1202163
From sle-security-updates at lists.suse.com Tue Sep 6 13:24:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:24:39 +0200 (CEST)
Subject: SUSE-SU-2022:3098-1: moderate: Security update for openvswitch
Message-ID: <20220906132439.066B1FD99@maintenance.suse.de>
SUSE Security Update: Security update for openvswitch
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3098-1
Rating: moderate
References: #1188524
Cross-References: CVE-2021-36980
CVSS scores:
CVE-2021-36980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-36980 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvswitch fixes the following issues:
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a
RAW_ENCAP action (bsc#1188524).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3098=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_11-0-2.11.5-3.6.1
libopenvswitch-2_11-0-debuginfo-2.11.5-3.6.1
openvswitch-2.11.5-3.6.1
openvswitch-debuginfo-2.11.5-3.6.1
openvswitch-debugsource-2.11.5-3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-36980.html
https://bugzilla.suse.com/1188524
From sle-security-updates at lists.suse.com Tue Sep 6 13:25:56 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:25:56 +0200 (CEST)
Subject: SUSE-SU-2022:3103-1: important: Security update for python-bottle
Message-ID: <20220906132556.31104FD99@maintenance.suse.de>
SUSE Security Update: Security update for python-bottle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3103-1
Rating: important
References: #1200286
Cross-References: CVE-2022-31799
CVSS scores:
CVE-2022-31799 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31799 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Python2 15-SP3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-bottle fixes the following issues:
- CVE-2022-31799: Fixed an error mishandling issue that could lead to
remote denial of service (bsc#1200286).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3103=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3103=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3103=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3103=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3103=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3103=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3103=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3103=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3103=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3103=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3103=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3103=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3103=1
- SUSE Linux Enterprise Module for Python2 15-SP3:
zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-3103=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3103=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3103=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3103=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3103=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3103=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3103=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3103=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3103=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3103=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3103=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (noarch):
python-bottle-doc-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- openSUSE Leap 15.3 (noarch):
python-bottle-doc-0.12.13-150000.3.6.1
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Manager Server 4.1 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Manager Proxy 4.1 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Module for Python2 15-SP3 (noarch):
python2-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch):
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch):
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Enterprise Storage 7 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE Enterprise Storage 6 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
- SUSE CaaS Platform 4.0 (noarch):
python2-bottle-0.12.13-150000.3.6.1
python3-bottle-0.12.13-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-31799.html
https://bugzilla.suse.com/1200286
From sle-security-updates at lists.suse.com Tue Sep 6 13:27:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:27:17 +0200 (CEST)
Subject: SUSE-SU-2022:3099-1: moderate: Security update for openvswitch
Message-ID: <20220906132717.84FEEFD99@maintenance.suse.de>
SUSE Security Update: Security update for openvswitch
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3099-1
Rating: moderate
References: #1188524
Cross-References: CVE-2021-36980
CVSS scores:
CVE-2021-36980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-36980 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvswitch fixes the following issues:
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a
RAW_ENCAP action (bsc#1188524).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3099=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3099=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3099=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_14-0-2.14.2-150400.24.3.1
libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.3.1
libovn-20_06-0-20.06.2-150400.24.3.1
libovn-20_06-0-debuginfo-20.06.2-150400.24.3.1
openvswitch-2.14.2-150400.24.3.1
openvswitch-debuginfo-2.14.2-150400.24.3.1
openvswitch-debugsource-2.14.2-150400.24.3.1
openvswitch-devel-2.14.2-150400.24.3.1
openvswitch-ipsec-2.14.2-150400.24.3.1
openvswitch-pki-2.14.2-150400.24.3.1
openvswitch-test-2.14.2-150400.24.3.1
openvswitch-test-debuginfo-2.14.2-150400.24.3.1
openvswitch-vtep-2.14.2-150400.24.3.1
openvswitch-vtep-debuginfo-2.14.2-150400.24.3.1
ovn-20.06.2-150400.24.3.1
ovn-central-20.06.2-150400.24.3.1
ovn-central-debuginfo-20.06.2-150400.24.3.1
ovn-debuginfo-20.06.2-150400.24.3.1
ovn-devel-20.06.2-150400.24.3.1
ovn-docker-20.06.2-150400.24.3.1
ovn-host-20.06.2-150400.24.3.1
ovn-host-debuginfo-20.06.2-150400.24.3.1
ovn-vtep-20.06.2-150400.24.3.1
ovn-vtep-debuginfo-20.06.2-150400.24.3.1
python3-ovs-2.14.2-150400.24.3.1
- openSUSE Leap 15.4 (noarch):
openvswitch-doc-2.14.2-150400.24.3.1
ovn-doc-20.06.2-150400.24.3.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_14-0-2.14.2-150400.24.3.1
libopenvswitch-2_14-0-debuginfo-2.14.2-150400.24.3.1
libovn-20_06-0-20.06.2-150400.24.3.1
libovn-20_06-0-debuginfo-20.06.2-150400.24.3.1
openvswitch-2.14.2-150400.24.3.1
openvswitch-debuginfo-2.14.2-150400.24.3.1
openvswitch-debugsource-2.14.2-150400.24.3.1
openvswitch-devel-2.14.2-150400.24.3.1
openvswitch-ipsec-2.14.2-150400.24.3.1
openvswitch-pki-2.14.2-150400.24.3.1
openvswitch-test-2.14.2-150400.24.3.1
openvswitch-test-debuginfo-2.14.2-150400.24.3.1
openvswitch-vtep-2.14.2-150400.24.3.1
openvswitch-vtep-debuginfo-2.14.2-150400.24.3.1
ovn-20.06.2-150400.24.3.1
ovn-central-20.06.2-150400.24.3.1
ovn-central-debuginfo-20.06.2-150400.24.3.1
ovn-debuginfo-20.06.2-150400.24.3.1
ovn-devel-20.06.2-150400.24.3.1
ovn-docker-20.06.2-150400.24.3.1
ovn-host-20.06.2-150400.24.3.1
ovn-host-debuginfo-20.06.2-150400.24.3.1
ovn-vtep-20.06.2-150400.24.3.1
ovn-vtep-debuginfo-20.06.2-150400.24.3.1
python3-ovs-2.14.2-150400.24.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
openvswitch-debuginfo-2.14.2-150400.24.3.1
openvswitch-debugsource-2.14.2-150400.24.3.1
python3-ovs-2.14.2-150400.24.3.1
References:
https://www.suse.com/security/cve/CVE-2021-36980.html
https://bugzilla.suse.com/1188524
From sle-security-updates at lists.suse.com Tue Sep 6 13:27:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:27:59 +0200 (CEST)
Subject: SUSE-SU-2022:3101-1: moderate: Security update for zabbix
Message-ID: <20220906132759.62050FD84@maintenance.suse.de>
SUSE Security Update: Security update for zabbix
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3101-1
Rating: moderate
References: #1201290
Cross-References: CVE-2022-35230
CVSS scores:
CVE-2022-35230 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-35230 (SUSE): 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for zabbix fixes the following issues:
- CVE-2022-35230: Javascript embedded in links for graphs page will be
executed (bsc#1201290).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3101=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
zabbix-agent-4.0.12-4.18.1
zabbix-agent-debuginfo-4.0.12-4.18.1
zabbix-debugsource-4.0.12-4.18.1
References:
https://www.suse.com/security/cve/CVE-2022-35230.html
https://bugzilla.suse.com/1201290
From sle-security-updates at lists.suse.com Tue Sep 6 13:28:36 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:28:36 +0200 (CEST)
Subject: SUSE-SU-2022:3107-1: moderate: Security update for gimp
Message-ID: <20220906132836.CD04DFD84@maintenance.suse.de>
SUSE Security Update: Security update for gimp
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3107-1
Rating: moderate
References: #1201192
Cross-References: CVE-2022-32990
CVSS scores:
CVE-2022-32990 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-32990 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gimp fixes the following issues:
- CVE-2022-32990: Fixed an unhandled exception which may lead to denial
of service (bsc#1201192).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3107=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3107=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3107=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gimp-2.10.12-150300.9.6.1
gimp-debuginfo-2.10.12-150300.9.6.1
gimp-debugsource-2.10.12-150300.9.6.1
gimp-devel-2.10.12-150300.9.6.1
gimp-devel-debuginfo-2.10.12-150300.9.6.1
gimp-plugin-aa-2.10.12-150300.9.6.1
gimp-plugin-aa-debuginfo-2.10.12-150300.9.6.1
libgimp-2_0-0-2.10.12-150300.9.6.1
libgimp-2_0-0-debuginfo-2.10.12-150300.9.6.1
libgimpui-2_0-0-2.10.12-150300.9.6.1
libgimpui-2_0-0-debuginfo-2.10.12-150300.9.6.1
- openSUSE Leap 15.3 (x86_64):
libgimp-2_0-0-32bit-2.10.12-150300.9.6.1
libgimp-2_0-0-32bit-debuginfo-2.10.12-150300.9.6.1
libgimpui-2_0-0-32bit-2.10.12-150300.9.6.1
libgimpui-2_0-0-32bit-debuginfo-2.10.12-150300.9.6.1
- openSUSE Leap 15.3 (noarch):
gimp-lang-2.10.12-150300.9.6.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch):
gimp-lang-2.10.12-150300.9.6.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
gimp-2.10.12-150300.9.6.1
gimp-debuginfo-2.10.12-150300.9.6.1
gimp-debugsource-2.10.12-150300.9.6.1
gimp-devel-2.10.12-150300.9.6.1
gimp-devel-debuginfo-2.10.12-150300.9.6.1
libgimp-2_0-0-2.10.12-150300.9.6.1
libgimp-2_0-0-debuginfo-2.10.12-150300.9.6.1
libgimpui-2_0-0-2.10.12-150300.9.6.1
libgimpui-2_0-0-debuginfo-2.10.12-150300.9.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
gimp-debuginfo-2.10.12-150300.9.6.1
gimp-debugsource-2.10.12-150300.9.6.1
libgimp-2_0-0-2.10.12-150300.9.6.1
libgimp-2_0-0-debuginfo-2.10.12-150300.9.6.1
libgimpui-2_0-0-2.10.12-150300.9.6.1
libgimpui-2_0-0-debuginfo-2.10.12-150300.9.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64):
gimp-2.10.12-150300.9.6.1
gimp-devel-2.10.12-150300.9.6.1
gimp-devel-debuginfo-2.10.12-150300.9.6.1
gimp-plugin-aa-2.10.12-150300.9.6.1
gimp-plugin-aa-debuginfo-2.10.12-150300.9.6.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch):
gimp-lang-2.10.12-150300.9.6.1
References:
https://www.suse.com/security/cve/CVE-2022-32990.html
https://bugzilla.suse.com/1201192
From sle-security-updates at lists.suse.com Tue Sep 6 13:29:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 15:29:14 +0200 (CEST)
Subject: SUSE-SU-2022:3106-1: moderate: Security update for gimp
Message-ID: <20220906132914.5B647FD84@maintenance.suse.de>
SUSE Security Update: Security update for gimp
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3106-1
Rating: moderate
References: #1201192
Cross-References: CVE-2022-32990
CVSS scores:
CVE-2022-32990 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-32990 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gimp fixes the following issues:
- CVE-2022-32990: Fixed an unhandled exception which may lead to denial
of service (bsc#1201192).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3106=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3106=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3106=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gimp-2.10.30-150400.3.6.2
gimp-debuginfo-2.10.30-150400.3.6.2
gimp-debugsource-2.10.30-150400.3.6.2
gimp-devel-2.10.30-150400.3.6.2
gimp-devel-debuginfo-2.10.30-150400.3.6.2
gimp-plugin-aa-2.10.30-150400.3.6.2
gimp-plugin-aa-debuginfo-2.10.30-150400.3.6.2
libgimp-2_0-0-2.10.30-150400.3.6.2
libgimp-2_0-0-debuginfo-2.10.30-150400.3.6.2
libgimpui-2_0-0-2.10.30-150400.3.6.2
libgimpui-2_0-0-debuginfo-2.10.30-150400.3.6.2
- openSUSE Leap 15.4 (x86_64):
libgimp-2_0-0-32bit-2.10.30-150400.3.6.2
libgimp-2_0-0-32bit-debuginfo-2.10.30-150400.3.6.2
libgimpui-2_0-0-32bit-2.10.30-150400.3.6.2
libgimpui-2_0-0-32bit-debuginfo-2.10.30-150400.3.6.2
- openSUSE Leap 15.4 (noarch):
gimp-lang-2.10.30-150400.3.6.2
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
gimp-2.10.30-150400.3.6.2
gimp-debuginfo-2.10.30-150400.3.6.2
gimp-debugsource-2.10.30-150400.3.6.2
gimp-devel-2.10.30-150400.3.6.2
gimp-devel-debuginfo-2.10.30-150400.3.6.2
libgimp-2_0-0-2.10.30-150400.3.6.2
libgimp-2_0-0-debuginfo-2.10.30-150400.3.6.2
libgimpui-2_0-0-2.10.30-150400.3.6.2
libgimpui-2_0-0-debuginfo-2.10.30-150400.3.6.2
- SUSE Linux Enterprise Workstation Extension 15-SP4 (noarch):
gimp-lang-2.10.30-150400.3.6.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
gimp-debuginfo-2.10.30-150400.3.6.2
gimp-debugsource-2.10.30-150400.3.6.2
libgimp-2_0-0-2.10.30-150400.3.6.2
libgimp-2_0-0-debuginfo-2.10.30-150400.3.6.2
libgimpui-2_0-0-2.10.30-150400.3.6.2
libgimpui-2_0-0-debuginfo-2.10.30-150400.3.6.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64):
gimp-2.10.30-150400.3.6.2
gimp-devel-2.10.30-150400.3.6.2
gimp-devel-debuginfo-2.10.30-150400.3.6.2
gimp-plugin-aa-2.10.30-150400.3.6.2
gimp-plugin-aa-debuginfo-2.10.30-150400.3.6.2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch):
gimp-lang-2.10.30-150400.3.6.2
References:
https://www.suse.com/security/cve/CVE-2022-32990.html
https://bugzilla.suse.com/1201192
From sle-security-updates at lists.suse.com Tue Sep 6 16:21:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 18:21:20 +0200 (CEST)
Subject: SUSE-SU-2022:3116-1: moderate: Security update for openvswitch
Message-ID: <20220906162120.13251FD84@maintenance.suse.de>
SUSE Security Update: Security update for openvswitch
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3116-1
Rating: moderate
References: #1188524
Cross-References: CVE-2021-36980
CVSS scores:
CVE-2021-36980 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-36980 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvswitch fixes the following issues:
- CVE-2021-36980: Fixed a use-after-free issue during the decoding of a
RAW_ENCAP action (bsc#1188524).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3116=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3116=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3116=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_14-0-2.14.2-150300.19.3.1
libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.3.1
libovn-20_06-0-20.06.2-150300.19.3.1
libovn-20_06-0-debuginfo-20.06.2-150300.19.3.1
openvswitch-2.14.2-150300.19.3.1
openvswitch-debuginfo-2.14.2-150300.19.3.1
openvswitch-debugsource-2.14.2-150300.19.3.1
openvswitch-devel-2.14.2-150300.19.3.1
openvswitch-ipsec-2.14.2-150300.19.3.1
openvswitch-pki-2.14.2-150300.19.3.1
openvswitch-test-2.14.2-150300.19.3.1
openvswitch-test-debuginfo-2.14.2-150300.19.3.1
openvswitch-vtep-2.14.2-150300.19.3.1
openvswitch-vtep-debuginfo-2.14.2-150300.19.3.1
ovn-20.06.2-150300.19.3.1
ovn-central-20.06.2-150300.19.3.1
ovn-central-debuginfo-20.06.2-150300.19.3.1
ovn-debuginfo-20.06.2-150300.19.3.1
ovn-devel-20.06.2-150300.19.3.1
ovn-docker-20.06.2-150300.19.3.1
ovn-host-20.06.2-150300.19.3.1
ovn-host-debuginfo-20.06.2-150300.19.3.1
ovn-vtep-20.06.2-150300.19.3.1
ovn-vtep-debuginfo-20.06.2-150300.19.3.1
python3-ovs-2.14.2-150300.19.3.1
- openSUSE Leap 15.3 (noarch):
openvswitch-doc-2.14.2-150300.19.3.1
ovn-doc-20.06.2-150300.19.3.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_14-0-2.14.2-150300.19.3.1
libopenvswitch-2_14-0-debuginfo-2.14.2-150300.19.3.1
libovn-20_06-0-20.06.2-150300.19.3.1
libovn-20_06-0-debuginfo-20.06.2-150300.19.3.1
openvswitch-2.14.2-150300.19.3.1
openvswitch-debuginfo-2.14.2-150300.19.3.1
openvswitch-debugsource-2.14.2-150300.19.3.1
openvswitch-devel-2.14.2-150300.19.3.1
openvswitch-ipsec-2.14.2-150300.19.3.1
openvswitch-pki-2.14.2-150300.19.3.1
openvswitch-test-2.14.2-150300.19.3.1
openvswitch-test-debuginfo-2.14.2-150300.19.3.1
openvswitch-vtep-2.14.2-150300.19.3.1
openvswitch-vtep-debuginfo-2.14.2-150300.19.3.1
ovn-20.06.2-150300.19.3.1
ovn-central-20.06.2-150300.19.3.1
ovn-central-debuginfo-20.06.2-150300.19.3.1
ovn-debuginfo-20.06.2-150300.19.3.1
ovn-devel-20.06.2-150300.19.3.1
ovn-docker-20.06.2-150300.19.3.1
ovn-host-20.06.2-150300.19.3.1
ovn-host-debuginfo-20.06.2-150300.19.3.1
ovn-vtep-20.06.2-150300.19.3.1
ovn-vtep-debuginfo-20.06.2-150300.19.3.1
python3-ovs-2.14.2-150300.19.3.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
openvswitch-debuginfo-2.14.2-150300.19.3.1
openvswitch-debugsource-2.14.2-150300.19.3.1
python3-ovs-2.14.2-150300.19.3.1
References:
https://www.suse.com/security/cve/CVE-2021-36980.html
https://bugzilla.suse.com/1188524
From sle-security-updates at lists.suse.com Tue Sep 6 16:22:04 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 18:22:04 +0200 (CEST)
Subject: SUSE-SU-2022:15034-1: important: Security update for ruby
Message-ID: <20220906162204.41E23FD84@maintenance.suse.de>
SUSE Security Update: Security update for ruby
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:15034-1
Rating: important
References: #1112530 #1188160 #1188161
Cross-References: CVE-2018-16395 CVE-2021-31810 CVE-2021-32066
CVE-2021-81810
CVSS scores:
CVE-2018-16395 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-16395 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2021-31810 (NVD) : 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
CVE-2021-31810 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-32066 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-32066 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Webyast 1.3
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for ruby fixes the following issues:
- CVE-2018-16395: Fixed an issue where two x509 certificates could be
considered to be equal when this was not the case (bsc#1112530).
- CVE-2021-32066: Fixed an issue where the IMAP client API would not
report a failure when StartTLS failed, leading to potential man in the
middle attacks (bsc#1188160).
- CVE-2021-31810: Fixed an issue where the FTP client API would trust
certain responses from a malicious server, tricking the client into
connecting to addresses not (bsc#1188161).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Webyast 1.3:
zypper in -t patch slewyst13-ruby-15034=1
Package List:
- SUSE Webyast 1.3 (i586 ia64 ppc64 s390x x86_64):
ruby-devel-1.8.7.p357-0.9.20.3.1
References:
https://www.suse.com/security/cve/CVE-2018-16395.html
https://www.suse.com/security/cve/CVE-2021-31810.html
https://www.suse.com/security/cve/CVE-2021-32066.html
https://www.suse.com/security/cve/CVE-2021-81810.html
https://bugzilla.suse.com/1112530
https://bugzilla.suse.com/1188160
https://bugzilla.suse.com/1188161
From sle-security-updates at lists.suse.com Tue Sep 6 19:20:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 21:20:47 +0200 (CEST)
Subject: SUSE-SU-2022:3119-1: moderate: Security update for ImageMagick
Message-ID: <20220906192047.C5251FD84@maintenance.suse.de>
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3119-1
Rating: moderate
References: #1202250 #1202800
Cross-References: CVE-2021-20224 CVE-2022-2719
CVSS scores:
CVE-2021-20224 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-20224 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2719 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2719 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2021-20224: Fixed an integer overflow that could be triggered via a
crafted file (bsc#1202800).
- CVE-2022-2719: Fixed a reachable assertion that could lead to denial
of service via a crafted file (bsc#1202250).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3119=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3119=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3119=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3119=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.36.1
- openSUSE Leap 15.4 (x86_64):
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.36.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.36.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.36.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.36.1
ImageMagick-debuginfo-7.0.7.34-150200.10.36.1
ImageMagick-debugsource-7.0.7.34-150200.10.36.1
ImageMagick-devel-7.0.7.34-150200.10.36.1
ImageMagick-extra-7.0.7.34-150200.10.36.1
ImageMagick-extra-debuginfo-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.36.1
libMagick++-devel-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.36.1
perl-PerlMagick-7.0.7.34-150200.10.36.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.36.1
- openSUSE Leap 15.3 (x86_64):
ImageMagick-devel-32bit-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-32bit-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-32bit-debuginfo-7.0.7.34-150200.10.36.1
libMagick++-devel-32bit-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-32bit-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-32bit-debuginfo-7.0.7.34-150200.10.36.1
- openSUSE Leap 15.3 (noarch):
ImageMagick-doc-7.0.7.34-150200.10.36.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-debuginfo-7.0.7.34-150200.10.36.1
ImageMagick-debugsource-7.0.7.34-150200.10.36.1
perl-PerlMagick-7.0.7.34-150200.10.36.1
perl-PerlMagick-debuginfo-7.0.7.34-150200.10.36.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
ImageMagick-7.0.7.34-150200.10.36.1
ImageMagick-config-7-SUSE-7.0.7.34-150200.10.36.1
ImageMagick-config-7-upstream-7.0.7.34-150200.10.36.1
ImageMagick-debuginfo-7.0.7.34-150200.10.36.1
ImageMagick-debugsource-7.0.7.34-150200.10.36.1
ImageMagick-devel-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-7.0.7.34-150200.10.36.1
libMagick++-7_Q16HDRI4-debuginfo-7.0.7.34-150200.10.36.1
libMagick++-devel-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickCore-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-7.0.7.34-150200.10.36.1
libMagickWand-7_Q16HDRI6-debuginfo-7.0.7.34-150200.10.36.1
References:
https://www.suse.com/security/cve/CVE-2021-20224.html
https://www.suse.com/security/cve/CVE-2022-2719.html
https://bugzilla.suse.com/1202250
https://bugzilla.suse.com/1202800
From sle-security-updates at lists.suse.com Tue Sep 6 19:24:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 6 Sep 2022 21:24:03 +0200 (CEST)
Subject: SUSE-SU-2022:3061-1: important: Security update for the Linux Kernel
(Live Patch 30 for SLE 15 SP1)
Message-ID: <20220906192403.89CACFD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3061-1
Rating: important
References: #1196867 #1201941
Cross-References: CVE-2020-36516 CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150100_197_111 fixes several
issues.
The following security issues were fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment
method with the hash-based IPID assignment policy to inject data into a
victim's TCP session or terminate that session (bsc#1196867).
- CVE-2022-36946: Fixed a remote denial of service attack inside
nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an
nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can
encounter a negative length (bsc#1201941).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3066=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3067=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3068=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3069=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3070=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3071=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3073=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3074=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3076=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3078=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3079=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3083=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3110=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3111=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3120=1
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3065=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3077=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3081=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3082=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3084=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3085=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3090=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3104=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3109=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3058=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3059=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3060=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3061=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3062=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3063=1
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3052=1 SUSE-SLE-Module-Live-Patching-15-2022-3053=1 SUSE-SLE-Module-Live-Patching-15-2022-3054=1 SUSE-SLE-Module-Live-Patching-15-2022-3055=1 SUSE-SLE-Module-Live-Patching-15-2022-3056=1 SUSE-SLE-Module-Live-Patching-15-2022-3121=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3040=1 SUSE-SLE-Live-Patching-12-SP5-2022-3041=1 SUSE-SLE-Live-Patching-12-SP5-2022-3042=1 SUSE-SLE-Live-Patching-12-SP5-2022-3043=1 SUSE-SLE-Live-Patching-12-SP5-2022-3044=1 SUSE-SLE-Live-Patching-12-SP5-2022-3045=1 SUSE-SLE-Live-Patching-12-SP5-2022-3046=1 SUSE-SLE-Live-Patching-12-SP5-2022-3047=1 SUSE-SLE-Live-Patching-12-SP5-2022-3048=1 SUSE-SLE-Live-Patching-12-SP5-2022-3049=1 SUSE-SLE-Live-Patching-12-SP5-2022-3050=1
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3033=1 SUSE-SLE-Live-Patching-12-SP4-2022-3034=1 SUSE-SLE-Live-Patching-12-SP4-2022-3035=1 SUSE-SLE-Live-Patching-12-SP4-2022-3036=1 SUSE-SLE-Live-Patching-12-SP4-2022-3037=1 SUSE-SLE-Live-Patching-12-SP4-2022-3038=1 SUSE-SLE-Live-Patching-12-SP4-2022-3039=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_43-default-13-150300.2.2
kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-13-150300.2.2
kernel-livepatch-5_3_18-150300_59_46-default-13-150300.2.2
kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-13-150300.2.2
kernel-livepatch-5_3_18-150300_59_49-default-12-150300.2.2
kernel-livepatch-5_3_18-150300_59_54-default-11-150300.2.2
kernel-livepatch-5_3_18-150300_59_60-default-10-150300.2.2
kernel-livepatch-5_3_18-150300_59_63-default-7-150300.2.2
kernel-livepatch-5_3_18-150300_59_68-default-6-150300.2.2
kernel-livepatch-5_3_18-150300_59_71-default-5-150300.2.1
kernel-livepatch-5_3_18-150300_59_76-default-4-150300.2.1
kernel-livepatch-5_3_18-150300_59_87-default-3-150300.2.1
kernel-livepatch-5_3_18-59_24-default-16-150300.2.2
kernel-livepatch-5_3_18-59_24-default-debuginfo-16-150300.2.2
kernel-livepatch-5_3_18-59_27-default-16-150300.2.2
kernel-livepatch-5_3_18-59_27-default-debuginfo-16-150300.2.2
kernel-livepatch-5_3_18-59_34-default-15-150300.2.2
kernel-livepatch-5_3_18-59_34-default-debuginfo-15-150300.2.2
kernel-livepatch-5_3_18-59_37-default-14-150300.2.2
kernel-livepatch-5_3_18-59_37-default-debuginfo-14-150300.2.2
kernel-livepatch-5_3_18-59_40-default-14-150300.2.2
kernel-livepatch-SLE15-SP3_Update_10-debugsource-14-150300.2.2
kernel-livepatch-SLE15-SP3_Update_6-debugsource-16-150300.2.2
kernel-livepatch-SLE15-SP3_Update_7-debugsource-16-150300.2.2
kernel-livepatch-SLE15-SP3_Update_9-debugsource-15-150300.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64):
kernel-livepatch-5_3_18-59_40-default-debuginfo-14-150300.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150200_24_112-default-7-150200.2.2
kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-7-150200.2.2
kernel-livepatch-5_3_18-150200_24_115-default-5-150200.2.1
kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-5-150200.2.1
kernel-livepatch-5_3_18-24_102-default-12-150200.2.2
kernel-livepatch-5_3_18-24_102-default-debuginfo-12-150200.2.2
kernel-livepatch-5_3_18-24_107-default-11-150200.2.2
kernel-livepatch-5_3_18-24_107-default-debuginfo-11-150200.2.2
kernel-livepatch-5_3_18-24_83-default-16-150200.2.2
kernel-livepatch-5_3_18-24_83-default-debuginfo-16-150200.2.2
kernel-livepatch-5_3_18-24_86-default-16-150200.2.2
kernel-livepatch-5_3_18-24_86-default-debuginfo-16-150200.2.2
kernel-livepatch-5_3_18-24_93-default-15-150200.2.2
kernel-livepatch-5_3_18-24_93-default-debuginfo-15-150200.2.2
kernel-livepatch-5_3_18-24_96-default-14-150200.2.2
kernel-livepatch-5_3_18-24_96-default-debuginfo-14-150200.2.2
kernel-livepatch-5_3_18-24_99-default-13-150200.2.2
kernel-livepatch-5_3_18-24_99-default-debuginfo-13-150200.2.2
kernel-livepatch-SLE15-SP2_Update_19-debugsource-16-150200.2.2
kernel-livepatch-SLE15-SP2_Update_20-debugsource-16-150200.2.2
kernel-livepatch-SLE15-SP2_Update_21-debugsource-15-150200.2.2
kernel-livepatch-SLE15-SP2_Update_22-debugsource-14-150200.2.2
kernel-livepatch-SLE15-SP2_Update_23-debugsource-13-150200.2.2
kernel-livepatch-SLE15-SP2_Update_24-debugsource-12-150200.2.2
kernel-livepatch-SLE15-SP2_Update_26-debugsource-7-150200.2.2
kernel-livepatch-SLE15-SP2_Update_27-debugsource-5-150200.2.1
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64):
kernel-livepatch-SLE15-SP2_Update_25-debugsource-11-150200.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-150100_197_111-default-7-150100.2.2
kernel-livepatch-4_12_14-150100_197_114-default-4-150100.2.1
kernel-livepatch-4_12_14-150100_197_117-default-2-150100.2.1
kernel-livepatch-4_12_14-197_102-default-13-150100.2.2
kernel-livepatch-4_12_14-197_105-default-9-150100.2.2
kernel-livepatch-4_12_14-197_108-default-8-150100.2.2
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150000_150_89-default-7-150000.2.2
kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-7-150000.2.2
kernel-livepatch-4_12_14-150000_150_92-default-4-150000.2.1
kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-4-150000.2.1
kernel-livepatch-4_12_14-150000_150_95-default-2-150000.2.1
kernel-livepatch-4_12_14-150000_150_95-default-debuginfo-2-150000.2.1
kernel-livepatch-4_12_14-150_78-default-13-150000.2.2
kernel-livepatch-4_12_14-150_78-default-debuginfo-13-150000.2.2
kernel-livepatch-4_12_14-150_83-default-9-150000.2.2
kernel-livepatch-4_12_14-150_83-default-debuginfo-9-150000.2.2
kernel-livepatch-4_12_14-150_86-default-8-150000.2.2
kernel-livepatch-4_12_14-150_86-default-debuginfo-8-150000.2.2
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_103-default-14-2.3
kgraft-patch-4_12_14-122_106-default-12-2.3
kgraft-patch-4_12_14-122_110-default-10-2.3
kgraft-patch-4_12_14-122_113-default-9-2.3
kgraft-patch-4_12_14-122_116-default-7-2.3
kgraft-patch-4_12_14-122_121-default-5-2.3
kgraft-patch-4_12_14-122_124-default-4-2.2
kgraft-patch-4_12_14-122_127-default-2-2.2
kgraft-patch-4_12_14-122_88-default-16-2.3
kgraft-patch-4_12_14-122_91-default-16-2.3
kgraft-patch-4_12_14-122_98-default-14-2.3
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_102-default-2-2.2
kgraft-patch-4_12_14-95_105-default-2-2.2
kgraft-patch-4_12_14-95_83-default-13-2.3
kgraft-patch-4_12_14-95_88-default-9-2.3
kgraft-patch-4_12_14-95_93-default-8-2.3
kgraft-patch-4_12_14-95_96-default-7-2.3
kgraft-patch-4_12_14-95_99-default-4-2.2
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1201941
From sle-security-updates at lists.suse.com Tue Sep 6 22:19:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 00:19:45 +0200 (CEST)
Subject: SUSE-SU-2022:3125-1: important: Security update for clamav
Message-ID: <20220906221945.0BDE2FD84@maintenance.suse.de>
SUSE Security Update: Security update for clamav
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3125-1
Rating: important
References: #1202986
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature "Intermediates" feature.
* Relax constraints on slightly malformed zip archives that contain
overlapping file entries.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3125=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-3.21.2
clamav-debuginfo-0.103.7-3.21.2
clamav-debugsource-0.103.7-3.21.2
References:
https://bugzilla.suse.com/1202986
From sle-security-updates at lists.suse.com Tue Sep 6 22:20:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 00:20:27 +0200 (CEST)
Subject: SUSE-SU-2022:3123-1: important: Security update for the Linux Kernel
(Live Patch 2 for SLE 15 SP4)
Message-ID: <20220906222027.D6140FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3123-1
Rating: important
References: #1196867 #1196959 #1201941
Cross-References: CVE-2020-36516 CVE-2021-39698 CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.14.21-150400_24_16 fixes several issues.
The following security issues were fixed:
- CVE-2020-36516: Fixed an off-path attack via mixed IPID assignment
method with the hash-based IPID assignment policy to inject data into a
victim's TCP session or terminate that session (bsc#1196867).
- CVE-2021-39698: Fixed possible memory corruption in
aio_poll_complete_work of aio.c, that could have led to local escalation
of privilege with no additional execution privileges needed
(bsc#1196959).
- CVE-2022-36946: Fixed a remote denial of service attack inside
nfqnl_mangle in net/netfilter/nfnetlink_queue.c, in the case of an
nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can
encounter a negative length (bsc#1201941).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3123=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_24_18-default-2-150400.2.1
kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-2-150400.2.1
kernel-livepatch-SLE15-SP4_Update_2-debugsource-2-150400.2.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-39698.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1196867
https://bugzilla.suse.com/1196959
https://bugzilla.suse.com/1201941
From sle-security-updates at lists.suse.com Wed Sep 7 07:35:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:35:27 +0200 (CEST)
Subject: SUSE-CU-2022:2047-1: Security update of suse/sles12sp5
Message-ID: <20220907073527.10474FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2047-1
Container Tags : suse/sles12sp5:6.5.376 , suse/sles12sp5:latest
Container Release : 6.5.376
Severity : moderate
Type : security
References : 1181994 1188006 1197178 1198731 1199079 1200842 1201929 1202593
1202868 CVE-2022-35252
-----------------------------------------------------------------
The container suse/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2981-1
Released: Thu Sep 1 12:33:06 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3005-1
Released: Fri Sep 2 15:02:47 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3105-1
Released: Tue Sep 6 10:57:34 2022
Summary: Recommended update for keyutils
Type: recommended
Severity: moderate
References: 1201929
This update for keyutils fixes the following issues:
- Apply default TTL to DNS records from getaddrinfo() (bsc#1201929)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3112-1
Released: Tue Sep 6 13:09:49 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added CAs:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
The following package changes have been done:
- ca-certificates-mozilla-2.56-12.37.1 updated
- libblkid1-2.33.2-4.21.1 updated
- libcurl4-7.60.0-11.46.1 updated
- libfdisk1-2.33.2-4.21.1 updated
- libkeyutils1-1.5.9-5.3.1 updated
- libmount1-2.33.2-4.21.1 updated
- libsmartcols1-2.33.2-4.21.1 updated
- libuuid1-2.33.2-4.21.1 updated
- util-linux-2.33.2-4.21.1 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:40:18 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:40:18 +0200 (CEST)
Subject: SUSE-CU-2022:2049-1: Security update of bci/nodejs
Message-ID: <20220907074018.92F3CFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2049-1
Container Tags : bci/node:12 , bci/node:12-16.170 , bci/nodejs:12 , bci/nodejs:12-16.170
Container Release : 16.170
Severity : important
Type : security
References : 1181475 1197178 1198731 1198925 1200842 1202175 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- container:sles15-image-15.0.0-17.20.26 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:44:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:44:25 +0200 (CEST)
Subject: SUSE-CU-2022:2050-1: Security update of bci/python
Message-ID: <20220907074425.36E29FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2050-1
Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.87
Container Release : 18.87
Severity : important
Type : security
References : 1197178 1198731 1198925 1200842 1202175 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- curl-7.66.0-150200.4.39.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- container:sles15-image-15.0.0-17.20.27 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:45:09 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:45:09 +0200 (CEST)
Subject: SUSE-CU-2022:2051-1: Security update of suse/389-ds
Message-ID: <20220907074509.82A7AFCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2051-1
Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-16.4 , suse/389-ds:latest
Container Release : 16.4
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:46:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:46:16 +0200 (CEST)
Subject: SUSE-CU-2022:2053-1: Security update of bci/dotnet-sdk
Message-ID: <20220907074616.9181EFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2053-1
Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-45.18 , bci/dotnet-sdk:3.1.28 , bci/dotnet-sdk:3.1.28-45.18
Container Release : 45.18
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:47:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:47:03 +0200 (CEST)
Subject: SUSE-CU-2022:2054-1: Security update of bci/dotnet-sdk
Message-ID: <20220907074703.2637CFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2054-1
Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-33.21 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-33.21
Container Release : 33.21
Severity : important
Type : security
References : 1197178 1198731 1202175 1202310 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:47:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:47:58 +0200 (CEST)
Subject: SUSE-CU-2022:2055-1: Security update of bci/dotnet-runtime
Message-ID: <20220907074758.61714FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2055-1
Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-46.17 , bci/dotnet-runtime:3.1.28 , bci/dotnet-runtime:3.1.28-46.17
Container Release : 46.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:49:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:49:08 +0200 (CEST)
Subject: SUSE-CU-2022:2056-1: Security update of bci/golang
Message-ID: <20220907074908.CDA10FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2056-1
Container Tags : bci/golang:1.16 , bci/golang:1.16-30.19
Container Release : 30.19
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:50:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:50:22 +0200 (CEST)
Subject: SUSE-CU-2022:2057-1: Security update of bci/golang
Message-ID: <20220907075022.543D6FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2057-1
Container Tags : bci/golang:1.17 , bci/golang:1.17-29.20
Container Release : 29.20
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:51:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:51:13 +0200 (CEST)
Subject: SUSE-CU-2022:2058-1: Security update of bci/golang
Message-ID: <20220907075113.B656DFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2058-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-16.17
Container Release : 16.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:51:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:51:39 +0200 (CEST)
Subject: SUSE-CU-2022:2059-1: Security update of bci/golang
Message-ID: <20220907075139.579A3FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2059-1
Container Tags : bci/golang:1.19 , bci/golang:1.19-2.17 , bci/golang:latest
Container Release : 2.17
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:53:21 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:53:21 +0200 (CEST)
Subject: SUSE-CU-2022:2062-1: Security update of bci/nodejs
Message-ID: <20220907075321.3892AFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2062-1
Container Tags : bci/node:16 , bci/node:16-9.20 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.20 , bci/nodejs:latest
Container Release : 9.20
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:54:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:54:34 +0200 (CEST)
Subject: SUSE-CU-2022:2063-1: Security update of bci/openjdk
Message-ID: <20220907075434.1CDB8FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2063-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-30.19 , bci/openjdk:latest
Container Release : 30.19
Severity : important
Type : security
References : 1197178 1198731 1198925 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:55:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:55:30 +0200 (CEST)
Subject: SUSE-CU-2022:2064-1: Security update of suse/pcp
Message-ID: <20220907075530.66DE6FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2064-1
Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-10.7 , suse/pcp:latest
Container Release : 10.7
Severity : moderate
Type : security
References : 1197178 1198731 1202593 CVE-2022-35252
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- container:bci-bci-init-15.4-15.4-22.4 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:56:09 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:56:09 +0200 (CEST)
Subject: SUSE-CU-2022:2066-1: Security update of bci/python
Message-ID: <20220907075609.5FA0CFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2066-1
Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.18 , bci/python:latest
Container Release : 5.18
Severity : important
Type : security
References : 1197178 1198731 1202175 1202310 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- curl-7.79.1-150400.5.6.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:56:48 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:56:48 +0200 (CEST)
Subject: SUSE-CU-2022:2067-1: Security update of bci/python
Message-ID: <20220907075648.320E8FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2067-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.18
Container Release : 28.18
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- curl-7.79.1-150400.5.6.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:57:26 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:57:26 +0200 (CEST)
Subject: SUSE-CU-2022:2068-1: Security update of bci/rust
Message-ID: <20220907075726.941B1FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2068-1
Container Tags : bci/rust:1.62 , bci/rust:1.62-2.17 , bci/rust:latest
Container Release : 2.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 07:57:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 09:57:12 +0200 (CEST)
Subject: SUSE-CU-2022:2043-1: Security update of bci/rust
Message-ID: <20220907075712.2CBABFCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2043-1
Container Tags : bci/rust:1.61 , bci/rust:1.61-6.17
Container Release : 6.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 08:27:33 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 10:27:33 +0200 (CEST)
Subject: SUSE-CU-2022:2078-1: Security update of suse/sle15
Message-ID: <20220907082733.E2673FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2078-1
Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.18 , suse/sle15:15.4 , suse/sle15:15.4.27.11.18
Container Release : 27.11.18
Severity : important
Type : security
References : 1181475 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- curl-7.79.1-150400.5.6.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
From sle-security-updates at lists.suse.com Wed Sep 7 08:26:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 10:26:53 +0200 (CEST)
Subject: SUSE-CU-2022:2068-1: Security update of bci/rust
Message-ID: <20220907082653.DDFE9FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2068-1
Container Tags : bci/rust:1.62 , bci/rust:1.62-2.17 , bci/rust:latest
Container Release : 2.17
Severity : important
Type : security
References : 1197178 1198731 1202175 1202593 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-27.11.18 updated
From sle-security-updates at lists.suse.com Wed Sep 7 10:23:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 12:23:13 +0200 (CEST)
Subject: SUSE-SU-2022:3136-1: important: Security update for webkit2gtk3
Message-ID: <20220907102313.76DC9FCF4@maintenance.suse.de>
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3136-1
Rating: important
References: #1202169 #1202807
Cross-References: CVE-2022-32893
CVSS scores:
CVE-2022-32893 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32893 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when processing
malicious web content and that could lead to arbitrary code execution.
- Fixed several crashes and rendering issues.
- Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
- Fixed several crashes and rendering issues
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3136=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3136=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3136=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3136=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3136=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3136=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3136=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3136=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (noarch):
libwebkit2gtk3-lang-2.36.7-2.110.1
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
- SUSE OpenStack Cloud 9 (noarch):
libwebkit2gtk3-lang-2.36.7-2.110.1
- SUSE OpenStack Cloud 9 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
webkit2gtk3-devel-2.36.7-2.110.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
libwebkit2gtk3-lang-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
libwebkit2gtk3-lang-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
libwebkit2gtk3-lang-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
libwebkit2gtk3-lang-2.36.7-2.110.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-2.110.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-2.110.1
libwebkit2gtk-4_0-37-2.36.7-2.110.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-2.110.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2-4_0-2.36.7-2.110.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-2.36.7-2.110.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-2.110.1
webkit2gtk3-debugsource-2.36.7-2.110.1
webkit2gtk3-devel-2.36.7-2.110.1
References:
https://www.suse.com/security/cve/CVE-2022-32893.html
https://bugzilla.suse.com/1202169
https://bugzilla.suse.com/1202807
From sle-security-updates at lists.suse.com Wed Sep 7 12:23:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:23:34 +0200 (CEST)
Subject: SUSE-CU-2022:2082-1: Security update of ses/7.1/cephcsi/cephcsi
Message-ID: <20220907122334.465B0FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/cephcsi/cephcsi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2082-1
Container Tags : ses/7.1/cephcsi/cephcsi:3.5.1 , ses/7.1/cephcsi/cephcsi:3.5.1.0.3.2.345 , ses/7.1/cephcsi/cephcsi:latest , ses/7.1/cephcsi/cephcsi:sle15.3.pacific , ses/7.1/cephcsi/cephcsi:v3.5.1 , ses/7.1/cephcsi/cephcsi:v3.5.1.0
Container Release : 3.2.345
Severity : critical
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1041090 1082318 1104264 1106390 1107066 1107067 1111973 1112723
1112726 1121227 1121230 1122004 1122021 1123685 1125007 1137373
1164384 1177460 1180065 1181475 1181658 1183308 1183533 1184501
1185637 1191157 1191502 1191908 1192449 1192616 1192951 1193086
1193489 1193659 1193951 1194131 1194172 1194550 1194642 1194708
1194848 1194875 1194883 1195059 1195157 1195231 1195247 1195251
1195258 1195283 1195359 1195463 1195529 1195628 1195836 1195881
1195899 1195916 1195999 1196017 1196044 1196061 1196093 1196107
1196125 1196212 1196317 1196368 1196490 1196499 1196514 1196567
1196647 1196696 1196733 1196785 1196787 1196850 1196861 1196925
1196939 1197004 1197017 1197024 1197065 1197134 1197178 1197297
1197443 1197459 1197570 1197684 1197718 1197742 1197743 1197771
1197788 1197790 1197794 1197846 1198062 1198062 1198090 1198114
1198176 1198237 1198341 1198422 1198435 1198446 1198458 1198507
1198511 1198614 1198627 1198723 1198731 1198732 1198751 1198752
1198766 1198922 1198925 1199042 1199090 1199132 1199140 1199166
1199223 1199224 1199232 1199232 1199235 1199240 1199524 1199756
1200064 1200170 1200278 1200334 1200485 1200550 1200553 1200735
1200737 1200800 1200802 1200842 1200855 1200855 1201099 1201225
1201253 1201560 1201640 1202175 1202310 1202498 1202498 1202593
CVE-2015-20107 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610
CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402
CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-20573
CVE-2018-20574 CVE-2018-25032 CVE-2019-20454 CVE-2019-6285 CVE-2019-6292
CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664
CVE-2019-7665 CVE-2020-21913 CVE-2020-29362 CVE-2020-29651 CVE-2021-22570
CVE-2021-28153 CVE-2021-3979 CVE-2022-1271 CVE-2022-1271 CVE-2022-1292
CVE-2022-1304 CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1706
CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-2309 CVE-2022-23308
CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155
CVE-2022-29217 CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208
CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/cephcsi/cephcsi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1126-1
Released: Thu Apr 7 14:05:02 2022
Summary: Recommended update for nfs-utils
Type: recommended
Severity: moderate
References: 1197297,1197788
This update for nfs-utils fixes the following issues:
- Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297)
* This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels.
- Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1145-1
Released: Mon Apr 11 14:59:54 2022
Summary: Recommended update for tcmu-runner
Type: recommended
Severity: moderate
References: 1196787
This update for tcmu-runner fixes the following issues:
- fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1203-1
Released: Thu Apr 14 11:43:28 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1195231
This update for lvm2 fixes the following issues:
- udev: create symlinks and watch even in suspended state (bsc#1195231)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1422-1
Released: Wed Apr 27 09:24:27 2022
Summary: Recommended update for glib2-branding
Type: recommended
Severity: moderate
References: 1195836
This update for glib2-branding fixes the following issues:
- Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing
favorite link. (bsc#1195836)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1438-1
Released: Wed Apr 27 15:27:19 2022
Summary: Recommended update for systemd-presets-common-SUSE
Type: recommended
Severity: low
References: 1195251
This update for systemd-presets-common-SUSE fixes the following issue:
- enable vgauthd service for VMWare by default (bsc#1195251)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1439-1
Released: Wed Apr 27 16:08:04 2022
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1198237
This update for binutils fixes the following issues:
- The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1491-1
Released: Tue May 3 07:09:44 2022
Summary: Recommended update for psmisc
Type: recommended
Severity: moderate
References: 1194172
This update for psmisc fixes the following issues:
- Add a fallback if the system call name_to_handle_at() is not supported by the used file system.
- Replace the synchronizing over pipes of the sub process for the stat(2) system call with mutex and conditions from
pthreads(7) (bsc#1194172)
- Use statx(2) or SYS_statx system call to replace the stat(2) system call and avoid the sub process (bsc#1194172)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1617-1
Released: Tue May 10 14:40:12 2022
Summary: Security update for gzip
Type: security
Severity: important
References: 1198062,1198922,CVE-2022-1271
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1625-1
Released: Tue May 10 15:54:43 2022
Summary: Recommended update for python-python3-saml
Type: recommended
Severity: moderate
References: 1197846
This update for python-python3-saml fixes the following issues:
- Update expiry dates for responses. (bsc#1197846)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1709-1
Released: Tue May 17 17:35:47 2022
Summary: Recommended update for libcbor
Type: recommended
Severity: important
References: 1197743
This update for libcbor fixes the following issues:
- Fix build errors occuring on SUSE Linux Enterprise 15 Service Pack 4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1720-1
Released: Tue May 17 17:46:03 2022
Summary: Recommended update for python-rtslib-fb
Type: recommended
Severity: important
References: 1199090
This update for python-rtslib-fb fixes the following issues:
- Update parameters description.
- Enable the 'disable_emulate_legacy_capacity' parameter. (bsc#1199090)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1828-1
Released: Tue May 24 10:47:38 2022
Summary: Recommended update for oath-toolkit
Type: recommended
Severity: important
References: 1197790
This update for oath-toolkit fixes the following issues:
- Fix build issues occurring on SUSE Linux Enterprise 15 Service Pack 4 (bsc#1197790)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1864-1
Released: Fri May 27 09:07:30 2022
Summary: Recommended update for leveldb
Type: recommended
Severity: low
References: 1197742
This update for leveldb fixes the following issue:
- fix tests (bsc#1197742)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1883-1
Released: Mon May 30 12:41:35 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2049-1
Released: Mon Jun 13 09:23:52 2022
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1191908,1198422
This update for binutils fixes the following issues:
- Revert back to old behaviour of not ignoring the in-section content
of to be relocated fields on x86-64, even though that's a RELA architecture.
Compatibility with buggy object files generated by old tools.
[bsc#1198422]
- Fix a problem in crash not accepting some of our .ko.debug files. (bsc#1191908)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2149-1
Released: Wed Jun 22 08:17:38 2022
Summary: Recommended update for ceph-iscsi
Type: recommended
Severity: moderate
References: 1198435
This update for ceph-iscsi fixes the following issues:
- Update to 3.5+1655410541.gf482c7a.
+ Improve werkzeug version checking (bsc#1198435)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2157-1
Released: Wed Jun 22 17:11:25 2022
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1198458
This update for binutils fixes the following issues:
- For building the shim 15.6~rc1 and later versions aarch64 image, objcopy
needs to support efi-app-aarch64 target. (bsc#1198458)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released: Thu Jul 7 12:16:58 2022
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: low
References:
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released: Mon Jul 11 20:34:20 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1198511,CVE-2015-20107
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2402-1
Released: Thu Jul 14 16:58:22 2022
Summary: Security update for python-PyJWT
Type: security
Severity: important
References: 1199756,CVE-2022-29217
This update for python-PyJWT fixes the following issues:
- CVE-2022-29217: Fixed key confusion through non-blocklisted public key format (bsc#1199756).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2405-1
Released: Fri Jul 15 11:47:57 2022
Summary: Security update for p11-kit
Type: security
Severity: moderate
References: 1180065,CVE-2020-29362
This update for p11-kit fixes the following issues:
- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2547-1
Released: Mon Jul 25 19:57:38 2022
Summary: Security update for logrotate
Type: security
Severity: important
References: 1192449,1200278,1200802
This update for logrotate fixes the following issues:
Security issues fixed:
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2548-1
Released: Tue Jul 26 13:48:28 2022
Summary: Critical update for python-cssselect
Type: recommended
Severity: critical
References:
This update for python-cssselect implements packages to the unrestrictied repository.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released: Tue Aug 2 12:21:23 2022
Summary: Recommended update for apparmor
Type: recommended
Severity: important
References: 1195463,1196850
This update for apparmor fixes the following issues:
- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released: Wed Aug 3 15:06:21 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2817-1
Released: Tue Aug 16 12:03:46 2022
Summary: Security update for ceph
Type: security
Severity: important
References: 1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:
- Update to 16.2.9-536-g41a9f9a5573:
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
- Update to 16.2.9-158-gd93952c7eea:
+ cmake: check for python(\d)\.(\d+) when building boost
+ make-dist: patch boost source to support python 3.10
- Update to ceph-16.2.9-58-ge2e5cb80063:
+ (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths
- Update to 16.2.9.50-g7d9f12156fb:
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
- Update to 16.2.7-969-g6195a460d89
+ (jsc#SES-2515) High-availability NFS export
- Update to v16.2.7-654-gd5a90ff46f0
+ (bsc#1196733) remove build directory during %clean
- Update to v16.2.7-652-gf5dc462fdb5
+ (bsc#1194875) [SES7P] include/buffer: include memory
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released: Wed Aug 17 14:41:07 2022
Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type: security
Severity: moderate
References: 1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released: Fri Aug 26 11:36:03 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:
- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2926-1
Released: Mon Aug 29 10:38:52 2022
Summary: Feature update for LibreOffice
Type: feature
Severity: moderate
References: 1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:
abseil-cpp:
- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)
libcuckoo:
- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)
libixion:
- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
libreoffice:
- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
* Update bundled dependencies:
* gpgme from version 1.13.1 to version 1.16.0
* libgpg-error from version 1.37 to version 1.43
* libassuan from version 2.5.3 to version 2.5.5
* pdfium from version 4500 to version 4699
* skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
* boost from version 1_75 to version 1_77
* icu4c from version 69_1 to version 70_1
* On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
* New build dependencies:
* abseil-cpp-devel
* libassuan0
* libcuckoo-devel
* libopenjp2
* requrire liborcus-0.17 instead of liborcus-0.16
* requrire mdds-2.0 instead of mdds-1.5
* Do not use serf-1 anymore but use curl instead.
* Other fixes:
* Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
* Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
* Bullets appear larger and green instead of black. (bsc#1195881)
* Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
* Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)
liborcus:
- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
mdds-2_0:
- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)
myspell-dictionaries:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
ucpp:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
xmlsec1:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2972-1
Released: Thu Sep 1 11:08:16 2022
Summary: Feature update for python-kubernetes
Type: feature
Severity: moderate
References:
This feature update for python-kubernetes provides:
- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
* Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
* Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- binutils-2.37-150100.7.37.1 updated
- ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-iscsi-3.5+1655410541.gf482c7a-150300.3.3.1 updated
- ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- device-mapper-1.02.163-8.42.1 updated
- e2fsprogs-1.43.8-150000.4.33.1 updated
- gio-branding-SLE-15-150300.19.3.1 updated
- glib2-tools-2.62.6-150200.3.9.1 updated
- glibc-locale-base-2.31-150300.37.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- gzip-1.10-150200.10.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcbor0-0.5.0-150100.4.6.1 updated
- libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libctf-nobfd0-2.37-150100.7.37.1 updated
- libctf0-2.37-150100.7.37.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdevmapper-event1_03-1.02.163-8.42.1 updated
- libdevmapper1_03-1.02.163-8.42.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libext2fs2-1.43.8-150000.4.33.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libgio-2_0-0-2.62.6-150200.3.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libgmodule-2_0-0-2.62.6-150200.3.9.1 updated
- libgobject-2_0-0-2.62.6-150200.3.9.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libleveldb1-1.18-150000.3.3.1 updated
- liblvm2cmd2_03-2.03.05-8.42.1 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- liboath0-2.6.2-150000.3.3.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libp11-kit0-0.23.2-150000.4.16.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtcmu2-1.5.2-150200.2.7.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- logrotate-3.13.0-150000.4.7.1 updated
- lvm2-2.03.05-8.42.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- nfs-client-2.1.1-150100.10.24.1 updated
- nfs-kernel-server-2.1.1-150100.10.24.1 updated
- oath-toolkit-xml-2.6.2-150000.3.3.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- p11-kit-tools-0.23.2-150000.4.16.1 updated
- p11-kit-0.23.2-150000.4.16.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- psmisc-23.0-150000.6.22.1 updated
- python-rtslib-fb-common-2.1.74-150300.3.3.1 updated
- python3-PyJWT-1.7.1-150200.3.3.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cssselect-1.0.3-150000.3.3.1 updated
- python3-curses-3.6.15-150300.10.27.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-python3-saml-1.7.0-150200.3.3.2 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rtslib-fb-2.1.74-150300.3.3.1 updated
- python3-3.6.15-150300.10.27.1 updated
- rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated
- tcmu-runner-1.5.2-150200.2.7.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- xz-5.2.3-150000.4.7.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:ceph-image-1.0.0-3.2.223 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:23:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:23:47 +0200 (CEST)
Subject: SUSE-CU-2022:2083-1: Security update of ses/7.1/ceph/grafana
Message-ID: <20220907122347.CF7D3FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/grafana
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2083-1
Container Tags : ses/7.1/ceph/grafana:8.3.5 , ses/7.1/ceph/grafana:8.3.5.2.2.217 , ses/7.1/ceph/grafana:latest , ses/7.1/ceph/grafana:sle15.3.pacific
Container Release : 2.2.217
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194131
1194550 1194642 1194708 1194848 1194873 1194875 1194883 1195059
1195157 1195247 1195258 1195283 1195359 1195529 1195628 1195726
1195727 1195728 1195899 1195999 1196044 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196733
1196785 1196861 1196925 1196939 1197004 1197024 1197065 1197134
1197178 1197443 1197459 1197570 1197684 1197718 1197771 1197794
1198062 1198090 1198114 1198176 1198341 1198446 1198507 1198614
1198627 1198723 1198731 1198732 1198751 1198752 1198766 1198768
1198925 1199042 1199132 1199140 1199166 1199223 1199224 1199232
1199240 1200064 1200170 1200334 1200550 1200553 1200735 1200737
1200800 1200842 1200855 1200855 1201099 1201225 1201560 1201640
1201760 1202175 1202310 1202593 CVE-2017-7607 CVE-2017-7608 CVE-2017-7609
CVE-2017-7610 CVE-2017-7611 CVE-2017-7612 CVE-2017-7613 CVE-2018-16062
CVE-2018-16402 CVE-2018-16403 CVE-2018-18310 CVE-2018-18520 CVE-2018-18521
CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292
CVE-2019-7146 CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664
CVE-2019-7665 CVE-2021-22570 CVE-2021-28153 CVE-2021-36222 CVE-2021-3711
CVE-2021-39226 CVE-2021-3979 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798
CVE-2021-43813 CVE-2021-43815 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304
CVE-2022-1586 CVE-2022-2068 CVE-2022-2097 CVE-2022-21673 CVE-2022-21702
CVE-2022-21703 CVE-2022-21713 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775
CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458
CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/grafana was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:1419-1
Released: Wed Apr 27 09:20:06 2022
Summary: Feature update for grafana
Type: feature
Severity: moderate
References: 1194873,1195726,1195727,1195728,CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713
This update for grafana fixes the following issues:
Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422)
- Security:
* CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726)
* CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727)
* CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
* CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
* CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226.
* Upgrade Docker base image to Alpine 3.14.3.
* CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions
* Update dependencies to fix CVE-2021-36222.
* Upgrade Go to 1.17.2.
* Fix stylesheet injection vulnerability.
* Fix short URL vulnerability.
- License update:
* AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL).
- Breaking changes:
* Grafana 8 Alerting enabled by default for installations that do not use legacy alerting.
* Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting.
* Fix No Data behaviour in Legacy Alerting.
* The following endpoints were deprecated for Grafana v5.0 and
support for them has now been removed:
* `GET /dashboards/db/:slug`
* `GET /dashboard-solo/db/:slug`
* `GET /api/dashboard/db/:slug`
* `DELETE /api/dashboards/db/:slug`
* The default HTTP method for Prometheus data source is now POST.
* Removes the never refresh option for Query variables.
* Removes the experimental Tags feature for Variables.
- Deprecations:
* The InfoBox & FeatureInfoBox are now deprecated please use
the Alert component instead with severity info.
- Bug fixes:
* Azure Monitor: Bug fix for variable interpolations in metrics dropdowns.
* Azure Monitor: Improved error messages for variable queries.
* CloudMonitoring: Fixes broken variable queries that use group bys.
* Configuration: You can now see your expired API keys if you have no active ones.
* Elasticsearch: Fix handling multiple datalinks for a single field.
* Export: Fix error when exporting dashboards using query variables that reference the default datasource.
* ImportDashboard: Fixes issue with importing dashboard and name ending up in uid.
* Login: Page no longer overflows on mobile.
* Plugins: Set backend metadata property for core plugins.
* Prometheus: Fill missing steps with null values.
* Prometheus: Fix interpolation of `$__rate_interval` variable.
* Prometheus: Interpolate variables with curly brackets syntax.
* Prometheus: Respect the http-method data source setting.
* Table: Fixes issue with field config applied to wrong fields when hiding columns.
* Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin.
* Variables: Fix so data source variables are added to adhoc configuration.
* AnnoListPanel: Fix interpolation of variables in tags.
* CloudWatch: Allow queries to have no dimensions specified.
* CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0.
* CloudWatch: Make sure MatchExact flag gets the right value.
* Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page.
* InfluxDB: Improve handling of metadata query errors in InfluxQL.
* Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions.
* Prometheus: Fix running of exemplar queries for non-histogram metrics.
* Prometheus: Interpolate template variables in interval.
* StateTimeline: Fix toolitp not showing when for frames with multiple fields.
* TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore.
* Variables: Fix repeating panels for on time range changed variables.
* Variables: Fix so queryparam option works for scoped variables.
* Alerting: Clear alerting rule evaluation errors after intermittent failures.
* Alerting: Fix refresh on legacy Alert List panel.
* Dashboard: Fix queries for panels with non-integer widths.
* Explore: Fix url update inconsistency.
* Prometheus: Fix range variables interpolation for time ranges smaller than 1 second.
* ValueMappings: Fixes issue with regex value mapping that only sets color.
* AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1.
* Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor.
* CodeEditor: Prevent suggestions from being clipped.
* Dashboard: Fix cache timeout persistence.
* Datasource: Fix stable sort order of query responses.
* Explore: Fix error in query history when removing last item.
* Logs: Fix requesting of older logs when flipped order.
* Prometheus: Fix running of health check query based on access mode.
* TextPanel: Fix suggestions for existing panels.
* Tracing: Fix incorrect indentations due to reoccurring spanIDs.
* Tracing: Show start time of trace with milliseconds precision.
* Variables: Make renamed or missing variable section expandable.
* API: Fix dashboard quota limit for imports.
* Alerting: Fix rule editor issues with Azure Monitor data source.
* Azure monitor: Make sure alert rule editor is not enabled when template variables are being used.
* CloudMonitoring: Fix annotation queries.
* CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor.
* Dashboard: Remove the current panel from the list of options in the Dashboard datasource.
* Encryption: Fix decrypting secrets in alerting migration.
* InfluxDB: Fix corner case where index is too large in ALIAS field.
* NavBar: Order App plugins alphabetically.
* NodeGraph: Fix zooming sensitivity on touchpads.
* Plugins: Add OAuth pass-through logic to api/ds/query endpoint.
* Snapshots: Fix panel inspector for snapshot data.
* Tempo: Fix basic auth password reset on adding tag.
* ValueMapping: Fixes issue with regex mappings.
* TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series.
* Alerting: Fix a bug where the metric in the evaluation string was not correctly populated.
* Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator.
* CloudMonitoring: Ignore min and max aggregation in MQL queries.
* Dashboards: 'Copy' is no longer added to new dashboard titles.
* DataProxy: Fix overriding response body when response is a WebSocket upgrade.
* Elasticsearch: Use field configured in query editor as field for date_histogram aggregations.
* Explore: Fix running queries without a datasource property set.
* InfluxDB: Fix numeric aliases in queries.
* Plugins: Ensure consistent plugin settings list response.
* Tempo: Fix validation of float durations.
* Tracing: Correct tags for each span are shown.
* Alerting: Fix panic when Slack's API sends unexpected response.
* Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default
datasource.
* Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no
results.
* Graph: You can now see annotation descriptions on hover.
* Logs: The system now uses the JSON parser only if the line is parsed to an object.
* Prometheus: the system did not reuse TCP connections when querying from Grafana alerting.
* Prometheus: error when a user created a query with a `$__interval` min step.
* RowsToFields: the system was not properly interpreting number values.
* Scale: We fixed how the system handles NaN percent when data min = data max.
* Table panel: You can now create a filter that includes special characters.
* Dashboard: Fix rendering of repeating panels.
* Datasources: Fix deletion of data source if plugin is not found.
* Packaging: Remove systemcallfilters sections from systemd unit files.
* Prometheus: Add Headers to HTTP client options.
* CodeEditor: Ensure that we trigger the latest onSave callback provided to the component.
* DashboardList/AlertList: Fix for missing All folder value.
* Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set.
* Alerting: Fixed rules migration to keep existing Grafana 8 alert rules.
* Alerting: Fixed the silence file content generated during migration.
* Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights.
* BarGauge: Fixed an issue where the cell color was lit even though there was no data.
* BarGauge: Improved handling of streaming data.
* CloudMonitoring: Fixed INT64 label unmarshal error.
* ConfirmModal: Fixes confirm button focus on modal open.
* Dashboard: Add option to generate short URL for variables with values containing spaces.
* Explore: No longer hides errors containing refId property.
* Fixed an issue that produced State timeline panel tooltip error when data was not in sync.
* InfluxDB: InfluxQL query editor is set to always use resultFormat.
* Loki: Fixed creating context query for logs with parsed labels.
* PageToolbar: Fixed alignment of titles.
* Plugins Catalog: Update to the list of available panels after an install, update or uninstall.
* TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel.
* Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable
input.
* Variables: Panel no longer crash when using the adhoc variable in data links.
* Admin: Prevent user from deleting user's current/active organization.
* LibraryPanels: Fix library panel getting saved in the dashboard's folder.
* OAuth: Make generic teams URL and JMES path configurable.
* QueryEditor: Fix broken copy-paste for mouse middle-click
* Thresholds: Fix undefined color in 'Add threshold'.
* Timeseries: Add wide-to-long, and fix multi-frame output.
* TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All.
* Alerting: Fix alerts with evaluation interval more than 30
seconds resolving before notification.
* Elasticsearch/Prometheus: Fix usage of proper SigV4 service
namespace.
* BarChart: Fixes panel error that happens on second refresh.
* Alerting: Fix notification channel migration.
* Annotations: Fix blank panels for queries with unknown data
sources.
* BarChart: Fix stale values and x axis labels.
* Graph: Make old graph panel thresholds work even if ngalert
is enabled.
* InfluxDB: Fix regex to identify / as separator.
* LibraryPanels: Fix update issues related to library panels in
rows.
* Variables: Fix variables not updating inside a Panel when the
preceding Row uses 'Repeat For'.
* Alerting: Fix alert flapping in the internal alertmanager.
* Alerting: Fix request handler failed to convert dataframe
'results' to plugins.DataTimeSeriesSlice: input frame is not
recognized as a time series.
* Dashboard: Fix UIDs are not preserved when importing/creating
dashboards thru importing .json file.
* Dashboard: Forces panel re-render when exiting panel edit.
* Dashboard: Prevent folder from changing when navigating to
general settings.
* Elasticsearch: Fix metric names for alert queries.
* Elasticsearch: Limit Histogram field parameter to numeric values.
* Elasticsearch: Prevent pipeline aggregations to show up in
terms order by options.
* LibraryPanels: Prevent duplicate repeated panels from being created.
* Loki: Fix ad-hoc filter in dashboard when used with parser.
* Plugins: Track signed files + add warn log for plugin assets
which are not signed.
* Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.
* Prometheus: Fix validate selector in metrics browser.
* Alerting: Fix saving LINE contact point.
* Annotations: Fix alerting annotation coloring.
* Annotations: Alert annotations are now visible in the correct
Panel.
* Auth: Hide SigV4 config UI and disable middleware when its
config flag is disabled.
* Dashboard: Prevent incorrect panel layout by comparing window
width against theme breakpoints.
* Elasticsearch: Fix metric names for alert queries.
* Explore: Fix showing of full log context.
* PanelEdit: Fix 'Actual' size by passing the correct panel
size to Dashboard.
* Plugins: Fix TLS datasource settings.
* Variables: Fix issue with empty drop downs on navigation.
* Variables: Fix URL util converting false into true.
* CloudWatch Logs: Fix crash when no region is selected.
* Annotations: Correct annotations that are displayed upon page refresh.
* Annotations: Fix Enabled button that disappeared from Grafana v8.0.6.
* Annotations: Fix data source template variable that was not available for annotations.
* AzureMonitor: Fix annotations query editor that does not load.
* Geomap: Fix scale calculations.
* GraphNG: Fix y-axis autosizing.
* Live: Display stream rate and fix duplicate channels in list response.
* Loki: Update labels in log browser when time range changes in dashboard.
* NGAlert: Send resolve signal to alertmanager on alerting -> Normal.
* PasswordField: Prevent a password from being displayed when you click the Enter button.
* Renderer: Remove debug.log file when Grafana is stopped.
* Docker: Fix builds by delaying go mod verify until all required files are copied over.
* Exemplars: Fix disable exemplars only on the query that failed.
* SQL: Fix SQL dataframe resampling (fill mode + time intervals).
* Alerting: Handle marshaling Inf values.
* AzureMonitor: Fix macro resolution for template variables.
* AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes
resources.
* AzureMonitor: Request and concat subsequent resource pages.
* Bug: Fix parse duration for day.
* Datasources: Improve error handling for error messages.
* Explore: Correct the functionality of shift-enter shortcut
across all uses.
* Explore: Show all dataFrames in data tab in Inspector.
* GraphNG: Fix Tooltip mode 'All' for XYChart.
* Loki: Fix highlight of logs when using filter expressions
with backticks.
* Modal: Force modal content to overflow with scroll.
* Plugins: Ignore symlinked folders when verifying plugin
signature.
* Alerting: Fix improper alert by changing the handling of
empty labels.
* CloudWatch/Logs: Reestablish Cloud Watch alert behavior.
* Dashboard: Avoid migration breaking on fieldConfig without
defaults field in folded panel.
* DashboardList: Fix issue not re-fetching dashboard list after
variable change.
* Database: Fix incorrect format of isolation level
configuration parameter for MySQL.
* InfluxDB: Correct tag filtering on InfluxDB data.
* Links: Fix links that caused a full page reload.
* Live: Fix HTTP error when InfluxDB metrics have an incomplete
or asymmetrical field set.
* Postgres/MySQL/MSSQL: Change time field to 'Time' for time
series queries.
* Postgres: Fix the handling of a null return value in query
results.
* Tempo: Show hex strings instead of uints for IDs.
* TimeSeries: Improve tooltip positioning when tooltip
overflows.
* Transformations: Add 'prepare time series' transformer.
* AzureMonitor: Fix issue where resource group name is missing
on the resource picker button.
* Chore: Fix AWS auth assuming role with workspace IAM.
* DashboardQueryRunner: Fixes unrestrained subscriptions being
created.
* DateFormats: Fix reading correct setting key for
use_browser_locale.
* Links: Fix links to other apps outside Grafana when under sub
path.
* Snapshots: Fix snapshot absolute time range issue.
* Table: Fix data link color.
* Time Series: Fix X-axis time format when tick increment is
larger than a year.
* Tooltip Plugin: Prevent tooltip render if field is undefined.
* Elasticsearch: Allow case sensitive custom options in
date_histogram interval.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* Explore: Fix import of queries between SQL data sources.
* InfluxDB: InfluxQL query editor: fix retention policy
handling.
* Loki: Send correct time range in template variable queries.
* TimeSeries: Preserve RegExp series overrides when migrating
from old graph panel.
* Annotations: Fix annotation line and marker colors.
* AzureMonitor: Fix KQL template variable queries without
default workspace.
* CloudWatch/Logs: Fix missing response data for log queries.
* Elasticsearch: Restore previous field naming strategy when
using variables.
* LibraryPanels: Fix crash in library panels list when panel
plugin is not found.
* LogsPanel: Fix performance drop when moving logs panel in
dashboard.
* Loki: Parse log levels when ANSI coloring is enabled.
* MSSQL: Fix issue with hidden queries still being executed.
* PanelEdit: Display the VisualizationPicker that was not
displayed if a panel has an unknown panel plugin.
* Plugins: Fix loading symbolically linked plugins.
* Prometheus: Fix issue where legend name was replaced with
name Value in stat and gauge panels.
* State Timeline: Fix crash when hovering over panel.
* Configuration: Fix changing org preferences in FireFox.
* PieChart: Fix legend dimension limits.
* Postgres/MySQL/MSSQL: Fix panic in concurrent map writes.
* Variables: Hide default data source if missing from regex.
* Alerting/SSE: Fix 'count_non_null' reducer validation.
* Cloudwatch: Fix duplicated time series.
* Cloudwatch: Fix missing defaultRegion.
* Dashboard: Fix Dashboard init failed error on dashboards with
old singlestat panels in collapsed rows.
* Datasource: Fix storing timeout option as numeric.
* Postgres/MySQL/MSSQL: Fix annotation parsing for empty
responses.
* Postgres/MySQL/MSSQL: Numeric/non-string values are now
returned from query variables.
* Postgres: Fix an error that was thrown when the annotation
query did not return any results.
* StatPanel: Fix an issue with the appearance of the graph when
switching color mode.
* Visualizations: Fix an issue in the
Stat/BarGauge/Gauge/PieChart panels where all values mode
were showing the same name if they had the same value.
* AzureMonitor: Fix Azure Resource Graph queries in Azure
China.
* Checkbox: Fix vertical layout issue with checkboxes due to
fixed height.
* Dashboard: Fix Table view when editing causes the panel data
to not update.
* Dashboard: Fix issues where unsaved-changes warning is not
displayed.
* Login: Fixes Unauthorized message showing when on login page
or snapshot page.
* NodeGraph: Fix sorting markers in grid view.
* Short URL: Include orgId in generated short URLs.
* Variables: Support raw values of boolean type.
* Admin: Fix infinite loading edit on the profile page.
* Color: Fix issues with random colors in string and date
fields.
* Dashboard: Fix issue with title or folder change has no
effect after exiting settings view.
* DataLinks: Fix an issue __series.name is not working in data
link.
* Datasource: Fix dataproxy timeout should always be applied
for outgoing data source HTTP requests.
* Elasticsearch: Fix NewClient not passing httpClientProvider
to client impl.
* Explore: Fix Browser title not updated on Navigation to
Explore.
* GraphNG: Remove fieldName and hideInLegend properties from
UPlotSeriesBuilder.
* OAuth: Fix fallback to auto_assign_org_role setting for Azure
AD OAuth when no role claims exists.
* PanelChrome: Fix issue with empty panel after adding a non
data panel and coming back from panel edit.
* StatPanel: Fix data link tooltip not showing for single
value.
* Table: Fix sorting for number fields.
* Table: Have text underline for datalink, and add support for
image datalink.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* Transformations: Prevent FilterByValue transform from
crashing panel edit.
* Annotations panel: Remove subpath from dashboard links.
* Content Security Policy: Allow all image sources by default.
* Content Security Policy: Relax default template wrt. loading
of scripts, due to nonces not working.
* Datasource: Fix tracing propagation for alert execution by
introducing HTTP client outgoing tracing middleware.
* InfluxDB: InfluxQL always apply time interval end.
* Library Panels: Fixes 'error while loading library panels'.
* NewsPanel: Fixes rendering issue in Safari.
* PanelChrome: Fix queries being issued again when scrolling in
and out of view.
* Plugins: Fix Azure token provider cache panic and auth param
nil value.
* Snapshots: Fix key and deleteKey being ignored when creating
an external snapshot.
* Table: Fix issue with cell border not showing with colored
background cells.
* Table: Makes tooltip scrollable for long JSON values.
* TimeSeries: Fix for Connected null values threshold toggle
during panel editing.
* Variables: Fixes inconsistent selected states on dashboard
load.
* Variables: Refreshes all panels even if panel is full screen.
* APIKeys: Fixes issue with adding first api key.
* Alerting: Add checks for non supported units - disable
defaulting to seconds.
* Alerting: Fix issue where Slack notifications won't link to
user IDs.
* Alerting: Omit empty message in PagerDuty notifier.
* AzureMonitor: Fix migration error from older versions of App
Insights queries.
* CloudWatch: Fix AWS/Connect dimensions.
* CloudWatch: Fix broken AWS/MediaTailor dimension name.
* Dashboards: Allow string manipulation as advanced variable
format option.
* DataLinks: Includes harmless extended characters like
Cyrillic characters.
* Drawer: Fixes title overflowing its container.
* Explore: Fix issue when some query errors were not shown.
* Generic OAuth: Prevent adding duplicated users.
* Graphite: Handle invalid annotations.
* Graphite: Fix autocomplete when tags are not available.
* InfluxDB: Fix Cannot read property 'length' of undefined in
when parsing response.
* Instrumentation: Enable tracing when Jaeger host and port are
set.
* Instrumentation: Prefix metrics with grafana.
* MSSQL: By default let driver choose port.
* OAuth: Add optional strict parsing of role_attribute_path.
* Panel: Fixes description markdown with inline code being
rendered on newlines and full width.
* PanelChrome: Ignore data updates & errors for non data
panels.
* Permissions: Fix inherited folder permissions can prevent new
permissions being added to a dashboard.
* Plugins: Remove pre-existing plugin installs when installing
with grafana-cli.
* Plugins: Support installing to folders with whitespace and
fix pluginUrl trailing and leading whitespace failures.
* Postgres/MySQL/MSSQL: Don't return connection failure details
to the client.
* Postgres: Fix ms precision of interval in time group macro
when TimescaleDB is enabled.
* Provisioning: Use dashboard checksum field as change
indicator.
* SQL: Fix so that all captured errors are returned from sql
engine.
* Shortcuts: Fixes panel shortcuts so they always work.
* Table: Fixes so border is visible for cells with links.
* Variables: Clear query when data source type changes.
* Variables: Filters out builtin variables from unknown list.
* Variables: Refreshes all panels even if panel is full screen.
* Alerting: Fix NoDataFound for alert rules using AND operator.
- Features and enhancements:
* Alerting: Allow configuration of non-ready alertmanagers.
* Alerting: Allow customization of Google chat message.
* AppPlugins: Support app plugins with only default nav.
* InfluxDB: query editor: skip fields in metadata queries.
* Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana.
* Prometheus: Forward oauth tokens after prometheus datasource migration.
* BarChart: Use new data error view component to show actions in panel edit.
* CloudMonitor: Iterate over pageToken for resources.
* Macaron: Prevent WriteHeader invalid HTTP status code panic
* Alerting: Prevent folders from being deleted when they contain alerts.
* Alerting: Show full preview value in tooltip.
* BarGauge: Limit title width when name is really long.
* CloudMonitoring: Avoid to escape regexps in filters.
* CloudWatch: Add support for AWS Metric Insights.
* TooltipPlugin: Remove other panels' shared tooltip in edit panel.
* Visualizations: Limit y label width to 40% of visualization width.
* Alerting: Create DatasourceError alert if evaluation returns error.
* Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting.
* Alerting: Support mute timings configuration through the api for the embedded alert manager.
* CloudWatch: Add missing AWS/Events metrics.
* Docs: Add easier to find deprecation notices to certain data sources and to the changelog.
* Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag.
* Table: Add space between values for the DefaultCell and JSONViewCell.
* Tracing: Make query editors available in dashboard for Tempo and Zipkin.
* Alerting: Add UI for contact point testing with custom annotations and labels.
* Alerting: Make alert state indicator in panel header work with Grafana 8 alerts.
* Alerting: Option for Discord notifier to use webhook name.
* Annotations: Deprecate AnnotationsSrv.
* Auth: Omit all base64 paddings in JWT tokens for the JWT auth.
* Azure Monitor: Clean up fields when editing Metrics.
* AzureMonitor: Add new starter dashboards.
* AzureMonitor: Add starter dashboard for app monitoring with Application Insights.
* Barchart/Time series: Allow x axis label.
* CLI: Improve error handling for installing plugins.
* CloudMonitoring: Migrate to use backend plugin SDK contracts.
* CloudWatch Logs: Add retry strategy for hitting max concurrent queries.
* CloudWatch: Add AWS RoboMaker metrics and dimension.
* CloudWatch: Add AWS Transfer metrics and dimension.
* Dashboard: replace datasource name with a reference object.
* Dashboards: Show logs on time series when hovering.
* Elasticsearch: Add support for Elasticsearch 8.0 (Beta).
* Elasticsearch: Add time zone setting to Date Histogram aggregation.
* Elasticsearch: Enable full range log volume histogram.
* Elasticsearch: Full range logs volume.
* Explore: Allow changing the graph type.
* Explore: Show ANSI colors when highlighting matched words in the logs panel.
* Graph(old) panel: Listen to events from Time series panel.
* Import: Load gcom dashboards from URL.
* LibraryPanels: Improves export and import of library panels between orgs.
* OAuth: Support PKCE.
* Panel edit: Overrides now highlight correctly when searching.
* PanelEdit: Display drag indicators on draggable sections.
* Plugins: Refactor Plugin Management.
* Prometheus: Add custom query parameters when creating PromLink url.
* Prometheus: Remove limits on metrics, labels, and values in Metrics Browser.
* StateTimeline: Share cursor with rest of the panels.
* Tempo: Add error details when json upload fails.
* Tempo: Add filtering for service graph query.
* Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics.
* Time series/Bar chart panel: Add ability to sort series via legend.
* TimeSeries: Allow multiple axes for the same unit.
* TraceView: Allow span links defined on dataFrame.
* Transformations: Support a rows mode in labels to fields.
* ValueMappings: Don't apply field config defaults to time fields.
* Variables: Only update panels that are impacted by variable change.
* Annotations: We have improved tag search performance.
* Application: You can now configure an error-template title.
* AzureMonitor: We removed a restriction from the resource filter query.
* Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in
LXC environments.
* Prometheus: We removed the autocomplete limit for metrics.
* Table: We improved the styling of the type icons to make them more distinct from column / field name.
* ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations.
* AWS: Updated AWS authentication documentation.
* Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation.
* Alerting: Allows more characters in label names so notifications are sent.
* Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints.
* Annotations: Improved rendering performance of event markers.
* CloudWatch Logs: Skip caching for log queries.
* Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo.
* Packaging: Add stricter systemd unit options.
* Prometheus: Metrics browser can now handle label values with special characters.
* AccessControl: Document new permissions restricting data source access.
* TimePicker: Add fiscal years and search to time picker.
* Alerting: Added support for Unified Alerting with Grafana HA.
* Alerting: Added support for tune rule evaluation using configuration options.
* Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts.
* Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and
disabling them for specific organisations.
* CloudWatch: Introduced new math expression where it is necessary to specify the period field.
* InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting.
* InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision.
* Plugins Catalog: Make the catalog the default way to interact with plugins.
* Prometheus: Removed autocomplete limit for metrics.
* AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration.
* Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval.
* Alerting: Add a Test button to test contact point.
* Alerting: Allow creating/editing recording rules for Loki and Cortex.
* Alerting: Metrics should have the label org instead of user.
* Alerting: Sort notification channels by name to make them easier to locate.
* Alerting: Support org level isolation of notification configuration.
* AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph.
* AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services.
* AzureMonitor: Show error message when subscriptions request fails in ConfigEditor.
* CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs.
* CloudWatch Logs: Disable query path using websockets (Live) feature.
* CloudWatch/Logs: Don't group dataframes for non time series queries.
* Cloudwatch: Migrate queries that use multiple stats to one query per stat.
* Dashboard: Keep live timeseries moving left (v2).
* Datasources: Introduce response_limit for datasource responses.
* Explore: Add filter by trace or span ID to trace to logs feature.
* Explore: Download traces as JSON in Explore Inspector.
* Explore: Reuse Dashboard's QueryRows component.
* Explore: Support custom display label for derived fields buttons for Loki datasource.
* Grafana UI: Update monaco-related dependencies.
* Graphite: Deprecate browser access mode.
* InfluxDB: Improve handling of intervals in alerting.
* InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better.
* Jaeger: Add ability to upload JSON file for trace data.
* LibraryElements: Enable specifying UID for new and existing library elements.
* LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a
library panel from the dashboard view.
* Logs panel: Scroll to the bottom on page refresh when sorting in ascending order.
* Loki: Add fuzzy search to label browser.
* Navigation: Implement active state for items in the Sidemenu.
* Packaging: Add stricter systemd unit options.
* Packaging: Update PID file location from /var/run to /run.
* Plugins: Add Hide OAuth Forward config option.
* Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed.
* Prometheus: Add browser access mode deprecation warning.
* Prometheus: Add interpolation for built-in-time variables to backend.
* Tempo: Add ability to upload trace data in JSON format.
* TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels.
* Transformations: Convert field types to time string number or boolean.
* Value mappings: Add regular-expression based value mapping.
* Zipkin: Add ability to upload trace JSON.
* Explore: Ensure logs volume bar colors match legend colors.
* LDAP: Search all DNs for users.
* AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers.
* Datasource: Change HTTP status code for failed datasource
health check to 400.
* Explore: Add span duration to left panel in trace viewer.
* Plugins: Use file extension allowlist when serving plugin
assets instead of checking for UNIX executable.
* Profiling: Add support for binding pprof server to custom
network interfaces.
* Search: Make search icon keyboard navigable.
* Template variables: Keyboard navigation improvements.
* Tooltip: Display ms within minute time range.
* Alerting: Deduplicate receivers during migration.
* ColorPicker: Display colors as RGBA.
* Select: Make portalling the menu opt-in, but opt-in everywhere.
* TimeRangePicker: Improve accessibility.
* Alerting: Support label matcher syntax in alert rule list filter.
* IconButton: Put tooltip text as aria-label.
* Live: Experimental HA with Redis.
* UI: FileDropzone component.
* CloudWatch: Add AWS LookoutMetrics.
* Alerting: Expand the value string in alert annotations and labels.
* Auth: Add Azure HTTP authentication middleware.
* Auth: Auth: Pass user role when using the authentication proxy.
* Gazetteer: Update countries.json file to allow for linking to 3-letter country codes.
* Alerting: Add Alertmanager notifications tab.
* Alerting: Add button to deactivate current Alertmanager
configuration.
* Alerting: Add toggle in Loki/Prometheus data source
configuration to opt out of alerting UI.
* Alerting: Allow any 'evaluate for' value >=0 in the alert
rule form.
* Alerting: Load default configuration from status endpoint, if
Cortex Alertmanager returns empty user configuration.
* Alerting: view to display alert rule and its underlying data.
* Annotation panel: Release the annotation panel.
* Annotations: Add typeahead support for tags in built-in
annotations.
* AzureMonitor: Add curated dashboards for Azure services.
* AzureMonitor: Add support for deep links to Microsoft Azure
portal for Metrics.
* AzureMonitor: Remove support for different credentials for
Azure Monitor Logs.
* AzureMonitor: Support querying any Resource for Logs queries.
* Elasticsearch: Add frozen indices search support.
* Elasticsearch: Name fields after template variables values
instead of their name.
* Elasticsearch: add rate aggregation.
* Email: Allow configuration of content types for email
notifications.
* Explore: Add more meta information when line limit is hit.
* Explore: UI improvements to trace view.
* FieldOverrides: Added support to change display name in an
override field and have it be matched by a later rule.
* HTTP Client: Introduce dataproxy_max_idle_connections config
variable.
* InfluxDB: InfluxQL: adds tags to timeseries data.
* InfluxDB: InfluxQL: make measurement search case insensitive.
Legacy Alerting: Replace simplejson with a struct in webhook
notification channel.
* Legend: Updates display name for Last (not null) to just
Last*.
* Logs panel: Add option to show common labels.
* Loki: Add $__range variable.
* Loki: Add support for 'label_values(log stream selector,
label)' in templating.
* Loki: Add support for ad-hoc filtering in dashboard.
* MySQL Datasource: Add timezone parameter.
* NodeGraph: Show gradient fields in legend.
* PanelOptions: Don't mutate panel options/field config object
when updating.
* PieChart: Make pie gradient more subtle to match other
charts.
* Prometheus: Update PromQL typeahead and highlighting.
* Prometheus: interpolate variable for step field.
* Provisioning: Improve validation by validating across all
dashboard providers.
* SQL Datasources: Allow multiple string/labels columns with
time series.
* Select: Portal select menu to document.body.
* Team Sync: Add group mapping to support team sync in the
Generic OAuth provider.
* Tooltip: Make active series more noticeable.
* Tracing: Add support to configure trace to logs start and end
time.
* Transformations: Skip merge when there is only a single data
frame.
* ValueMapping: Added support for mapping text to color,
boolean values, NaN and Null. Improved UI for value mapping.
* Visualizations: Dynamically set any config (min, max, unit,
color, thresholds) from query results.
* live: Add support to handle origin without a value for the
port when matching with root_url.
* Alerting: Add annotation upon alert state change.
* Alerting: Allow space in label and annotation names.
* InfluxDB: Improve legend labels for InfluxDB query results.
* Cloudwatch Logs: Send error down to client.
* Folders: Return 409 Conflict status when folder already
exists.
* TimeSeries: Do not show series in tooltip if it's hidden in
the viz.
* Live: Rely on app url for origin check.
* PieChart: Sort legend descending, update placeholder.
* TimeSeries panel: Do not reinitialize plot when thresholds
mode change.
* Alerting: Increase alertmanager_conf column if MySQL.
* Time series/Bar chart panel: Handle infinite numbers as nulls
when converting to plot array.
* TimeSeries: Ensure series overrides that contain color are
migrated, and migrate the previous fieldConfig when changing
the panel type.
* ValueMappings: Improve singlestat value mappings migration.
* Datasource: Add support for max_conns_per_host in dataproxy
settings.
* AzureMonitor: Require default subscription for workspaces()
template variable query.
* AzureMonitor: Use resource type display names in the UI.
* Dashboard: Remove support for loading and deleting dashboard
by slug.
* InfluxDB: Deprecate direct browser access in data source.
* VizLegend: Add a read-only property.
* API: Support folder UID in dashboards API.
* Alerting: Add support for configuring avatar URL for the
Discord notifier.
* Alerting: Clarify that Threema Gateway Alerts support only
Basic IDs.
* Azure: Expose Azure settings to external plugins.
* AzureMonitor: Deprecate using separate credentials for Azure
Monitor Logs.
* AzureMonitor: Display variables in resource picker for Azure
Monitor Logs.
* AzureMonitor: Hide application insights for data sources not
using it.
* AzureMonitor: Support querying subscriptions and resource
groups in Azure Monitor Logs.
* AzureMonitor: remove requirement for default subscription.
* CloudWatch: Add Lambda at Edge Amazon CloudFront metrics.
* CloudWatch: Add missing AWS AppSync metrics.
* ConfirmModal: Auto focus delete button.
* Explore: Add caching for queries that are run from logs
navigation.
* Loki: Add formatting for annotations.
* Loki: Bring back processed bytes as meta information.
* NodeGraph: Display node graph collapsed by default with trace
view.
* Overrides: Include a manual override option to hide something
from visualization.
* PieChart: Support row data in pie charts.
* Prometheus: Update default HTTP method to POST for existing
data sources.
* Time series panel: Position tooltip correctly when window is
scrolled or resized.
* AppPlugins: Expose react-router to apps.
* AzureMonitor: Add Azure Resource Graph.
* AzureMonitor: Managed Identity configuration UI.
* AzureMonitor: Token provider with support for Managed
Identities.
* AzureMonitor: Update Logs workspace() template variable query
to return resource URIs.
* BarChart: Value label sizing.
* CloudMonitoring: Add support for preprocessing.
* CloudWatch: Add AWS/EFS StorageBytes metric.
* CloudWatch: Allow use of missing AWS namespaces using custom
metrics.
* Datasource: Shared HTTP client provider for core backend data
sources and any data source using the data source proxy.
* InfluxDB: InfluxQL: allow empty tag values in the query
editor.
* Instrumentation: Instrument incoming HTTP request with
histograms by default.
* Library Panels: Add name endpoint & unique name validation to
AddLibraryPanelModal.
* Logs panel: Support details view.
* PieChart: Always show the calculation options dropdown in the
editor.
* PieChart: Remove beta flag.
* Plugins: Enforce signing for all plugins.
* Plugins: Remove support for deprecated backend plugin
protocol version.
* Tempo/Jaeger: Add better display name to legend.
* Timeline: Add time range zoom.
* Timeline: Adds opacity & line width option.
* Timeline: Value text alignment option.
* ValueMappings: Add duplicate action, and disable dismiss on
backdrop click.
* Zipkin: Add node graph view to trace response.
* API: Add org users with pagination.
* API: Return 404 when deleting nonexistent API key.
* API: Return query results as JSON rather than base64 encoded
Arrow.
* Alerting: Allow sending notification tags to Opsgenie as
extra properties.
* Alerts: Replaces all uses of InfoBox & FeatureInfoBox with
Alert.
* Auth: Add support for JWT Authentication.
* AzureMonitor: Add support for
Microsoft.SignalRService/SignalR metrics.
* AzureMonitor: Azure settings in Grafana server config.
* AzureMonitor: Migrate Metrics query editor to React.
* BarChart panel: enable series toggling via legend.
* BarChart panel: Adds support for Tooltip in BarChartPanel.
* PieChart panel: Change look of highlighted pie slices.
* CloudMonitoring: Migrate config editor from angular to react.
* CloudWatch: Add Amplify Console metrics and dimensions.
* CloudWatch: Add missing Redshift metrics to CloudWatch data
source.
* CloudWatch: Add metrics for managed RabbitMQ service.
* DashboardList: Enable templating on search tag input.
* Datasource config: correctly remove single custom http
header.
* Elasticsearch: Add generic support for template variables.
* Elasticsearch: Allow omitting field when metric supports
inline script.
* Elasticsearch: Allow setting a custom limit for log queries.
* Elasticsearch: Guess field type from first non-empty value.
* Elasticsearch: Use application/x-ndjson content type for
multisearch requests.
* Elasticsearch: Use semver strings to identify ES version.
* Explore: Add logs navigation to request more logs.
* Explore: Map Graphite queries to Loki.
* Explore: Scroll split panes in Explore independently.
* Explore: Wrap each panel in separate error boundary.
* FieldDisplay: Smarter naming of stat values when visualising
row values (all values) in stat panels.
* Graphite: Expand metric names for variables.
* Graphite: Handle unknown Graphite functions without breaking
the visual editor.
* Graphite: Show graphite functions descriptions.
* Graphite: Support request cancellation properly (Uses new
backendSrv.fetch Observable request API).
* InfluxDB: Flux: Improve handling of complex
response-structures.
* InfluxDB: Support region annotations.
* Inspector: Download logs for manual processing.
* Jaeger: Add node graph view for trace.
* Jaeger: Search traces.
* Loki: Use data source settings for alerting queries.
* NodeGraph: Exploration mode.
* OAuth: Add support for empty scopes.
* PanelChrome: New logic-less emotion based component with no
dependency on PanelModel or DashboardModel.
* PanelEdit: Adds a table view toggle to quickly view data in
table form.
* PanelEdit: Highlight matched words when searching options.
* PanelEdit: UX improvements.
* Plugins: PanelRenderer and simplified QueryRunner to be used
from plugins.
* Plugins: AuthType in route configuration and params
interpolation.
* Plugins: Enable plugin runtime install/uninstall
capabilities.
* Plugins: Support set body content in plugin routes.
* Plugins: Introduce marketplace app.
* Plugins: Moving the DataSourcePicker to grafana/runtime so it
can be reused in plugins.
* Prometheus: Add custom query params for alert and exemplars
queries.
* Prometheus: Use fuzzy string matching to autocomplete metric
names and label.
* Routing: Replace Angular routing with react-router.
* Slack: Use chat.postMessage API by default.
* Tempo: Search for Traces by querying Loki directly from
Tempo.
* Tempo: Show graph view of the trace.
* Themes: Switch theme without reload using global shortcut.
* TimeSeries panel: Add support for shared cursor.
* TimeSeries panel: Do not crash the panel if there is no time
series data in the response.
* Variables: Do not save repeated panels, rows and scopedVars.
* Variables: Removes experimental Tags feature.
* Variables: Removes the never refresh option.
* Visualizations: Unify tooltip options across visualizations.
* Visualizations: Refactor and unify option creation between
new visualizations.
* Visualizations: Remove singlestat panel.
- Plugin development fixes & changes:
* Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing.
* Select: Select menus now properly scroll during keyboard navigation.
* grafana/ui: Enable slider marks display.
* Plugins: Create a mock icon component to prevent console errors.
* Grafana UI: Fix TS error property css is missing in type.
* Toolkit: Fix matchMedia not found error.
* Toolkit: Improve error messages when tasks fail.
* Toolkit: Resolve external fonts when Grafana is served from a
sub path.
* QueryField: Remove carriage return character from pasted text.
* Button: Introduce buttonStyle prop.
* DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode.
* grafana/ui: Update React Hook Form to v7.
* IconButton: Introduce variant for red and blue icon buttons.
* Plugins: Expose the getTimeZone function to be able to get the current selected timeZone.
* TagsInput: Add className to TagsInput.
* VizLegend: Move onSeriesColorChanged to PanelContext (breaking change).
- Other changes:
* Update to Go 1.17.
* Add build-time dependency on `wire`.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2025-1
Released: Thu Jun 9 10:13:50 2022
Summary: Recommended update for grafana-status-panel
Type: recommended
Severity: low
References: 1198768
This update for grafana-status-panel fixes the following issues:
- Update to version 1.0.11, signed for use with grafana v8.x (bsc#1198768)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2022:2795-1
Released: Fri Aug 12 12:50:56 2022
Summary: Optional update for SUSE Package Hub
Type: optional
Severity: moderate
References: 1201760
This optional update provides the following changes:
- Fix grafana missing binaries in SUSE Linux Enterprise Desktop 15 Service Pack 4 via PackageHub (bsc#1201055)
- Affected source packages: grafana grafana-piechart-panel grafana-status-panel system-user-grafana
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2817-1
Released: Tue Aug 16 12:03:46 2022
Summary: Security update for ceph
Type: security
Severity: important
References: 1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:
- Update to 16.2.9-536-g41a9f9a5573:
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
- Update to 16.2.9-158-gd93952c7eea:
+ cmake: check for python(\d)\.(\d+) when building boost
+ make-dist: patch boost source to support python 3.10
- Update to ceph-16.2.9-58-ge2e5cb80063:
+ (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths
- Update to 16.2.9.50-g7d9f12156fb:
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
- Update to 16.2.7-969-g6195a460d89
+ (jsc#SES-2515) High-availability NFS export
- Update to v16.2.7-654-gd5a90ff46f0
+ (bsc#1196733) remove build directory during %clean
- Update to v16.2.7-652-gf5dc462fdb5
+ (bsc#1194875) [SES7P] include/buffer: include memory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grafana-piechart-panel-1.6.1-150200.3.8.1 updated
- grafana-status-panel-1.0.11-150200.3.10.1 updated
- grafana-8.3.5-150200.3.23.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- system-user-grafana-1.0.0-150200.5.5.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:24:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:24:12 +0200 (CEST)
Subject: SUSE-CU-2022:2084-1: Security update of ses/7.1/ceph/haproxy
Message-ID: <20220907122412.0EE76FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/haproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2084-1
Container Tags : ses/7.1/ceph/haproxy:2.0.14 , ses/7.1/ceph/haproxy:2.0.14.3.5.153 , ses/7.1/ceph/haproxy:latest , ses/7.1/ceph/haproxy:sle15.3.pacific
Container Release : 3.5.153
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1070955 1073299 1082318 1093392 1104264 1104700 1106390 1107066
1107067 1111973 1112310 1112723 1112726 1113554 1120402 1123685
1125007 1130557 1137373 1140016 1150451 1164384 1169582 1172055
1177460 1177460 1177460 1177460 1177460 1177460 1178346 1178350
1178353 1181475 1181658 1185637 1188127 1191770 1192167 1192902
1192903 1192904 1192951 1193466 1193659 1193905 1194093 1194216
1194217 1194388 1194550 1194708 1194872 1194885 1195004 1195059
1195157 1195203 1195283 1195332 1195354 1195463 1196125 1196361
1196490 1196850 1196861 1197065 1197178 1197443 1197570 1197684
1197718 1197771 1197794 1198062 1198090 1198114 1198176 1198341
1198446 1198507 1198596 1198614 1198627 1198723 1198731 1198732
1198748 1198751 1198752 1198766 1198922 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199232 1199235 1199240
1199331 1199333 1199334 1199524 1199651 1199655 1199693 1199745
1199747 1199936 1200010 1200011 1200012 1200170 1200334 1200485
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-17087
CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611
CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403
CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146
CVE-2019-7148 CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665
CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3875 CVE-2021-3903
CVE-2021-3927 CVE-2021-3928 CVE-2021-3968 CVE-2021-3973 CVE-2021-3974
CVE-2021-3984 CVE-2021-4019 CVE-2021-4069 CVE-2021-4136 CVE-2021-4166
CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0213
CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359
CVE-2022-0361 CVE-2022-0392 CVE-2022-0407 CVE-2022-0413 CVE-2022-0696
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1381 CVE-2022-1420
CVE-2022-1586 CVE-2022-1586 CVE-2022-1587 CVE-2022-1616 CVE-2022-1619
CVE-2022-1620 CVE-2022-1706 CVE-2022-1733 CVE-2022-1735 CVE-2022-1771
CVE-2022-1785 CVE-2022-1796 CVE-2022-1851 CVE-2022-1897 CVE-2022-1898
CVE-2022-1927 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576 CVE-2022-23308
CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155
CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/haproxy was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1617-1
Released: Tue May 10 14:40:12 2022
Summary: Security update for gzip
Type: security
Severity: important
References: 1198062,1198922,CVE-2022-1271
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1883-1
Released: Mon May 30 12:41:35 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2102-1
Released: Thu Jun 16 15:18:23 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1070955,1191770,1192167,1192902,1192903,1192904,1193466,1193905,1194093,1194216,1194217,1194388,1194872,1194885,1195004,1195203,1195332,1195354,1196361,1198596,1198748,1199331,1199333,1199334,1199651,1199655,1199693,1199745,1199747,1199936,1200010,1200011,1200012,CVE-2017-17087,CVE-2021-3778,CVE-2021-3796,CVE-2021-3872,CVE-2021-3875,CVE-2021-3903,CVE-2021-3927,CVE-2021-3928,CVE-2021-3968,CVE-2021-3973,CVE-2021-3974,CVE-2021-3984,CVE-2021-4019,CVE-2021-4069,CVE-2021-4136,CVE-2021-4166,CVE-2021-4192,CVE-2021-4193,CVE-2021-46059,CVE-2022-0128,CVE-2022-0213,CVE-2022-0261,CVE-2022-0318,CVE-2022-0319,CVE-2022-0351,CVE-2022-0359,CVE-2022-0361,CVE-2022-0392,CVE-2022-0407,CVE-2022-0413,CVE-2022-0696,CVE-2022-1381,CVE-2022-1420,CVE-2022-1616,CVE-2022-1619,CVE-2022-1620,CVE-2022-1733,CVE-2022-1735,CVE-2022-1771,CVE-2022-1785,CVE-2022-1796,CVE-2022-1851,CVE-2022-1897,CVE-2022-1898,CVE-2022-1927
This update for vim fixes the following issues:
- CVE-2017-17087: Fixed information leak via .swp files (bsc#1070955).
- CVE-2021-3875: Fixed heap-based buffer overflow (bsc#1191770).
- CVE-2021-3903: Fixed heap-based buffer overflow (bsc#1192167).
- CVE-2021-3968: Fixed heap-based buffer overflow (bsc#1192902).
- CVE-2021-3973: Fixed heap-based buffer overflow (bsc#1192903).
- CVE-2021-3974: Fixed use-after-free (bsc#1192904).
- CVE-2021-4069: Fixed use-after-free in ex_open()in src/ex_docmd.c (bsc#1193466).
- CVE-2021-4136: Fixed heap-based buffer overflow (bsc#1193905).
- CVE-2021-4166: Fixed out-of-bounds read (bsc#1194093).
- CVE-2021-4192: Fixed use-after-free (bsc#1194217).
- CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216).
- CVE-2022-0128: Fixed out-of-bounds read (bsc#1194388).
- CVE-2022-0213: Fixed heap-based buffer overflow (bsc#1194885).
- CVE-2022-0261: Fixed heap-based buffer overflow (bsc#1194872).
- CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004).
- CVE-2022-0359: Fixed heap-based buffer overflow in init_ccline() in ex_getln.c (bsc#1195203).
- CVE-2022-0392: Fixed heap-based buffer overflow (bsc#1195332).
- CVE-2022-0407: Fixed heap-based buffer overflow (bsc#1195354).
- CVE-2022-0696: Fixed NULL pointer dereference (bsc#1196361).
- CVE-2022-1381: Fixed global heap buffer overflow in skip_range (bsc#1198596).
- CVE-2022-1420: Fixed out-of-range pointer offset (bsc#1198748).
- CVE-2022-1616: Fixed use-after-free in append_command (bsc#1199331).
- CVE-2022-1619: Fixed heap-based Buffer Overflow in function cmdline_erase_chars (bsc#1199333).
- CVE-2022-1620: Fixed NULL pointer dereference in function vim_regexec_string (bsc#1199334).
- CVE-2022-1733: Fixed heap-based buffer overflow in cindent.c (bsc#1199655).
- CVE-2022-1735: Fixed heap-based buffer overflow (bsc#1199651).
- CVE-2022-1771: Fixed stack exhaustion (bsc#1199693).
- CVE-2022-1785: Fixed out-of-bounds write (bsc#1199745).
- CVE-2022-1796: Fixed use-after-free in find_pattern_in_path (bsc#1199747).
- CVE-2022-1851: Fixed out-of-bounds read (bsc#1199936).
- CVE-2022-1897: Fixed out-of-bounds write (bsc#1200010).
- CVE-2022-1898: Fixed use-after-free (bsc#1200011).
- CVE-2022-1927: Fixed buffer over-read (bsc#1200012).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released: Thu Jul 7 12:16:58 2022
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: low
References:
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released: Tue Aug 2 12:21:23 2022
Summary: Recommended update for apparmor
Type: recommended
Severity: important
References: 1195463,1196850
This update for apparmor fixes the following issues:
- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released: Wed Aug 3 15:06:21 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- gzip-1.10-150200.10.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- procps-3.3.15-150000.7.25.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- udev-246.16-150300.7.51.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- vim-data-common-8.2.5038-150000.5.21.1 updated
- vim-8.2.5038-150000.5.21.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:24:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:24:46 +0200 (CEST)
Subject: SUSE-CU-2022:2085-1: Security update of ses/7.1/ceph/ceph
Message-ID: <20220907122446.047DFFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2085-1
Container Tags : ses/7.1/ceph/ceph:16.2.9.536 , ses/7.1/ceph/ceph:16.2.9.536.3.2.223 , ses/7.1/ceph/ceph:latest , ses/7.1/ceph/ceph:sle15.3.pacific
Container Release : 3.2.223
Severity : important
Type : security
References : 1041090 1181475 1183308 1192616 1193951 1195059 1195881 1195916
1196017 1196212 1196499 1196696 1197017 1197178 1198341 1198731
1198752 1198925 1199524 1200485 1200800 1200842 1201253 1202175
1202310 1202498 1202498 1202593 CVE-2020-21913 CVE-2020-29651
CVE-2022-1706 CVE-2022-2309 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released: Wed Aug 17 14:41:07 2022
Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type: security
Severity: moderate
References: 1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released: Fri Aug 26 11:36:03 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:
- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2926-1
Released: Mon Aug 29 10:38:52 2022
Summary: Feature update for LibreOffice
Type: feature
Severity: moderate
References: 1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:
abseil-cpp:
- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)
libcuckoo:
- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)
libixion:
- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
libreoffice:
- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
* Update bundled dependencies:
* gpgme from version 1.13.1 to version 1.16.0
* libgpg-error from version 1.37 to version 1.43
* libassuan from version 2.5.3 to version 2.5.5
* pdfium from version 4500 to version 4699
* skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
* boost from version 1_75 to version 1_77
* icu4c from version 69_1 to version 70_1
* On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
* New build dependencies:
* abseil-cpp-devel
* libassuan0
* libcuckoo-devel
* libopenjp2
* requrire liborcus-0.17 instead of liborcus-0.16
* requrire mdds-2.0 instead of mdds-1.5
* Do not use serf-1 anymore but use curl instead.
* Other fixes:
* Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
* Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
* Bullets appear larger and green instead of black. (bsc#1195881)
* Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
* Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)
liborcus:
- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
mdds-2_0:
- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)
myspell-dictionaries:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
ucpp:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
xmlsec1:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2972-1
Released: Thu Sep 1 11:08:16 2022
Summary: Feature update for python-kubernetes
Type: feature
Severity: moderate
References:
This feature update for python-kubernetes provides:
- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
* Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
* Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
The following package changes have been done:
- libblkid1-2.36.2-150300.4.23.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:25:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:25:10 +0200 (CEST)
Subject: SUSE-CU-2022:2086-1: Security update of ses/7.1/ceph/keepalived
Message-ID: <20220907122510.A12B9FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/keepalived
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2086-1
Container Tags : ses/7.1/ceph/keepalived:2.0.19 , ses/7.1/ceph/keepalived:2.0.19.3.5.144 , ses/7.1/ceph/keepalived:latest , ses/7.1/ceph/keepalived:sle15.3.pacific
Container Release : 3.5.144
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1123685 1125007
1130557 1137373 1140016 1150451 1164384 1169582 1172055 1177460
1177460 1177460 1177460 1177460 1177460 1178346 1178350 1178353
1181475 1181658 1185637 1188127 1192951 1193115 1193659 1194550
1194708 1195059 1195157 1195283 1195463 1196125 1196490 1196850
1196861 1197065 1197178 1197443 1197570 1197684 1197718 1197771
1197794 1198062 1198090 1198114 1198176 1198341 1198446 1198507
1198614 1198627 1198723 1198731 1198732 1198751 1198752 1198766
1198922 1198925 1199042 1199132 1199140 1199166 1199223 1199224
1199232 1199232 1199235 1199240 1199524 1200170 1200334 1200485
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2019-20454 CVE-2019-7146 CVE-2019-7148
CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-44225
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-1586
CVE-2022-1587 CVE-2022-1706 CVE-2022-2068 CVE-2022-2097 CVE-2022-22576
CVE-2022-23308 CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782
CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208
CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/keepalived was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1617-1
Released: Tue May 10 14:40:12 2022
Summary: Security update for gzip
Type: security
Severity: important
References: 1198062,1198922,CVE-2022-1271
This update for gzip fixes the following issues:
- CVE-2022-1271: Fix escaping of malicious filenames. (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1883-1
Released: Mon May 30 12:41:35 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre2 fixes the following issues:
- CVE-2022-1586: Fixed out-of-bounds read via missing Unicode property matching issue in JIT compiled regular expressions (bsc#1199232).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released: Thu Jul 7 12:16:58 2022
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: low
References:
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released: Tue Aug 2 12:21:23 2022
Summary: Recommended update for apparmor
Type: recommended
Severity: important
References: 1195463,1196850
This update for apparmor fixes the following issues:
- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released: Wed Aug 3 15:06:21 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2923-1
Released: Fri Aug 26 16:20:26 2022
Summary: Security update for keepalived
Type: security
Severity: important
References: 1193115,CVE-2021-44225
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to
insufficient control in the D-Bus policy (bsc#1193115).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- gzip-1.10-150200.10.1 updated
- keepalived-2.0.19-150100.3.6.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- procps-3.3.15-150000.7.25.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- udev-246.16-150300.7.51.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:25:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:25:25 +0200 (CEST)
Subject: SUSE-CU-2022:2087-1: Security update of ses/7.1/cephcsi/csi-attacher
Message-ID: <20220907122525.62E8BFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/cephcsi/csi-attacher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2087-1
Container Tags : ses/7.1/cephcsi/csi-attacher:v3.4.0 , ses/7.1/cephcsi/csi-attacher:v3.4.0-rev1 , ses/7.1/cephcsi/csi-attacher:v3.4.0-rev1-build2.2.201
Container Release : 2.2.201
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196861
1196925 1196939 1197004 1197024 1197065 1197134 1197178 1197443
1197459 1197570 1197684 1197718 1197771 1197794 1198062 1198090
1198114 1198176 1198341 1198446 1198507 1198614 1198627 1198723
1198731 1198732 1198751 1198752 1198766 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199240 1200170 1200334
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149
CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570 CVE-2021-28153
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/cephcsi/csi-attacher was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:25:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:25:39 +0200 (CEST)
Subject: SUSE-CU-2022:2088-1: Security update of
ses/7.1/cephcsi/csi-node-driver-registrar
Message-ID: <20220907122539.C3B65FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/cephcsi/csi-node-driver-registrar
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2088-1
Container Tags : ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0-rev1 , ses/7.1/cephcsi/csi-node-driver-registrar:v2.5.0-rev1-build2.2.209
Container Release : 2.2.209
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196861
1196925 1196939 1197004 1197024 1197065 1197134 1197178 1197443
1197459 1197570 1197684 1197718 1197771 1197794 1198062 1198090
1198114 1198176 1198341 1198446 1198507 1198614 1198627 1198723
1198731 1198732 1198751 1198752 1198766 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199240 1200170 1200334
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149
CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570 CVE-2021-28153
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:25:54 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:25:54 +0200 (CEST)
Subject: SUSE-CU-2022:2089-1: Security update of
ses/7.1/cephcsi/csi-provisioner
Message-ID: <20220907122554.48196FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/cephcsi/csi-provisioner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2089-1
Container Tags : ses/7.1/cephcsi/csi-provisioner:v3.1.0 , ses/7.1/cephcsi/csi-provisioner:v3.1.0-rev1 , ses/7.1/cephcsi/csi-provisioner:v3.1.0-rev1-build2.2.206
Container Release : 2.2.206
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196861
1196925 1196939 1197004 1197024 1197065 1197134 1197178 1197443
1197459 1197570 1197684 1197718 1197771 1197794 1198062 1198090
1198114 1198176 1198341 1198446 1198507 1198614 1198627 1198723
1198731 1198732 1198751 1198752 1198766 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199240 1200170 1200334
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149
CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570 CVE-2021-28153
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/cephcsi/csi-provisioner was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:26:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:26:08 +0200 (CEST)
Subject: SUSE-CU-2022:2090-1: Security update of ses/7.1/cephcsi/csi-resizer
Message-ID: <20220907122608.3E97AFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/cephcsi/csi-resizer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2090-1
Container Tags : ses/7.1/cephcsi/csi-resizer:v1.4.0 , ses/7.1/cephcsi/csi-resizer:v1.4.0-rev1 , ses/7.1/cephcsi/csi-resizer:v1.4.0-rev1-build2.2.203
Container Release : 2.2.203
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196861
1196925 1196939 1197004 1197024 1197065 1197134 1197178 1197443
1197459 1197570 1197684 1197718 1197771 1197794 1198062 1198090
1198114 1198176 1198341 1198446 1198507 1198614 1198627 1198723
1198731 1198732 1198751 1198752 1198766 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199240 1200170 1200334
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149
CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570 CVE-2021-28153
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/cephcsi/csi-resizer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:26:21 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:26:21 +0200 (CEST)
Subject: SUSE-CU-2022:2091-1: Security update of
ses/7.1/cephcsi/csi-snapshotter
Message-ID: <20220907122621.2854BFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/cephcsi/csi-snapshotter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2091-1
Container Tags : ses/7.1/cephcsi/csi-snapshotter:v5.0.1 , ses/7.1/cephcsi/csi-snapshotter:v5.0.1-rev1 , ses/7.1/cephcsi/csi-snapshotter:v5.0.1-rev1-build2.2.200
Container Release : 2.2.200
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196861
1196925 1196939 1197004 1197024 1197065 1197134 1197178 1197443
1197459 1197570 1197684 1197718 1197771 1197794 1198062 1198090
1198114 1198176 1198341 1198446 1198507 1198614 1198627 1198723
1198731 1198732 1198751 1198752 1198766 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199240 1200170 1200334
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149
CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570 CVE-2021-28153
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/cephcsi/csi-snapshotter was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:26:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:26:34 +0200 (CEST)
Subject: SUSE-CU-2022:2092-1: Security update of
ses/7.1/ceph/prometheus-alertmanager
Message-ID: <20220907122634.C00D5FCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/prometheus-alertmanager
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2092-1
Container Tags : ses/7.1/ceph/prometheus-alertmanager:0.23.0 , ses/7.1/ceph/prometheus-alertmanager:0.23.0.3.2.201 , ses/7.1/ceph/prometheus-alertmanager:latest , ses/7.1/ceph/prometheus-alertmanager:sle15.3.pacific
Container Release : 3.2.201
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181400 1181475 1181658 1183533 1184501
1185637 1188127 1191157 1191502 1192951 1193086 1193489 1193659
1194550 1194642 1194708 1194848 1194883 1195059 1195157 1195247
1195258 1195283 1195529 1195628 1195899 1195999 1196061 1196093
1196107 1196125 1196317 1196338 1196368 1196490 1196514 1196567
1196647 1196861 1196925 1196939 1197004 1197024 1197065 1197134
1197178 1197443 1197459 1197570 1197684 1197718 1197771 1197794
1198062 1198090 1198114 1198176 1198341 1198446 1198507 1198614
1198627 1198723 1198731 1198732 1198751 1198752 1198766 1198925
1199042 1199132 1199140 1199166 1199223 1199224 1199232 1199240
1200170 1200334 1200550 1200735 1200737 1200800 1200842 1200855
1200855 1201099 1201225 1201560 1201640 1202175 1202310 1202593
CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611
CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403
CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574
CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148
CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570
CVE-2021-28153 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586
CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23308
CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155
CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/prometheus-alertmanager was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2139-1
Released: Mon Jun 20 14:55:41 2022
Summary: Security update for golang-github-prometheus-alertmanager
Type: security
Severity: important
References: 1181400,1196338,CVE-2022-21698
This update for golang-github-prometheus-alertmanager fixes the following issues:
Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1
- Update required Go version to 1.16
- Use %autosetup macro
- Update to version 0.23.0:
* Release 0.23.0
* Release 0.23.0-rc.0
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Add go_modules to _service.
- Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- golang-github-prometheus-alertmanager-0.23.0-150100.4.7.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:26:49 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:26:49 +0200 (CEST)
Subject: SUSE-CU-2022:2093-1: Security update of
ses/7.1/ceph/prometheus-node-exporter
Message-ID: <20220907122649.4D07DFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/prometheus-node-exporter
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2093-1
Container Tags : ses/7.1/ceph/prometheus-node-exporter:1.3.0 , ses/7.1/ceph/prometheus-node-exporter:1.3.0.3.2.202 , ses/7.1/ceph/prometheus-node-exporter:latest , ses/7.1/ceph/prometheus-node-exporter:sle15.3.pacific
Container Release : 3.2.202
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1190535 1191157 1191502 1192951 1193086 1193489 1193659
1194550 1194642 1194708 1194848 1194883 1195059 1195157 1195247
1195258 1195283 1195529 1195628 1195899 1195999 1196061 1196093
1196107 1196125 1196317 1196338 1196368 1196490 1196514 1196567
1196647 1196861 1196925 1196939 1197004 1197024 1197065 1197134
1197178 1197443 1197459 1197570 1197684 1197718 1197771 1197794
1198062 1198090 1198114 1198176 1198341 1198446 1198507 1198614
1198627 1198723 1198731 1198732 1198751 1198752 1198766 1198925
1199042 1199132 1199140 1199166 1199223 1199224 1199232 1199240
1200170 1200334 1200550 1200735 1200737 1200800 1200842 1200855
1200855 1201099 1201225 1201560 1201640 1202175 1202310 1202593
CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611
CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403
CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574
CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148
CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570
CVE-2021-28153 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586
CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23308
CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155
CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/prometheus-node-exporter was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2140-1
Released: Mon Jun 20 14:58:38 2022
Summary: Security update for node_exporter
Type: security
Severity: important
References: 1190535,1196338,CVE-2022-21698
This security update for golang-github-prometheus-node_exporter provides:
Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes
Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed
Remove obsolete capture permission denied error fix already included upstream
* Bug fixes
Fix zoneinfo parsing prometheus/procfs#386
Fix nvme collector log noise #2091
Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes
Rename filesystem collector flags to match other collectors #2012
Make node_exporter print usage to STDOUT #203
* Features
Add conntrack statistics metrics #1155
Add ethtool stats collector #1832
Add flag to ignore network speed if it is unknown #1989
Add tapestats collector for Linux #2044
Add nvme collector #2062
* Enhancements
Add ErrorLog plumbing to promhttp #1887
Add more Infiniband counters #2019
netclass: retrieve interface names and filter before parsing #2033
Add time zone offset metric #2060
* Bug fixes
Handle errors from disabled PSI subsystem #1983
Fix panic when using backwards compatible flags #2000
Fix wrong value for OpenBSD memory buffer cache #2015
Only initiate collectors once #2048
Handle small backwards jumps in CPU idle #2067
- Capture permission denied error for 'energy_uj' file (bsc#1190535)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- golang-github-prometheus-node_exporter-1.3.0-150100.3.12.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:27:04 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:27:04 +0200 (CEST)
Subject: SUSE-CU-2022:2094-1: Security update of ses/7.1/ceph/prometheus-server
Message-ID: <20220907122704.39EFAFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/prometheus-server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2094-1
Container Tags : ses/7.1/ceph/prometheus-server:2.32.1 , ses/7.1/ceph/prometheus-server:2.32.1.3.2.195 , ses/7.1/ceph/prometheus-server:latest , ses/7.1/ceph/prometheus-server:sle15.3.pacific
Container Release : 3.2.195
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196338 1196368 1196490 1196514 1196567 1196647
1196861 1196925 1196939 1197004 1197024 1197042 1197065 1197134
1197178 1197443 1197459 1197570 1197684 1197718 1197771 1197794
1198062 1198090 1198114 1198176 1198341 1198446 1198507 1198614
1198627 1198723 1198731 1198732 1198751 1198752 1198766 1198925
1199042 1199132 1199140 1199166 1199223 1199224 1199232 1199240
1200170 1200334 1200550 1200735 1200737 1200800 1200842 1200855
1200855 1201099 1201225 1201560 1201640 1202175 1202310 1202593
CVE-2017-7607 CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611
CVE-2017-7612 CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403
CVE-2018-18310 CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574
CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148
CVE-2019-7149 CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570
CVE-2021-28153 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586
CVE-2022-2068 CVE-2022-2097 CVE-2022-21698 CVE-2022-22576 CVE-2022-23308
CVE-2022-27775 CVE-2022-27776 CVE-2022-27781 CVE-2022-27782 CVE-2022-29155
CVE-2022-29458 CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-34903
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/prometheus-server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1435-1
Released: Wed Apr 27 14:34:27 2022
Summary: Security update for firewalld, golang-github-prometheus-prometheus
Type: security
Severity: important
References: 1196338,1197042,CVE-2022-21698
This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:
Security fixes for golang-github-prometheus-prometheus:
- CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling
requests with non-standard HTTP methods (bsc#1196338).
Other non security changes for golang-github-prometheus-prometheus:
- Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`.
- Only recommends `firewalld-prometheus-config` as prometheus does not require it to run.
- Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)
Other non security changes for firewalld:
- Provide dummy `firewalld-prometheus-config` package (bsc#1197042)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 12:27:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 14:27:17 +0200 (CEST)
Subject: SUSE-CU-2022:2095-1: Security update of
ses/7.1/ceph/prometheus-snmp_notifier
Message-ID: <20220907122717.B245EFCF4@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/ceph/prometheus-snmp_notifier
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2095-1
Container Tags : ses/7.1/ceph/prometheus-snmp_notifier:1.2.1 , ses/7.1/ceph/prometheus-snmp_notifier:1.2.1.2.2.186 , ses/7.1/ceph/prometheus-snmp_notifier:latest , ses/7.1/ceph/prometheus-snmp_notifier:sle15.3.pacific
Container Release : 2.2.186
Severity : important
Type : security
References : 1033084 1033085 1033086 1033087 1033088 1033089 1033090 1040589
1073299 1082318 1093392 1104264 1104700 1106390 1107066 1107067
1111973 1112310 1112723 1112726 1113554 1120402 1121227 1121230
1122004 1122021 1123685 1125007 1130557 1137373 1140016 1150451
1169582 1172055 1177460 1177460 1177460 1177460 1177460 1177460
1178346 1178350 1178353 1181475 1181658 1183533 1184501 1185637
1188127 1191157 1191502 1192951 1193086 1193489 1193659 1194550
1194642 1194708 1194848 1194883 1195059 1195157 1195247 1195258
1195283 1195529 1195628 1195899 1195999 1196061 1196093 1196107
1196125 1196317 1196368 1196490 1196514 1196567 1196647 1196861
1196925 1196939 1197004 1197024 1197065 1197134 1197178 1197443
1197459 1197570 1197684 1197718 1197771 1197794 1198062 1198090
1198114 1198176 1198341 1198446 1198507 1198614 1198627 1198723
1198731 1198732 1198751 1198752 1198766 1198925 1199042 1199132
1199140 1199166 1199223 1199224 1199232 1199240 1200170 1200334
1200550 1200735 1200737 1200800 1200842 1200855 1200855 1201099
1201225 1201560 1201640 1202175 1202310 1202593 CVE-2017-7607
CVE-2017-7608 CVE-2017-7609 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612
CVE-2017-7613 CVE-2018-16062 CVE-2018-16402 CVE-2018-16403 CVE-2018-18310
CVE-2018-18520 CVE-2018-18521 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032
CVE-2019-6285 CVE-2019-6292 CVE-2019-7146 CVE-2019-7148 CVE-2019-7149
CVE-2019-7150 CVE-2019-7664 CVE-2019-7665 CVE-2021-22570 CVE-2021-28153
CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-22576 CVE-2022-23308 CVE-2022-27775 CVE-2022-27776
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32206 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/ceph/prometheus-snmp_notifier was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1040-1
Released: Wed Mar 30 09:40:58 2022
Summary: Security update for protobuf
Type: security
Severity: moderate
References: 1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1047-1
Released: Wed Mar 30 16:20:56 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1061-1
Released: Wed Mar 30 18:27:06 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1073-1
Released: Fri Apr 1 11:45:01 2022
Summary: Security update for yaml-cpp
Type: security
Severity: moderate
References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1099-1
Released: Mon Apr 4 12:53:05 2022
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1107-1
Released: Mon Apr 4 17:49:17 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1194642
This update for util-linux fixes the following issue:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1157-1
Released: Tue Apr 12 13:26:19 2022
Summary: Security update for libsolv, libzypp, zypper
Type: security
Severity: important
References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv update to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp update to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper update to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1158-1
Released: Tue Apr 12 14:44:43 2022
Summary: Security update for xz
Type: security
Severity: important
References: 1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1170-1
Released: Tue Apr 12 18:20:07 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1191502,1193086,1195247,1195529,1195899,1196567
This update for systemd fixes the following issues:
- Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567)
- When migrating from sysvinit to systemd (it probably won't happen anymore),
let's use the default systemd target, which is the graphical.target one.
- Don't open /var journals in volatile mode when runtime_journal==NULL
- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: ignore failures for auxiliary files
- install: make UnitFileChangeType enum anonymous
- shared/install: reduce scope of iterator variables
- systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867)
- Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247)
- Drop or soften some of the deprecation warnings (bsc#1193086)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1281-1
Released: Wed Apr 20 12:26:38 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1196647
This update for libtirpc fixes the following issues:
- Add option to enforce connection via protocol version 2 first (bsc#1196647)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1302-1
Released: Fri Apr 22 10:04:46 2022
Summary: Recommended update for e2fsprogs
Type: recommended
Severity: moderate
References: 1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1374-1
Released: Mon Apr 25 15:02:13 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1191157,1197004
This update for openldap2 fixes the following issues:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1409-1
Released: Tue Apr 26 12:54:57 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1451-1
Released: Thu Apr 28 10:47:22 2022
Summary: Recommended update for perl
Type: recommended
Severity: moderate
References: 1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1455-1
Released: Thu Apr 28 11:31:51 2022
Summary: Security update for glib2
Type: security
Severity: low
References: 1183533,CVE-2021-28153
This update for glib2 fixes the following issues:
- CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1626-1
Released: Tue May 10 15:55:13 2022
Summary: Recommended update for systemd
Type: recommended
Severity: moderate
References: 1198090,1198114
This update for systemd fixes the following issues:
- tmpfiles.d: only 'w+' can have multiple lines for the same path (bsc#1198090)
- journald: make sure journal_file_open() doesn't leave a corrupted file around after failing (bsc#1198114)
- tmpfiles: constify item_compatible() parameters
- test tmpfiles: add a test for 'w+'
- test: add test checking tmpfiles conf file precedence
- journald: make use of CLAMP() in cache_space_refresh()
- journal-file: port journal_file_open() to openat_report_new()
- fs-util: make sure openat_report_new() initializes return param also on shortcut
- fs-util: fix typos in comments
- fs-util: add openat_report_new() wrapper around openat()
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1657-1
Released: Fri May 13 15:39:07 2022
Summary: Security update for curl
Type: security
Severity: moderate
References: 1198614,1198723,1198766,CVE-2022-22576,CVE-2022-27775,CVE-2022-27776
This update for curl fixes the following issues:
- CVE-2022-27776: Fixed auth/cookie leak on redirect (bsc#1198766)
- CVE-2022-27775: Fixed bad local IPv6 connection reuse (bsc#1198723)
- CVE-2022-22576: Fixed OAUTH2 bearer bypass in connection re-use (bsc#1198614)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1688-1
Released: Mon May 16 14:02:49 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1691-1
Released: Mon May 16 15:13:39 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1750-1
Released: Thu May 19 15:28:20 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1870-1
Released: Fri May 27 10:03:40 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1199223,1199224,CVE-2022-27781,CVE-2022-27782
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed CERTINFO never-ending busy-loop (bsc#1199223)
- CVE-2022-27782: Fixed TLS and SSH connection too eager reuse (bsc#1199224)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2251-1
Released: Mon Jul 4 09:52:25 2022
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1185637,1199166,1200550,CVE-2022-1292,CVE-2022-2068
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2327-1
Released: Thu Jul 7 15:06:13 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200735,1200737,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2328-1
Released: Thu Jul 7 15:07:35 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2470-1
Released: Thu Jul 21 04:40:14 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198507,1198732,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- Call pam_loginuid when creating user at .service (bsc#1198507)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Flagsify EscapeStyle and make ESCAPE_BACKSLASH_ONELINE implicit
- Revert 'basic/env-util: (mostly) follow POSIX for what variable names are allowed'
- basic/env-util: (mostly) follow POSIX for what variable names are allowed
- basic/env-util: make function shorter
- basic/escape: add mode where empty arguments are still shown as ''
- basic/escape: always escape newlines in shell_escape()
- basic/escape: escape control characters, but not utf-8, in shell quoting
- basic/escape: use consistent location for '*' in function declarations
- basic/string-util: inline iterator variable declarations
- basic/string-util: simplify how str_realloc() is used
- basic/string-util: split out helper function
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
- string-util: explicitly cast character to unsigned
- string-util: fix build error on aarch64
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2572-1
Released: Thu Jul 28 04:22:33 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2614-1
Released: Mon Aug 1 10:41:04 2022
Summary: Security update for dwarves and elfutils
Type: security
Severity: moderate
References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1082318,1104264,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7146,CVE-2019-7148,CVE-2019-7149,CVE-2019-7150,CVE-2019-7664,CVE-2019-7665
This update for dwarves and elfutils fixes the following issues:
elfutils was updated to version 0.177 (jsc#SLE-24501):
- elfclassify: New tool to analyze ELF objects.
- readelf: Print DW_AT_data_member_location as decimal offset.
Decode DW_AT_discr_list block attributes.
- libdw: Add DW_AT_GNU_numerator, DW_AT_GNU_denominator and DW_AT_GNU_bias.
- libdwelf: Add dwelf_elf_e_machine_string.
dwelf_elf_begin now only returns NULL when there is an error
reading or decompressing a file. If the file is not an ELF file
an ELF handle of type ELF_K_NONE is returned.
- backends: Add support for C-SKY.
Update to version 0.176:
- build: Add new --enable-install-elfh option.
Do NOT use this for system installs (it overrides glibc elf.h).
- backends: riscv improved core file and return value location support.
- Fixes:
- CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7664 - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685)
- CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (CVE is a bit misleading, as this is not a bug in libelf as described) (bsc#1125007)
Update to version 0.175:
- readelf: Handle mutliple .debug_macro sections.
Recognize and parse GNU Property, NT_VERSION and
GNU Build Attribute ELF Notes.
- strip: Handle SHT_GROUP correctly.
Add strip --reloc-debug-sections-only option.
Handle relocations against GNU compressed sections.
- libdwelf: New function dwelf_elf_begin.
- libcpu: Recognize bpf jump variants BPF_JLT, BPF_JLE, BPF_JSLT
and BPF_JSLE.
backends: RISCV handles ADD/SUB relocations.
Handle SHT_X86_64_UNWIND.
- CVE-2018-18521: arlib: Divide-by-zero vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723)
- CVE-2018-18310: Invalid Address Read problem in dwfl_segment_report_module.c (bsc#1111973)
- CVE-2018-18520: eu-size: Bad handling of ar files inside are files (bsc#1112726)
Update to version 0.174:
- libelf, libdw and all tools now handle extended shnum and
shstrndx correctly.
- elfcompress: Don't rewrite input file if no section data needs
updating. Try harder to keep same file mode bits
(suid) on rewrite.
- strip: Handle mixed (out of order) allocated/non-allocated sections.
- unstrip: Handle SHT_GROUP sections.
- backends: RISCV and M68K now have backend implementations to
generate CFI based backtraces.
- Fixes:
- CVE-2018-16402: libelf: denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) Double-free crash in nm and readelf
- CVE-2018-16403: heap buffer overflow in readelf (bsc#1107067)
- CVE-2018-16062: heap-buffer-overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)
Update to version 0.173:
- More fixes for crashes and hangs found by afl-fuzz. In particular various
functions now detect and break infinite loops caused by bad DIE tree cycles.
- readelf: Will now lookup the size and signedness of constant value types
to display them correctly (and not just how they were encoded).
- libdw: New function dwarf_next_lines to read CU-less .debug_line data.
dwarf_begin_elf now accepts ELF files containing just .debug_line
or .debug_frame sections (which can be read without needing a DIE
tree from the .debug_info section).
Removed dwarf_getscn_info, which was never implemented.
- backends: Handle BPF simple relocations.
The RISCV backends now handles ABI specific CFI and knows about
RISCV register types and names.
Update to version 0.172:
- Various bug fixes in libdw and eu-readelf dealing with bad DWARF5 data.
Thanks to running the afl fuzzer on eu-readelf and various testcases.
Update to version 0.171:
- DWARF5 and split dwarf, including GNU DebugFission, are supported now.
Data can be read from the new DWARF sections .debug_addr, .debug_line_str,
.debug_loclists, .debug_str_offsets and .debug_rnglists. Plus the new
DWARF5 and GNU DebugFission encodings of the existing .debug sections.
Also in split DWARF .dwo (DWARF object) files. This support is mostly
handled by existing functions (dwarf_getlocation*, dwarf_getsrclines,
dwarf_ranges, dwarf_form*, etc.) now returning the data from the new
sections and data formats. But some new functions have been added
to more easily get information about skeleton and split compile units
(dwarf_get_units and dwarf_cu_info), handle new attribute data
(dwarf_getabbrevattr_data) and to keep references to Dwarf_Dies
that might come from different sections or files (dwarf_die_addr_die).
- Not yet supported are .dwp (Dwarf Package) and .sup (Dwarf Supplementary)
files, the .debug_names index, the .debug_cu_index and .debug_tu_index
sections. Only a single .debug_info (and .debug_types) section are
currently handled.
- readelf: Handle all new DWARF5 sections.
--debug-dump=info+ will show split unit DIEs when found.
--dwarf-skeleton can be used when inspecting a .dwo file.
Recognizes GNU locviews with --debug-dump=loc.
- libdw: New functions dwarf_die_addr_die, dwarf_get_units,
dwarf_getabbrevattr_data and dwarf_cu_info.
libdw will now try to resolve the alt file on first use of
an alt attribute FORM when not set yet with dwarf_set_alt.
dwarf_aggregate_size() now works with multi-dimensional arrays.
- libdwfl: Use process_vm_readv when available instead of ptrace.
backends: Add a RISC-V backend.
There were various improvements to build on Windows.
The sha1 and md5 implementations have been removed, they weren't used.
Update to version 0.170:
- libdw: Added new DWARF5 attribute, tag, character encoding, language code,
calling convention, defaulted member function and macro constants
to dwarf.h.
New functions dwarf_default_lower_bound and dwarf_line_file.
dwarf_peel_type now handles DWARF5 immutable, packed and shared tags.
dwarf_getmacros now handles DWARF5 .debug_macro sections.
- strip: Add -R, --remove-section=SECTION and --keep-section=SECTION.
- backends: The bpf disassembler is now always build on all platforms.
Update to version 0.169:
- backends: Add support for EM_PPC64 GNU_ATTRIBUTES.
Frame pointer unwinding fallback support for i386, x86_64, aarch64.
- translations: Update Polish translation.
- CVE-2017-7611: elfutils: DoS (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033088)
- CVE-2017-7610: elflint: heap-based buffer overflow in check_group (bsc#1033087)
- CVE-2017-7609: memory allocation failure in __libelf_decompress (bsc#1033086)
- CVE-2017-7607: heap-based buffer overflow in handle_gnu_hashi (readelf.c) (bsc#1033084)
- CVE-2017-7608: heap-based buffer overflow in ebl_object_note_type_name (eblobjnotetypename.c) (bsc#1033085)
- CVE-2017-7613: elfutils: denial of service (memory consumption) via a crafted ELF file (bsc#1033090)
- CVE-2017-7612: elfutils: denial of service (heap-based buffer over-read and application crash) via a crafted ELF file (bsc#1033089)
- Don't make elfutils recommend elfutils-lang as elfutils-lang
already supplements elfutils.
dwarves is shipped new in version 1.22 to provide tooling for use by the Linux Kernel BTF verification framework.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-3.57.1 updated
- glibc-2.31-150300.37.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- grep-3.1-150000.4.6.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libdw1-0.177-150300.11.3.1 updated
- libebl-plugins-0.177-150300.11.3.1 updated
- libelf1-0.177-150300.11.3.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libglib-2_0-0-2.62.6-150200.3.9.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-hmac-1.1.1d-150200.11.51.1 updated
- libopenssl1_1-1.1.1d-150200.11.51.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libprotobuf-lite20-3.9.2-4.12.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libsolv-tools-0.7.22-150200.12.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxml2-2-2.9.7-150000.3.46.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.30.2-150200.39.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.1d-150200.11.51.1 updated
- pam-1.3.0-150000.6.58.3 updated
- perl-base-5.26.1-150300.17.3.1 updated
- procps-3.3.15-150000.7.25.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 added
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.53-150200.33.1 updated
- container:sles15-image-15.0.0-17.20.29 updated
From sle-security-updates at lists.suse.com Wed Sep 7 13:22:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 15:22:57 +0200 (CEST)
Subject: SUSE-SU-2022:3138-1: moderate: Security update for ImageMagick
Message-ID: <20220907132258.007BBFD84@maintenance.suse.de>
SUSE Security Update: Security update for ImageMagick
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3138-1
Rating: moderate
References: #1202800
Cross-References: CVE-2021-20224
CVSS scores:
CVE-2021-20224 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-20224 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ImageMagick fixes the following issues:
- CVE-2021-20224: Fixed an integer overflow that could be triggered via a
crafted file (bsc#1202800).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3138=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3138=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3138=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
ImageMagick-6.8.8.1-71.180.1
ImageMagick-debuginfo-6.8.8.1-71.180.1
ImageMagick-debugsource-6.8.8.1-71.180.1
libMagick++-6_Q16-3-6.8.8.1-71.180.1
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-32bit-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-debuginfo-32bit-6.8.8.1-71.180.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
ImageMagick-6.8.8.1-71.180.1
ImageMagick-config-6-SUSE-6.8.8.1-71.180.1
ImageMagick-config-6-upstream-6.8.8.1-71.180.1
ImageMagick-debuginfo-6.8.8.1-71.180.1
ImageMagick-debugsource-6.8.8.1-71.180.1
ImageMagick-devel-6.8.8.1-71.180.1
libMagick++-6_Q16-3-6.8.8.1-71.180.1
libMagick++-6_Q16-3-debuginfo-6.8.8.1-71.180.1
libMagick++-devel-6.8.8.1-71.180.1
perl-PerlMagick-6.8.8.1-71.180.1
perl-PerlMagick-debuginfo-6.8.8.1-71.180.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
ImageMagick-config-6-SUSE-6.8.8.1-71.180.1
ImageMagick-config-6-upstream-6.8.8.1-71.180.1
ImageMagick-debuginfo-6.8.8.1-71.180.1
ImageMagick-debugsource-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-6.8.8.1-71.180.1
libMagickCore-6_Q16-1-debuginfo-6.8.8.1-71.180.1
libMagickWand-6_Q16-1-6.8.8.1-71.180.1
libMagickWand-6_Q16-1-debuginfo-6.8.8.1-71.180.1
References:
https://www.suse.com/security/cve/CVE-2021-20224.html
https://bugzilla.suse.com/1202800
From sle-security-updates at lists.suse.com Wed Sep 7 13:24:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 15:24:31 +0200 (CEST)
Subject: SUSE-SU-2022:3139-1: important: Security update for clamav
Message-ID: <20220907132431.B522BFD84@maintenance.suse.de>
SUSE Security Update: Security update for clamav
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3139-1
Rating: important
References: #1202986
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature "Intermediates" feature.
* Relax constraints on slightly malformed zip archives that contain
overlapping file entries.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3139=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3139=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3139=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3139=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3139=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3139=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
clamav-0.103.7-33.50.1
clamav-debuginfo-0.103.7-33.50.1
clamav-debugsource-0.103.7-33.50.1
- SUSE OpenStack Cloud 9 (x86_64):
clamav-0.103.7-33.50.1
clamav-debuginfo-0.103.7-33.50.1
clamav-debugsource-0.103.7-33.50.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
clamav-0.103.7-33.50.1
clamav-debuginfo-0.103.7-33.50.1
clamav-debugsource-0.103.7-33.50.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-33.50.1
clamav-debuginfo-0.103.7-33.50.1
clamav-debugsource-0.103.7-33.50.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
clamav-0.103.7-33.50.1
clamav-debuginfo-0.103.7-33.50.1
clamav-debugsource-0.103.7-33.50.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
clamav-0.103.7-33.50.1
clamav-debuginfo-0.103.7-33.50.1
clamav-debugsource-0.103.7-33.50.1
References:
https://bugzilla.suse.com/1202986
From sle-security-updates at lists.suse.com Wed Sep 7 13:25:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 15:25:58 +0200 (CEST)
Subject: SUSE-SU-2022:3141-1: moderate: Security update for icu
Message-ID: <20220907132558.0F2ACFD84@maintenance.suse.de>
SUSE Security Update: Security update for icu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3141-1
Rating: moderate
References: #1193951
Cross-References: CVE-2020-21913
CVSS scores:
CVE-2020-21913 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21913 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3141=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3141=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3141=1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3141=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libicu60_2-60.2-150000.3.12.1
libicu60_2-debuginfo-60.2-150000.3.12.1
- openSUSE Leap 15.4 (x86_64):
libicu60_2-32bit-60.2-150000.3.12.1
libicu60_2-32bit-debuginfo-60.2-150000.3.12.1
- openSUSE Leap 15.4 (noarch):
libicu60_2-bedata-60.2-150000.3.12.1
libicu60_2-ledata-60.2-150000.3.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libicu60_2-60.2-150000.3.12.1
libicu60_2-debuginfo-60.2-150000.3.12.1
- openSUSE Leap 15.3 (x86_64):
libicu60_2-32bit-60.2-150000.3.12.1
libicu60_2-32bit-debuginfo-60.2-150000.3.12.1
- openSUSE Leap 15.3 (noarch):
libicu60_2-bedata-60.2-150000.3.12.1
libicu60_2-ledata-60.2-150000.3.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
icu-debuginfo-60.2-150000.3.12.1
icu-debugsource-60.2-150000.3.12.1
libicu60_2-60.2-150000.3.12.1
libicu60_2-debuginfo-60.2-150000.3.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (noarch):
libicu60_2-bedata-60.2-150000.3.12.1
libicu60_2-ledata-60.2-150000.3.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
icu-debuginfo-60.2-150000.3.12.1
icu-debugsource-60.2-150000.3.12.1
libicu60_2-60.2-150000.3.12.1
libicu60_2-debuginfo-60.2-150000.3.12.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch):
libicu60_2-bedata-60.2-150000.3.12.1
libicu60_2-ledata-60.2-150000.3.12.1
References:
https://www.suse.com/security/cve/CVE-2020-21913.html
https://bugzilla.suse.com/1193951
From sle-security-updates at lists.suse.com Wed Sep 7 13:27:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 15:27:34 +0200 (CEST)
Subject: SUSE-SU-2022:3137-1: important: Security update for webkit2gtk3
Message-ID: <20220907132734.B63F4FD84@maintenance.suse.de>
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3137-1
Rating: important
References: #1202169 #1202807
Cross-References: CVE-2022-32893
CVSS scores:
CVE-2022-32893 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32893 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- Updated to version 2.36.7 (bsc#1202807):
- CVE-2022-32893: Fixed an issue that would be triggered when processing
malicious web content and that could lead to arbitrary code execution.
- Fixed several crashes and rendering issues.
- Updated to version 2.36.6:
- Fixed handling of touchpad scrolling on GTK4 builds
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
- Fixed several crashes and rendering issues
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3137=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3137=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3137=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3137=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_1-0-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.7-150400.4.12.1
libjavascriptcoregtk-5_0-0-2.36.7-150400.4.12.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-4_0-37-2.36.7-150400.4.12.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-4_1-0-2.36.7-150400.4.12.1
libwebkit2gtk-4_1-0-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-5_0-0-2.36.7-150400.4.12.1
libwebkit2gtk-5_0-0-debuginfo-2.36.7-150400.4.12.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-150400.4.12.1
typelib-1_0-JavaScriptCore-4_1-2.36.7-150400.4.12.1
typelib-1_0-JavaScriptCore-5_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2-4_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2-4_1-2.36.7-150400.4.12.1
typelib-1_0-WebKit2-5_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.7-150400.4.12.1
typelib-1_0-WebKit2WebExtension-5_0-2.36.7-150400.4.12.1
webkit-jsc-4-2.36.7-150400.4.12.1
webkit-jsc-4-debuginfo-2.36.7-150400.4.12.1
webkit-jsc-4.1-2.36.7-150400.4.12.1
webkit-jsc-4.1-debuginfo-2.36.7-150400.4.12.1
webkit-jsc-5.0-2.36.7-150400.4.12.1
webkit-jsc-5.0-debuginfo-2.36.7-150400.4.12.1
webkit2gtk-4_0-injected-bundles-2.36.7-150400.4.12.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150400.4.12.1
webkit2gtk-4_1-injected-bundles-2.36.7-150400.4.12.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.7-150400.4.12.1
webkit2gtk-5_0-injected-bundles-2.36.7-150400.4.12.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.7-150400.4.12.1
webkit2gtk3-debugsource-2.36.7-150400.4.12.1
webkit2gtk3-devel-2.36.7-150400.4.12.1
webkit2gtk3-minibrowser-2.36.7-150400.4.12.1
webkit2gtk3-minibrowser-debuginfo-2.36.7-150400.4.12.1
webkit2gtk3-soup2-debugsource-2.36.7-150400.4.12.1
webkit2gtk3-soup2-devel-2.36.7-150400.4.12.1
webkit2gtk3-soup2-minibrowser-2.36.7-150400.4.12.1
webkit2gtk3-soup2-minibrowser-debuginfo-2.36.7-150400.4.12.1
webkit2gtk4-debugsource-2.36.7-150400.4.12.1
webkit2gtk4-devel-2.36.7-150400.4.12.1
webkit2gtk4-minibrowser-2.36.7-150400.4.12.1
webkit2gtk4-minibrowser-debuginfo-2.36.7-150400.4.12.1
- openSUSE Leap 15.4 (noarch):
WebKit2GTK-4.0-lang-2.36.7-150400.4.12.1
WebKit2GTK-4.1-lang-2.36.7-150400.4.12.1
WebKit2GTK-5.0-lang-2.36.7-150400.4.12.1
- openSUSE Leap 15.4 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_1-0-32bit-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-4_0-37-32bit-2.36.7-150400.4.12.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-4_1-0-32bit-2.36.7-150400.4.12.1
libwebkit2gtk-4_1-0-32bit-debuginfo-2.36.7-150400.4.12.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-5_0-0-2.36.7-150400.4.12.1
libjavascriptcoregtk-5_0-0-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-5_0-0-2.36.7-150400.4.12.1
libwebkit2gtk-5_0-0-debuginfo-2.36.7-150400.4.12.1
typelib-1_0-JavaScriptCore-5_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2-5_0-2.36.7-150400.4.12.1
webkit2gtk-5_0-injected-bundles-2.36.7-150400.4.12.1
webkit2gtk-5_0-injected-bundles-debuginfo-2.36.7-150400.4.12.1
webkit2gtk4-debugsource-2.36.7-150400.4.12.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_1-0-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_1-0-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-4_1-0-2.36.7-150400.4.12.1
libwebkit2gtk-4_1-0-debuginfo-2.36.7-150400.4.12.1
typelib-1_0-JavaScriptCore-4_1-2.36.7-150400.4.12.1
typelib-1_0-WebKit2-4_1-2.36.7-150400.4.12.1
typelib-1_0-WebKit2WebExtension-4_1-2.36.7-150400.4.12.1
webkit2gtk-4_1-injected-bundles-2.36.7-150400.4.12.1
webkit2gtk-4_1-injected-bundles-debuginfo-2.36.7-150400.4.12.1
webkit2gtk3-debugsource-2.36.7-150400.4.12.1
webkit2gtk3-devel-2.36.7-150400.4.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150400.4.12.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150400.4.12.1
libwebkit2gtk-4_0-37-2.36.7-150400.4.12.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150400.4.12.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2-4_0-2.36.7-150400.4.12.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150400.4.12.1
webkit2gtk-4_0-injected-bundles-2.36.7-150400.4.12.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150400.4.12.1
webkit2gtk3-soup2-debugsource-2.36.7-150400.4.12.1
webkit2gtk3-soup2-devel-2.36.7-150400.4.12.1
References:
https://www.suse.com/security/cve/CVE-2022-32893.html
https://bugzilla.suse.com/1202169
https://bugzilla.suse.com/1202807
From sle-security-updates at lists.suse.com Wed Sep 7 13:29:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 15:29:16 +0200 (CEST)
Subject: SUSE-SU-2022:3140-1: moderate: Security update for icu
Message-ID: <20220907132916.81FBBFD84@maintenance.suse.de>
SUSE Security Update: Security update for icu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3140-1
Rating: moderate
References: #1193951
Cross-References: CVE-2020-21913
CVSS scores:
CVE-2020-21913 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21913 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safety issue that could lead to use after
free (bsc#1193951).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3140=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3140=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3140=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
icu-52.1-8.13.1
icu-debuginfo-52.1-8.13.1
icu-debugsource-52.1-8.13.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
icu-debuginfo-52.1-8.13.1
icu-debugsource-52.1-8.13.1
libicu-devel-52.1-8.13.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
icu-debuginfo-52.1-8.13.1
icu-debugsource-52.1-8.13.1
libicu-doc-52.1-8.13.1
libicu52_1-52.1-8.13.1
libicu52_1-data-52.1-8.13.1
libicu52_1-debuginfo-52.1-8.13.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libicu52_1-32bit-52.1-8.13.1
libicu52_1-debuginfo-32bit-52.1-8.13.1
References:
https://www.suse.com/security/cve/CVE-2020-21913.html
https://bugzilla.suse.com/1193951
From sle-security-updates at lists.suse.com Wed Sep 7 13:32:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 15:32:31 +0200 (CEST)
Subject: SUSE-SU-2022:3144-1: important: Security update for gpg2
Message-ID: <20220907133231.8B1AFFD84@maintenance.suse.de>
SUSE Security Update: Security update for gpg2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3144-1
Rating: important
References: #1201225
Cross-References: CVE-2022-34903
CVSS scores:
CVE-2022-34903 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
CVE-2022-34903 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a potential signature forgery via injection into
the status line when certain unusual conditions are met (bsc#1201225).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3144=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3144=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3144=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3144=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3144=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3144=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3144=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3144=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3144=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3144=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3144=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3144=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3144=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3144=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3144=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3144=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3144=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3144=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3144=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Manager Server 4.1 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Manager Proxy 4.1 (x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Manager Proxy 4.1 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Enterprise Storage 7 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
- SUSE Enterprise Storage 6 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE CaaS Platform 4.0 (noarch):
gpg2-lang-2.2.5-150000.4.22.1
- SUSE CaaS Platform 4.0 (x86_64):
gpg2-2.2.5-150000.4.22.1
gpg2-debuginfo-2.2.5-150000.4.22.1
gpg2-debugsource-2.2.5-150000.4.22.1
References:
https://www.suse.com/security/cve/CVE-2022-34903.html
https://bugzilla.suse.com/1201225
From sle-security-updates at lists.suse.com Wed Sep 7 16:21:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:21:28 +0200 (CEST)
Subject: SUSE-SU-2022:3142-1: moderate: Security update for icu
Message-ID: <20220907162128.368E8FCF4@maintenance.suse.de>
SUSE Security Update: Security update for icu
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3142-1
Rating: moderate
References: #1193951
Cross-References: CVE-2020-21913
CVSS scores:
CVE-2020-21913 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-21913 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3142=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3142=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3142=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3142=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3142=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3142=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3142=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3142=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3142=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- openSUSE Leap Micro 5.2 (noarch):
libicu65_1-ledata-65.1-150200.4.5.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
icu-65.1-150200.4.5.1
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-devel-65.1-150200.4.5.1
libicu-doc-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- openSUSE Leap 15.4 (x86_64):
libicu-devel-32bit-65.1-150200.4.5.1
libicu-suse65_1-32bit-65.1-150200.4.5.1
libicu-suse65_1-32bit-debuginfo-65.1-150200.4.5.1
- openSUSE Leap 15.4 (noarch):
libicu65_1-bedata-65.1-150200.4.5.1
libicu65_1-ledata-65.1-150200.4.5.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
icu-65.1-150200.4.5.1
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-devel-65.1-150200.4.5.1
libicu-doc-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- openSUSE Leap 15.3 (noarch):
libicu65_1-bedata-65.1-150200.4.5.1
libicu65_1-ledata-65.1-150200.4.5.1
- openSUSE Leap 15.3 (x86_64):
libicu-devel-32bit-65.1-150200.4.5.1
libicu-suse65_1-32bit-65.1-150200.4.5.1
libicu-suse65_1-32bit-debuginfo-65.1-150200.4.5.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
icu-65.1-150200.4.5.1
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
icu-65.1-150200.4.5.1
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-devel-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
libicu65_1-bedata-65.1-150200.4.5.1
libicu65_1-ledata-65.1-150200.4.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-devel-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libicu65_1-bedata-65.1-150200.4.5.1
libicu65_1-ledata-65.1-150200.4.5.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- SUSE Linux Enterprise Micro 5.2 (noarch):
libicu65_1-bedata-65.1-150200.4.5.1
libicu65_1-ledata-65.1-150200.4.5.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
icu-debuginfo-65.1-150200.4.5.1
icu-debugsource-65.1-150200.4.5.1
libicu-suse65_1-65.1-150200.4.5.1
libicu-suse65_1-debuginfo-65.1-150200.4.5.1
- SUSE Linux Enterprise Micro 5.1 (noarch):
libicu65_1-bedata-65.1-150200.4.5.1
libicu65_1-ledata-65.1-150200.4.5.1
References:
https://www.suse.com/security/cve/CVE-2020-21913.html
https://bugzilla.suse.com/1193951
From sle-security-updates at lists.suse.com Wed Sep 7 16:24:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:24:10 +0200 (CEST)
Subject: SUSE-SU-2022:3153-1: important: Security update for gdk-pixbuf
Message-ID: <20220907162410.EBFF3FCF4@maintenance.suse.de>
SUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3153-1
Rating: important
References: #1194633 #1195391
Cross-References: CVE-2021-44648
CVSS scores:
CVE-2021-44648 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-44648 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for gdk-pixbuf fixes the following issues:
Update to version 2.42.9:
- CVE-2021-44648: Fixed overflow vulnerability in lzw code size
(bsc#1194633).
Bugfixes:
- Fixed loading of larger images (glgo#GNOME/gdk-pixbuf#216).
- Avoided bashism in baselibs postscript (bsc#1195391).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3153=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3153=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.42.9-150400.5.6.1
gdk-pixbuf-devel-2.42.9-150400.5.6.1
gdk-pixbuf-devel-debuginfo-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-debuginfo-2.42.9-150400.5.6.1
gdk-pixbuf-thumbnailer-2.42.9-150400.5.6.1
gdk-pixbuf-thumbnailer-debuginfo-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-debuginfo-2.42.9-150400.5.6.1
typelib-1_0-GdkPixbuf-2_0-2.42.9-150400.5.6.1
typelib-1_0-GdkPixdata-2_0-2.42.9-150400.5.6.1
- openSUSE Leap 15.4 (x86_64):
gdk-pixbuf-devel-32bit-2.42.9-150400.5.6.1
gdk-pixbuf-devel-32bit-debuginfo-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-32bit-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-32bit-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.9-150400.5.6.1
- openSUSE Leap 15.4 (noarch):
gdk-pixbuf-lang-2.42.9-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.42.9-150400.5.6.1
gdk-pixbuf-devel-2.42.9-150400.5.6.1
gdk-pixbuf-devel-debuginfo-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-debuginfo-2.42.9-150400.5.6.1
gdk-pixbuf-thumbnailer-2.42.9-150400.5.6.1
gdk-pixbuf-thumbnailer-debuginfo-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-debuginfo-2.42.9-150400.5.6.1
typelib-1_0-GdkPixbuf-2_0-2.42.9-150400.5.6.1
typelib-1_0-GdkPixdata-2_0-2.42.9-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
gdk-pixbuf-query-loaders-32bit-2.42.9-150400.5.6.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-32bit-2.42.9-150400.5.6.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.42.9-150400.5.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
gdk-pixbuf-lang-2.42.9-150400.5.6.1
References:
https://www.suse.com/security/cve/CVE-2021-44648.html
https://bugzilla.suse.com/1194633
https://bugzilla.suse.com/1195391
From sle-security-updates at lists.suse.com Wed Sep 7 16:25:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:25:08 +0200 (CEST)
Subject: SUSE-SU-2022:3162-1: moderate: Security update for libyajl
Message-ID: <20220907162508.1195BFCF4@maintenance.suse.de>
SUSE Security Update: Security update for libyajl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3162-1
Rating: moderate
References: #1198405
Cross-References: CVE-2022-24795
CVSS scores:
CVE-2022-24795 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24795 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large
inputs (bsc#1198405).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3162=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3162=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3162=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3162=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3162=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3162=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3162=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl-devel-2.1.0-150000.4.3.1
libyajl-devel-static-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
yajl-2.1.0-150000.4.3.1
yajl-debuginfo-2.1.0-150000.4.3.1
- openSUSE Leap 15.4 (x86_64):
libyajl-devel-32bit-2.1.0-150000.4.3.1
libyajl2-32bit-2.1.0-150000.4.3.1
libyajl2-32bit-debuginfo-2.1.0-150000.4.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl-devel-2.1.0-150000.4.3.1
libyajl-devel-static-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
yajl-2.1.0-150000.4.3.1
yajl-debuginfo-2.1.0-150000.4.3.1
- openSUSE Leap 15.3 (x86_64):
libyajl-devel-32bit-2.1.0-150000.4.3.1
libyajl2-32bit-2.1.0-150000.4.3.1
libyajl2-32bit-debuginfo-2.1.0-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl-devel-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl-devel-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libyajl-debugsource-2.1.0-150000.4.3.1
libyajl2-2.1.0-150000.4.3.1
libyajl2-debuginfo-2.1.0-150000.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24795.html
https://bugzilla.suse.com/1198405
From sle-security-updates at lists.suse.com Wed Sep 7 16:27:02 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:27:02 +0200 (CEST)
Subject: SUSE-SU-2022:3152-1: important: Security update for java-1_8_0-ibm
Message-ID: <20220907162702.7F208FCF4@maintenance.suse.de>
SUSE Security Update: Security update for java-1_8_0-ibm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3152-1
Rating: important
References: #1201684 #1201685 #1201692 #1201694 #1202427
Cross-References: CVE-2022-21540 CVE-2022-21541 CVE-2022-21549
CVE-2022-34169
CVSS scores:
CVE-2022-21540 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21540 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21541 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-21541 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-21549 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-21549 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-34169 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-34169 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for java-1_8_0-ibm fixes the following issues:
Note: the issues listed below were NOT fixed with the previous update
(8.0-7.11).
- Update to Java 8.0 Service Refresh 7 Fix Pack 15 (bsc#1202427):
- CVE-2022-34169: Fixed an integer truncation issue in the Xalan Java
XSLT library that occurred when processing malicious stylesheets
(bsc#1201684).
- CVE-2022-21549: Fixed an issue that could lead to computing negative
random exponentials (bsc#1201685).
- CVE-2022-21541: Fixed a potential bypass of sandbox restrictions in
the Hotspot component (bsc#1201692).
- CVE-2022-21540: Fixed a potential bypass of sandbox restrictions in
the Hotspot component (bsc#1201694)..
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3152=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3152=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3152=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3152=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3152=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3152=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3152=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3152=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
- SUSE OpenStack Cloud 9 (x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64):
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (ppc64le s390x x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
java-1_8_0-ibm-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-alsa-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-devel-1.8.0_sr7.15-30.96.1
java-1_8_0-ibm-plugin-1.8.0_sr7.15-30.96.1
References:
https://www.suse.com/security/cve/CVE-2022-21540.html
https://www.suse.com/security/cve/CVE-2022-21541.html
https://www.suse.com/security/cve/CVE-2022-21549.html
https://www.suse.com/security/cve/CVE-2022-34169.html
https://bugzilla.suse.com/1201684
https://bugzilla.suse.com/1201685
https://bugzilla.suse.com/1201692
https://bugzilla.suse.com/1201694
https://bugzilla.suse.com/1202427
From sle-security-updates at lists.suse.com Wed Sep 7 16:29:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:29:47 +0200 (CEST)
Subject: SUSE-SU-2022:3154-1: moderate: Security update for udisks2
Message-ID: <20220907162947.5893DFCF4@maintenance.suse.de>
SUSE Security Update: Security update for udisks2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3154-1
Rating: moderate
References: #1098797 #1190606
Cross-References: CVE-2021-3802
CVSS scores:
CVE-2021-3802 (NVD) : 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2021-3802 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for udisks2 fixes the following issues:
- CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers
(bsc#1190606).
- Fixed vulnerability that allowed mounting ext4 devices over existing
entries in fstab (bsc#1098797).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3154=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3154=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libudisks2-0-2.8.1-150200.3.3.1
libudisks2-0-debuginfo-2.8.1-150200.3.3.1
libudisks2-0-devel-2.8.1-150200.3.3.1
libudisks2-0_bcache-2.8.1-150200.3.3.1
libudisks2-0_bcache-debuginfo-2.8.1-150200.3.3.1
libudisks2-0_btrfs-2.8.1-150200.3.3.1
libudisks2-0_btrfs-debuginfo-2.8.1-150200.3.3.1
libudisks2-0_lsm-2.8.1-150200.3.3.1
libudisks2-0_lsm-debuginfo-2.8.1-150200.3.3.1
libudisks2-0_lvm2-2.8.1-150200.3.3.1
libudisks2-0_lvm2-debuginfo-2.8.1-150200.3.3.1
libudisks2-0_zram-2.8.1-150200.3.3.1
libudisks2-0_zram-debuginfo-2.8.1-150200.3.3.1
typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1
udisks2-2.8.1-150200.3.3.1
udisks2-debuginfo-2.8.1-150200.3.3.1
udisks2-debugsource-2.8.1-150200.3.3.1
- openSUSE Leap 15.3 (noarch):
udisks2-lang-2.8.1-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libudisks2-0-2.8.1-150200.3.3.1
libudisks2-0-debuginfo-2.8.1-150200.3.3.1
libudisks2-0-devel-2.8.1-150200.3.3.1
typelib-1_0-UDisks-2_0-2.8.1-150200.3.3.1
udisks2-2.8.1-150200.3.3.1
udisks2-debuginfo-2.8.1-150200.3.3.1
udisks2-debugsource-2.8.1-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
udisks2-lang-2.8.1-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-3802.html
https://bugzilla.suse.com/1098797
https://bugzilla.suse.com/1190606
From sle-security-updates at lists.suse.com Wed Sep 7 16:30:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:30:45 +0200 (CEST)
Subject: SUSE-SU-2022:3160-1: moderate: Security update for udisks2
Message-ID: <20220907163045.C75F5FCF4@maintenance.suse.de>
SUSE Security Update: Security update for udisks2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3160-1
Rating: moderate
References: #1098797 #1190606
Cross-References: CVE-2021-3802
CVSS scores:
CVE-2021-3802 (NVD) : 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2021-3802 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for udisks2 fixes the following issues:
- CVE-2021-3802: Fixed insecure defaults in user-accessible mount helpers
(bsc#1190606).
- Fixed vulnerability that allowed mounting ext4 devices over existing
entries in fstab (bsc#1098797).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3160=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3160=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3160=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3160=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3160=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3160=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3160=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3160=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE OpenStack Cloud Crowbar 9 (noarch):
udisks2-lang-2.1.3-3.8.1
- SUSE OpenStack Cloud 9 (x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE OpenStack Cloud 9 (noarch):
udisks2-lang-2.1.3-3.8.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
udisks2-devel-2.1.3-3.8.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
udisks2-lang-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
udisks2-lang-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
udisks2-lang-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
udisks2-lang-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libudisks2-0-2.1.3-3.8.1
libudisks2-0-debuginfo-2.1.3-3.8.1
udisks2-2.1.3-3.8.1
udisks2-debuginfo-2.1.3-3.8.1
udisks2-debugsource-2.1.3-3.8.1
- SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
udisks2-lang-2.1.3-3.8.1
References:
https://www.suse.com/security/cve/CVE-2021-3802.html
https://bugzilla.suse.com/1098797
https://bugzilla.suse.com/1190606
From sle-security-updates at lists.suse.com Wed Sep 7 16:33:21 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 7 Sep 2022 18:33:21 +0200 (CEST)
Subject: SUSE-SU-2022:3159-1: important: Security update for mariadb
Message-ID: <20220907163321.A37F8FCF4@maintenance.suse.de>
SUSE Security Update: Security update for mariadb
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3159-1
Rating: important
References: #1200105 #1201161 #1201162 #1201163 #1201164
#1201165 #1201166 #1201167 #1201168 #1201169
#1201170
Cross-References: CVE-2022-32081 CVE-2022-32082 CVE-2022-32083
CVE-2022-32084 CVE-2022-32085 CVE-2022-32086
CVE-2022-32087 CVE-2022-32088 CVE-2022-32089
CVE-2022-32091
CVSS scores:
CVE-2022-32081 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32081 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32082 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32082 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32083 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32083 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32084 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32084 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32085 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32085 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32086 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32086 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32087 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32087 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32088 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32088 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32089 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32089 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32091 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 10 vulnerabilities and has one errata
is now available.
Description:
This update for mariadb fixes the following issues:
- Updated to 10.6.9:
- CVE-2022-32082: Fixed a reachable assertion that would crash the
server (bsc#1201162).
- CVE-2022-32089: Fixed a segmentation fault that coudl be triggered via
a crafted query (bsc#1201169).
- CVE-2022-32081: Fixed a buffer overflow on instant ADD/DROP of
generated column (bsc#1201161).
- CVE-2022-32091: Fixed a memory corruption issue that could be
triggered via a crafted query (bsc#1201170).
- CVE-2022-32084: Fixed a segmentation fault on INSERT SELECT queries
(bsc#1201164).
- Additionaly, the following issues were previously fixed:
- CVE-2022-32088: Fixed a server crash when using ORDER BY with window
function and UNION(bsc#1201168).
- CVE-2022-32087: Fixed a segmentation fault that could be triggered via
a crafted query (bsc#1201167).
- CVE-2022-32086: Fixed a server crash on INSERT SELECT queries
(bsc#1201166).
- CVE-2022-32085: Fixed a segmentation fault that could be triggered via
a crafted query (bsc#1201165).
- CVE-2022-32083: Fixed a segmentation fault that could be triggered via
a crafted query (bsc#1201163).
Bugfixes:
- Update mysql-systemd-helper to be aware of custom group (bsc#1200105).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3159=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3159=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.6.9-150400.3.12.1
libmariadbd19-10.6.9-150400.3.12.1
libmariadbd19-debuginfo-10.6.9-150400.3.12.1
mariadb-10.6.9-150400.3.12.1
mariadb-bench-10.6.9-150400.3.12.1
mariadb-bench-debuginfo-10.6.9-150400.3.12.1
mariadb-client-10.6.9-150400.3.12.1
mariadb-client-debuginfo-10.6.9-150400.3.12.1
mariadb-debuginfo-10.6.9-150400.3.12.1
mariadb-debugsource-10.6.9-150400.3.12.1
mariadb-galera-10.6.9-150400.3.12.1
mariadb-rpm-macros-10.6.9-150400.3.12.1
mariadb-test-10.6.9-150400.3.12.1
mariadb-test-debuginfo-10.6.9-150400.3.12.1
mariadb-tools-10.6.9-150400.3.12.1
mariadb-tools-debuginfo-10.6.9-150400.3.12.1
- openSUSE Leap 15.4 (noarch):
mariadb-errormessages-10.6.9-150400.3.12.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.6.9-150400.3.12.1
libmariadbd19-10.6.9-150400.3.12.1
libmariadbd19-debuginfo-10.6.9-150400.3.12.1
mariadb-10.6.9-150400.3.12.1
mariadb-client-10.6.9-150400.3.12.1
mariadb-client-debuginfo-10.6.9-150400.3.12.1
mariadb-debuginfo-10.6.9-150400.3.12.1
mariadb-debugsource-10.6.9-150400.3.12.1
mariadb-tools-10.6.9-150400.3.12.1
mariadb-tools-debuginfo-10.6.9-150400.3.12.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
mariadb-errormessages-10.6.9-150400.3.12.1
References:
https://www.suse.com/security/cve/CVE-2022-32081.html
https://www.suse.com/security/cve/CVE-2022-32082.html
https://www.suse.com/security/cve/CVE-2022-32083.html
https://www.suse.com/security/cve/CVE-2022-32084.html
https://www.suse.com/security/cve/CVE-2022-32085.html
https://www.suse.com/security/cve/CVE-2022-32086.html
https://www.suse.com/security/cve/CVE-2022-32087.html
https://www.suse.com/security/cve/CVE-2022-32088.html
https://www.suse.com/security/cve/CVE-2022-32089.html
https://www.suse.com/security/cve/CVE-2022-32091.html
https://bugzilla.suse.com/1200105
https://bugzilla.suse.com/1201161
https://bugzilla.suse.com/1201162
https://bugzilla.suse.com/1201163
https://bugzilla.suse.com/1201164
https://bugzilla.suse.com/1201165
https://bugzilla.suse.com/1201166
https://bugzilla.suse.com/1201167
https://bugzilla.suse.com/1201168
https://bugzilla.suse.com/1201169
https://bugzilla.suse.com/1201170
From sle-security-updates at lists.suse.com Thu Sep 8 07:33:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 09:33:25 +0200 (CEST)
Subject: SUSE-CU-2022:2097-1: Security update of suse/sle15
Message-ID: <20220908073325.6CA00FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2097-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.608
Container Release : 4.22.608
Severity : important
Type : security
References : 1201225 CVE-2022-34903
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3144-1
Released: Wed Sep 7 11:04:23 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a potential signature forgery via injection
into the status line when certain unusual conditions are met (bsc#1201225).
The following package changes have been done:
- gpg2-2.2.5-150000.4.22.1 updated
From sle-security-updates at lists.suse.com Thu Sep 8 07:48:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 09:48:08 +0200 (CEST)
Subject: SUSE-CU-2022:2098-1: Security update of suse/sle15
Message-ID: <20220908074808.58651FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2098-1
Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.671
Container Release : 6.2.671
Severity : important
Type : security
References : 1197178 1198731 1200842 1201225 CVE-2022-34903
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3129-1
Released: Wed Sep 7 04:42:53 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3144-1
Released: Wed Sep 7 11:04:23 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a potential signature forgery via injection
into the status line when certain unusual conditions are met (bsc#1201225).
The following package changes have been done:
- gpg2-2.2.5-150000.4.22.1 updated
- libblkid1-2.33.2-150100.4.24.1 updated
- libfdisk1-2.33.2-150100.4.24.1 updated
- libmount1-2.33.2-150100.4.24.1 updated
- libsmartcols1-2.33.2-150100.4.24.1 updated
- libuuid1-2.33.2-150100.4.24.1 updated
- util-linux-2.33.2-150100.4.24.1 updated
From sle-security-updates at lists.suse.com Thu Sep 8 07:59:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 09:59:42 +0200 (CEST)
Subject: SUSE-CU-2022:2101-1: Security update of suse/389-ds
Message-ID: <20220908075942.3C5A5FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2101-1
Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-16.6 , suse/389-ds:latest
Container Release : 16.6
Severity : moderate
Type : security
References : 1193951 CVE-2020-21913
-----------------------------------------------------------------
The container suse/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
The following package changes have been done:
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- container:sles15-image-15.0.0-27.11.19 updated
From sle-security-updates at lists.suse.com Thu Sep 8 10:24:35 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 12:24:35 +0200 (CEST)
Subject: SUSE-SU-2022:15036-1: moderate: Security update for SUSE Manager
Client Tools
Message-ID: <20220908102435.94702FCF4@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:15036-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200163 #1200566 #1200591 #1201003 #1201082
#1202259 ECO-3319
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Ubuntu 20.04-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has 10 fixes is now available.
Description:
This update fixes the following issues:
salt:
- Put missing dpkgnotify pkgset beacon plugin to the salt-minion package
(bsc#1202259)
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
scap-security-guide:
- Fix the build for RHEL 7 and clones (python-setuptools is used)
- Fix the build for RHEL 9 and clones
- convert one bash emitter to new jinja method. (bsc#1200163)
- Add python3-setuptools for all builds (so it is also used on debian and
centos flavors)
- Updated to 0.1.62 (jsc#ECO-3319)
- Update rhel8 stig to v1r6
- OL7 STIG v2r7 update
- Initial definition of ANSSI BP28 minmal profile for SLE
- Updated to 0.1.61 (jsc#ECO-3319)
- Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7
- Introduce OL9 product
- Implement handling of logical expressions in platform definitions
- Bump disk size constraints to 7gb to avoid occasional disk fulls
failures.
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
* Update translation strings
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS:
zypper in -t patch suse-ubu204ct-client-tools-202208-15036=1
Package List:
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all):
salt-common-3004+ds-1+2.82.1
salt-minion-3004+ds-1+2.82.1
scap-security-guide-ubuntu-0.1.62-2.21.1
spacecmd-4.3.14-2.48.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200163
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1201082
https://bugzilla.suse.com/1202259
From sle-security-updates at lists.suse.com Thu Sep 8 13:27:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:27:25 +0200 (CEST)
Subject: SUSE-SU-2022:15038-1: moderate: Security update for SUSE Manager Salt
Bundle
Message-ID: <20220908132725.B02B8FD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Salt Bundle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:15038-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200566 #1201082
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Ubuntu 20.04-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update fixes the following issues:
venv-salt-minion:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix possible errors on running post install script if semanage is
present on the system, but SELinux is not configured
- Remove unused imports in the venv wrappers
- Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use
it as the destination to install modules
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS:
zypper in -t patch suse-ubu204ct-client-tools-202208-15038=1
Package List:
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64):
venv-salt-minion-3004-2.11.2
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1201082
From sle-security-updates at lists.suse.com Thu Sep 8 13:29:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:29:50 +0200 (CEST)
Subject: SUSE-SU-2022:3199-1: moderate: Security update for
yast2-samba-provision
Message-ID: <20220908132950.142E6FD84@maintenance.suse.de>
SUSE Security Update: Security update for yast2-samba-provision
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3199-1
Rating: moderate
References: #1117597 #1132676 #1140548 #1184897
Cross-References: CVE-2018-17956
CVSS scores:
CVE-2018-17956 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update for yast2-samba-provision fixes the following issues:
Security issue fixed:
- CVE-2018-17956: Fixed a credentials leak (bsc#1117597).
Non-Security issues fixed:
- Stop packaging docdir, it only contained the license which is now in
licensedir. (bsc#1184897)
- Catch and show internal python exceptions. (bsc#1140548)
- Show a dialog with provision details or errors. (bsc#1132676)
- Add metainfo (fate#319035)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3199=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3199=1
Package List:
- openSUSE Leap 15.4 (noarch):
yast2-samba-provision-1.0.5-150400.9.3.3
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch):
yast2-samba-provision-1.0.5-150400.9.3.3
References:
https://www.suse.com/security/cve/CVE-2018-17956.html
https://bugzilla.suse.com/1117597
https://bugzilla.suse.com/1132676
https://bugzilla.suse.com/1140548
https://bugzilla.suse.com/1184897
From sle-security-updates at lists.suse.com Thu Sep 8 13:30:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:30:42 +0200 (CEST)
Subject: SUSE-SU-2022:3184-1: moderate: Security update for SUSE Manager Salt
Bundle
Message-ID: <20220908133042.27F86FD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Salt Bundle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3184-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200566 #1201082
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Debian 10-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update fixes the following issues:
venv-salt-minion:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix possible errors on running post install script if semanage is
present on the system, but SELinux is not configured
- Remove unused imports in the venv wrappers
- Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use
it as the destination to install modules
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Debian 10-CLIENT-TOOLS:
zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-3184=1
Package List:
- SUSE Manager Debian 10-CLIENT-TOOLS (amd64):
venv-salt-minion-3004-2.11.2
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1201082
From sle-security-updates at lists.suse.com Thu Sep 8 13:31:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:31:47 +0200 (CEST)
Subject: SUSE-SU-2022:3194-1: moderate: Security update for SUSE Manager
Server 4.3
Message-ID: <20220908133147.D4C27FD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Server 4.3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3194-1
Rating: moderate
References: #1172179 #1179962 #1186011 #1187028 #1191925
#1194394 #1195455 #1198356 #1198358 #1198944
#1199147 #1199157 #1199523 #1199629 #1199646
#1199656 #1199659 #1199662 #1199663 #1199679
#1199714 #1199727 #1199779 #1199817 #1199874
#1199950 #1199984 #1199998 #1200276 #1200347
#1200532 #1200591 #1200606 #1200707 #1201003
#1201142 #1201189 #1201224 #1201411 #1201498
#1201782 #1201842
Cross-References: CVE-2022-31248
CVSS scores:
CVE-2022-31248 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Manager Server 4.3
______________________________________________________________________________
An update that solves one vulnerability and has 41 fixes is
now available.
Description:
This update fixes the following issues:
apache-commons-csv:
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
apache-commons-math3:
- Fix the URL for the package
- Declare the LICENSE file as license and not doc
drools:
- Declare the LICENSE file as license and not doc
image-sync-formula:
- Update to version 0.1.1658330139.861779d
* Fix deleting of unused boot images
* Support deltas for system images (bsc#1201498)
* Do not try to show changes in images (bsc#1199998)
inter-server-sync:
- Version 0.2.3
* Compress exported sql data #16631
jakarta-commons-validator:
- Declare the LICENSE file as license and not doc
jose4j:
- Declare the LICENSE file as license and not doc
kie-api:
- Declare the LICENSE file as license and not doc
mvel2:
- Declare the LICENSE file as license and not doc
optaplanner:
- Declare the LICENSE file as license and not doc
python-susemanager-retail:
- Update to version 0.1.1658330139.861779d
* Support deltas for system images (bsc#1201498)
* Fix error message on incorrect --log-level arg (bsc#1199727)
python-urlgrabber:
- Fix wrong logic on find_proxy method causing proxy not being used
reprepro:
- Bump up the maxsize on a fixed-size C buffer to avoid breaking on some
autogenerated rust packages
- Flush stdout and stderr before execv of an end hook
- Add support for Zstd compressed debs
- Added alternative package name for db4-devel.
salt-netapi-client:
- Declare the LICENSE file as license and not doc
smdba:
- Declare the LICENSE file as license and not doc
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
spacewalk:
- Version 4.3.5-1
* Simplified PostgreSQL14 requirement.
* Update server-migrator to dist-upgrade to openSUSE 15.4
spacewalk-backend:
- Version 4.3.15-1
* cleanup leftovers from removing unused xmlrpc endpoint
* Fix issues with "http proxy" not being used by reposync in some cases
spacewalk-certs-tools:
- Version 4.3.14-1
* traditional stack bootstrap: install product packages (bsc#1201142)
* display messages to restart services after certificate change
* improve CA Chain checking by comparing authorityKeyIdentifier with
subjectKeyIdentifier
spacewalk-client-tools:
- Version 4.3.11-1
* Update translation strings
spacewalk-config:
- Version 4.3.9-1
* fix posttrans error "RHN-ORG-TRUSTED-SSL-CERT" not found
spacewalk-java:
- Version 4.3.35-1
* Modify parameter type when communicating with the search server
(bsc#1187028)
* Fix hibernate error on deleting an image with delta
* Changed logout method to POST on HTTP API (bsc#1199663)
* Turned API information endpoints public (bsc#1199817)
* Fix typo and ordering of JSON over HTTP API example scripts
* Improved log handling in HTTP API (bsc#1199662)
* set Channel GPG Key info from SCC data
* set GPG Key Url as channel pillar data (bsc#1199984)
* new API endpoint for addErrataUpdate, that take multiple servers as
argument
* Move ImageSync pillars to database (bsc#1199157)
* Fix conflict when system is assigned to multiple instances of the same
formula (bsc#1194394)
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Convert formula integer values when upgrading (bsc#1200347)
* Cleanup salt known_hosts when generating proxy containers config
* Modify proxy containers configuration files set output
* Change proxy containers config to tarball with yaml files
* Fixed date format on scheduler related messages (bsc#1195455)
* Improved dropdown layout handling
* Fix download CSV
* Hide authentication data in PAYG UI (bsc#1199679)
* Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
* Show reboot alert message on all system detail pages (bsc#1199779)
* Show patch as installed in CVE Audit even if successor patch affects
additional packages (bsc#1199646)
* Fix refresh action confirmation message when no system is selected
* Fix Intenal Server Error when URI contains invalid sysid (bsc#1186011)
* Fix notification message on system properties update to ensure style
consistency (bsc#1172179)
* Fix containerized proxy configuration machine name
* Improve CLM channel cloning performance (bsc#1199523)
* Keep the websocket connections alive with ping/pong frames
(bsc#1199874)
* add detection of Ubuntu 22.04
* fix missing remote command history events for big output (bsc#1199656)
* fix api log message references the wrong user (bsc#1179962)
* Consistently use conf value for SPA engine timeout
* fix download of packages with caret sign in the version due to missing
url decode
* Add specific requirement for Cobbler 3.2.1 to not conflict with Leap
15.4
* Fix send login(s) and send password actions to avoid user enumeration
(bsc#1199629) (CVE-2022-31248)
spacewalk-search:
- Version 4.3.6-1
* Add method to handle session id as String
* Migrated from log4j1.x.x to log4j2.x.x
* update ivy development files
spacewalk-setup:
- Version 4.3.10-1
* spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
instead of /etc/httpd/conf.d (bsc#1198356)
* Allow alternative usage of perl-Net-LibIDN2.
spacewalk-utils:
- Version 4.3.13-1
* change gpg key urls to file urls where possible
* spacewalk-hostname-rename now correctly replaces the hostname for the
mgr-sync configuration file (bsc#1198356)
* spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
for spacewalk-setup-cobbler
* Add repositories for Ubuntu 22.04 LTS
* Add AlmaLinux 9 and Oracle Linux 9 to spacewalk-common-channels
* Add missing SLES 15 SP4 client tools repositories to
spacewalk-common-channels.ini
* add deprecation warning for spacewalk-clone-by-date
* Add EPEL8 for Almalinux 8 and Rocky 8 in spacewalk-common-channels.ini
* openSUSE Leap 15.4 repositories
spacewalk-web:
- Version 4.3.23-1
* Update the version for the WebUI
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Handle multi line error messages in proxy containers config creation
* Hide authentication data in PAYG UI (bsc#1199679)
* add textarea to formulas
* Consistently use conf value for SPA engine timeout
* Remove nodejs-packaging as a build requirement
* Update translation strings
subscription-matcher:
- Declare the LICENSE file as license and not doc
susemanager:
- Version 4.3.18-1
* Add missing python3-gnupg to Debian10 bootstrap repo (bsc#1201842)
* Add clients tool product to generate bootstrap repo on OpenSUSE 15.x
(bsc#1201189)
* Add Oracle Linux 9 bootstrap repositories for Uyuni
* Add AlmaLinux 9 bootstrap repositories for Uyuni
* Add Red Hat Enterprise Linux 9 repositories for Uyuni
* Make the Salt Bundle optional for bootstrap repositories for Debian 9
and SUSE Manager Proxy 4.2
* Enable bootstrapping for Ubuntu 22.04 LTS
* fix pg-migrate-x-to-y.sh comment: migration without creating backup
use -f option
* bootstrap repo: set optional packages
* Add python3-contextvars and python3-immutables to missing bootstrap
repos (bsc#1200606)
* Update server-migrator to dist-upgrade to openSUSE 15.4
susemanager-build-keys:
- Version 15.4.3
* Add Uyuni Client Tools key
* Install keys for Client Tools Channels in salt filesystem to be able
to deploy them to clients
* Add openEuler 22.03 key
* Add AlmaLinux 9 key
* Add Oracle Linux 9 keys
* RPM-GPG-KEY-openEuler
* RPM-GPG-KEY-AlmaLinux-9
* RPM-GPG-KEY-oracle
* RPM-GPG-KEY-oracle-backup
susemanager-docs_en:
- Described disabling local repositories in Client Configuration Guide
- Remove misleading installation screen shots in the Installation and
Upgrade Guide (bsc#1201411)
- Fixed Ubuntu 18 Client registration in Client Configuration Guide
(bsc#1201224)
- Removed sle-module-pythonX in VM Installation chapter of Installation
and Upgrade Guide because SUSE Manager 4.3 does not require it
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly
- Removed SUSE Linux Enterprise 11 from the list of supported client
systems
- Update section about changing SSL certificates
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- Fixed 'fast' switch ('-f') of the database migration script in
Installation and Upgrade Guide
- Updated Virtualization chapter in Client Configuration Guide; more
on limitation other than Xen and KVM
- Added information about registering RHEL clients on Azure in the Import
Entitlements and Certificates section of the Client Configuration Guide
(bsc#1198944)
- Fixed VisibleIf documentation in Formula section of the Salt Guide
- Added note about importing CA certifcate in Installation and Upgrade
Guide (bsc#1198358)
- Documented defining monitored targets using file-based service discovery
provided in the Prometheus formula in the Salt Guide
- In Supported Clients and Features chapter in Client Configuration Guide,
remove SUSE Linux Enterprise 11 (bsc#1199147)
- Improve traditional client deprecation statement in Client Configuration
Guide (bsc#1199714)
susemanager-schema:
- Version 4.3.13-1
* update GPG key urls in channels set by spacewalk-common-channels
* add gpg key info to suseProductSCCRepository (bsc#1199984)
* Move ImageSync pillars to database (bsc#1199157)
susemanager-sls:
- Version 4.3.24-1
* Fix issue bootstrap issue with Debian 9 because missing
python3-contextvars (bsc#1201782)
* Fix deploy of SLE Micro CA Certificate (bsc#1200276)
* disable local repos before bootstrap and at highstate (bsc#1191925)
* deploy GPG keys to the clients and define trust in channels
(bsc#1199984)
* Enable basic support for Ubuntu 22.04
* Add port parameter to mgrutil.remove_ssh_known_host
* Prevent possible tracebacks on calling module.run from mgrcompat by
setting proper globals with using LazyLoader
* Fix bootstrapping for Ubuntu 18.04 with classic Salt package
(bsc#1200707)
* create CA certificate symlink on Proxies which might get lost due to
de-installation of the ca package
uyuni-common-libs:
- Version 4.3.5-1
* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'
virtual-host-gatherer:
- Declare the LICENSE file as license and not doc
woodstox:
- Declare the LICENSE file as license and not doc
xmlpull-api:
- Declare the LICENSE file as license and not doc
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3194=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (ppc64le s390x x86_64):
inter-server-sync-0.2.3-150400.3.3.1
inter-server-sync-debuginfo-0.2.3-150400.3.3.1
python3-uyuni-common-libs-4.3.5-150400.3.3.2
reprepro-5.3.0-150400.3.3.1
reprepro-debuginfo-5.3.0-150400.3.3.1
reprepro-debugsource-5.3.0-150400.3.3.1
smdba-1.7.10-0.150400.4.3.1
susemanager-4.3.18-150400.3.3.2
susemanager-tools-4.3.18-150400.3.3.2
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
apache-commons-csv-1.2-150400.3.3.1
apache-commons-math3-3.2-150400.3.3.1
drools-7.17.0-150400.3.3.1
image-sync-formula-0.1.1658330139.861779d-150400.3.3.1
jakarta-commons-validator-1.1.4-21.150400.21.3.4
jose4j-0.5.1-150400.3.3.1
kie-api-7.17.0-150400.3.3.1
mvel2-2.2.6.Final-150400.3.3.1
optaplanner-7.17.0-150400.3.3.1
python3-spacewalk-certs-tools-4.3.14-150400.3.3.2
python3-spacewalk-client-tools-4.3.11-150400.3.3.4
python3-susemanager-retail-1.0.1658330139.861779d-150400.3.3.1
python3-urlgrabber-4.1.0-150400.3.3.1
salt-netapi-client-0.20.0-150400.3.3.5
spacecmd-4.3.14-150400.3.3.2
spacewalk-backend-4.3.15-150400.3.3.5
spacewalk-backend-app-4.3.15-150400.3.3.5
spacewalk-backend-applet-4.3.15-150400.3.3.5
spacewalk-backend-config-files-4.3.15-150400.3.3.5
spacewalk-backend-config-files-common-4.3.15-150400.3.3.5
spacewalk-backend-config-files-tool-4.3.15-150400.3.3.5
spacewalk-backend-iss-4.3.15-150400.3.3.5
spacewalk-backend-iss-export-4.3.15-150400.3.3.5
spacewalk-backend-package-push-server-4.3.15-150400.3.3.5
spacewalk-backend-server-4.3.15-150400.3.3.5
spacewalk-backend-sql-4.3.15-150400.3.3.5
spacewalk-backend-sql-postgresql-4.3.15-150400.3.3.5
spacewalk-backend-tools-4.3.15-150400.3.3.5
spacewalk-backend-xml-export-libs-4.3.15-150400.3.3.5
spacewalk-backend-xmlrpc-4.3.15-150400.3.3.5
spacewalk-base-4.3.23-150400.3.3.4
spacewalk-base-minimal-4.3.23-150400.3.3.4
spacewalk-base-minimal-config-4.3.23-150400.3.3.4
spacewalk-certs-tools-4.3.14-150400.3.3.2
spacewalk-client-tools-4.3.11-150400.3.3.4
spacewalk-common-4.3.5-150400.3.3.2
spacewalk-config-4.3.9-150400.3.3.3
spacewalk-html-4.3.23-150400.3.3.4
spacewalk-java-4.3.35-150400.3.3.5
spacewalk-java-config-4.3.35-150400.3.3.5
spacewalk-java-lib-4.3.35-150400.3.3.5
spacewalk-java-postgresql-4.3.35-150400.3.3.5
spacewalk-postgresql-4.3.5-150400.3.3.2
spacewalk-search-4.3.6-150400.3.3.3
spacewalk-setup-4.3.10-150400.3.3.3
spacewalk-taskomatic-4.3.35-150400.3.3.5
spacewalk-utils-4.3.13-150400.3.3.3
spacewalk-utils-extras-4.3.13-150400.3.3.3
subscription-matcher-0.29-150400.3.3.1
susemanager-build-keys-15.4.3-150400.3.3.1
susemanager-build-keys-web-15.4.3-150400.3.3.1
susemanager-docs_en-4.3-150400.9.3.1
susemanager-docs_en-pdf-4.3-150400.9.3.1
susemanager-retail-tools-1.0.1658330139.861779d-150400.3.3.1
susemanager-schema-4.3.13-150400.3.3.3
susemanager-schema-utility-4.3.13-150400.3.3.3
susemanager-sls-4.3.24-150400.3.3.1
uyuni-config-modules-4.3.24-150400.3.3.1
virtual-host-gatherer-1.0.23-150400.3.3.1
virtual-host-gatherer-Kubernetes-1.0.23-150400.3.3.1
virtual-host-gatherer-Nutanix-1.0.23-150400.3.3.1
virtual-host-gatherer-VMware-1.0.23-150400.3.3.1
virtual-host-gatherer-libcloud-1.0.23-150400.3.3.1
woodstox-4.4.2-150400.3.3.1
xmlpull-api-1.1.3.1-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1172179
https://bugzilla.suse.com/1179962
https://bugzilla.suse.com/1186011
https://bugzilla.suse.com/1187028
https://bugzilla.suse.com/1191925
https://bugzilla.suse.com/1194394
https://bugzilla.suse.com/1195455
https://bugzilla.suse.com/1198356
https://bugzilla.suse.com/1198358
https://bugzilla.suse.com/1198944
https://bugzilla.suse.com/1199147
https://bugzilla.suse.com/1199157
https://bugzilla.suse.com/1199523
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1199646
https://bugzilla.suse.com/1199656
https://bugzilla.suse.com/1199659
https://bugzilla.suse.com/1199662
https://bugzilla.suse.com/1199663
https://bugzilla.suse.com/1199679
https://bugzilla.suse.com/1199714
https://bugzilla.suse.com/1199727
https://bugzilla.suse.com/1199779
https://bugzilla.suse.com/1199817
https://bugzilla.suse.com/1199874
https://bugzilla.suse.com/1199950
https://bugzilla.suse.com/1199984
https://bugzilla.suse.com/1199998
https://bugzilla.suse.com/1200276
https://bugzilla.suse.com/1200347
https://bugzilla.suse.com/1200532
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200606
https://bugzilla.suse.com/1200707
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1201142
https://bugzilla.suse.com/1201189
https://bugzilla.suse.com/1201224
https://bugzilla.suse.com/1201411
https://bugzilla.suse.com/1201498
https://bugzilla.suse.com/1201782
https://bugzilla.suse.com/1201842
From sle-security-updates at lists.suse.com Thu Sep 8 13:36:11 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:36:11 +0200 (CEST)
Subject: SUSE-SU-2022:3172-1: moderate: Security update for SUSE Manager Salt
Bundle
Message-ID: <20220908133611.C638EFD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Salt Bundle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3172-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200566 #1201082
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Manager Proxy 4.3
SUSE Manager Server 4.3
SUSE Manager Tools 15
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update fixes the following issues:
venv-salt-minion:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix possible errors on running post install script if semanage is
present on the system, but SELinux is not configured
- Remove unused imports in the venv wrappers
- Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use
it as the destination to install modules
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 15:
zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3172=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3172=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3172=1
Package List:
- SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):
venv-salt-minion-3004-150000.3.11.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64):
venv-salt-minion-3004-150000.3.11.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64):
venv-salt-minion-3004-150000.3.11.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1201082
From sle-security-updates at lists.suse.com Thu Sep 8 13:37:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:37:25 +0200 (CEST)
Subject: SUSE-SU-2022:15041-1: moderate: Security update for SUSE Manager Salt
Bundle
Message-ID: <20220908133725.BF129FD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Salt Bundle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:15041-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200566 #1201082
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Ubuntu 18.04-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update fixes the following issues:
venv-salt-minion:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix possible errors on running post install script if semanage is
present on the system, but SELinux is not configured
- Remove unused imports in the venv wrappers
- Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use
it as the destination to install modules
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 18.04-CLIENT-TOOLS:
zypper in -t patch suse-ubu184ct-client-tools-202208-15041=1
Package List:
- SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64):
venv-salt-minion-3004-2.11.2
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1201082
From sle-security-updates at lists.suse.com Thu Sep 8 13:42:24 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:42:24 +0200 (CEST)
Subject: SUSE-SU-2022:3177-1: moderate: Security update for SUSE Manager Salt
Bundle
Message-ID: <20220908134224.1E44DFD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Salt Bundle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3177-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200566 #1201082
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Tools 12
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update fixes the following issues:
venv-salt-minion:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix possible errors on running post install script if semanage is
present on the system, but SELinux is not configured
- Remove unused imports in the venv wrappers
- Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use
it as the destination to install modules
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12:
zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3177=1
Package List:
- SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):
venv-salt-minion-3004-3.11.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1201082
From sle-security-updates at lists.suse.com Thu Sep 8 13:41:41 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:41:41 +0200 (CEST)
Subject: SUSE-SU-2022:3208-1: moderate: Security update for libnl3
Message-ID: <20220908134141.8DD8FFD84@maintenance.suse.de>
SUSE Security Update: Security update for libnl3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3208-1
Rating: moderate
References: #1020123
Cross-References: CVE-2017-0386
CVSS scores:
CVE-2017-0386 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2017-0386 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libnl3 fixes the following issues:
- CVE-2017-0386: Fixed an issue that could enable a local malicious
application to execute arbitrary code within the context of a different
process. This only affects setups were libnl is passed untrusted
arguments. (bsc#1020123)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3208=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3208=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libnl3-debugsource-3.2.23-4.7.1
libnl3-devel-3.2.23-4.7.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libnl3-200-3.2.23-4.7.1
libnl3-200-debuginfo-3.2.23-4.7.1
libnl3-debugsource-3.2.23-4.7.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libnl3-200-32bit-3.2.23-4.7.1
libnl3-200-debuginfo-32bit-3.2.23-4.7.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
libnl-config-3.2.23-4.7.1
References:
https://www.suse.com/security/cve/CVE-2017-0386.html
https://bugzilla.suse.com/1020123
From sle-security-updates at lists.suse.com Thu Sep 8 13:44:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:44:05 +0200 (CEST)
Subject: SUSE-SU-2022:3198-1: moderate: Security update for php8-pear
Message-ID: <20220908134405.927E7FD84@maintenance.suse.de>
SUSE Security Update: Security update for php8-pear
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3198-1
Rating: moderate
References: SLE-24728
Cross-References: CVE-2021-32610
CVSS scores:
CVE-2021-32610 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Web Scripting 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
______________________________________________________________________________
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for php8-pear fixes the following issues:
- Add php8-pear to SLE15-SP4 (jsc#SLE-24728)
- Update to 1.10.21
- PEAR 1.10.13
* unsupported protocol - use --force to continue
* Add $this operator to _determineIfPowerpc calls
- Update to 1.10.20
- Archive_Tar 1.4.14
* Properly fix symbolic link path traversal (CVE-2021-32610)
- Archive_Tar 1.4.13
* Relative symlinks failing (out-of path file extraction)
- Archive_Tar 1.4.12
- Archive_Tar 1.4.11
- Archive_Tar 1.4.10
* Fix block padding when the file buffer length is a multiple
of 512 and smaller than Archive_Tar buffer length
* Don't try to copy username/groupname in chroot jail
- provides and obsoletes php7-pear-Archive_Tar, former location
of PEAR/Archive/Tar.php
- Update to version 1.10.19
- PEAR 1.10.12
* adjust dependencies based on new releases
- XML_Util 1.4.5
* fix Trying to access array offset on value of type int
- Update to version 1.10.18
- Remove pear-cacheid-array-check.patch (upstreamed)
- Contents of .filemap are now sorted internally
- Sort contents of .filemap to make build reproducible
- Recommend php7-openssl to allow https sources to be used
- Modify metadata_dir for system configuration only
- Add /var/lib/pear directory where xml files are stored
- Cleanup %files section
- Only use the GPG keys of Chuck Burgess. Extracted from the Release
Manager public keys.
- Add release versions of PEAR modules
- Install metadata files (registry, filemap, channels, ...) in
/var/lib/pear/ instead of /usr/share/php7/PEAR/
- Update to version 1.10.17
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Web Scripting 15-SP4:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3198=1
Package List:
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch):
php8-pear-1.10.21-150400.9.3.1
php8-pecl-1.10.21-150400.9.3.1
References:
https://www.suse.com/security/cve/CVE-2021-32610.html
From sle-security-updates at lists.suse.com Thu Sep 8 13:44:00 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:44:00 +0200 (CEST)
Subject: SUSE-CU-2022:2121-1: Security update of bci/nodejs
Message-ID: <20220908134400.94A46FD84@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2121-1
Container Tags : bci/node:12 , bci/node:12-16.177 , bci/nodejs:12 , bci/nodejs:12-16.177
Container Release : 16.177
Severity : moderate
Type : security
References : 1193951 1198752 1200800 CVE-2020-21913
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
The following package changes have been done:
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- container:sles15-image-15.0.0-17.20.30 updated
From sle-security-updates at lists.suse.com Thu Sep 8 13:45:11 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:45:11 +0200 (CEST)
Subject: SUSE-SU-2022:3178-1: important: Important for SUSE Manager Client
Tools
Message-ID: <20220908134511.A827CFD84@maintenance.suse.de>
SUSE Security Update: Important for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3178-1
Rating: important
References: #1176460 #1180816 #1180942 #1181119 #1181935
#1183684 #1187725 #1188061 #1193585 #1197963
#1199528 #1200142 #1200591 #1200968 #1200970
#1201003 #1202614 SLE-23631 SLE-24133 SLE-24791
Cross-References: CVE-2021-20178 CVE-2021-20180 CVE-2021-20191
CVE-2021-20228 CVE-2021-3447 CVE-2021-3583
CVE-2021-3620
CVSS scores:
CVE-2021-20178 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20178 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-20180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20180 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-20191 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20191 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-20228 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-20228 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-3447 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3447 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVE-2021-3583 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3583 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE-2021-3620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3620 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
SUSE Manager Tools 15
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 7 vulnerabilities, contains three
features and has 10 fixes is now available.
Description:
This update fixes the following issues:
ansible:
- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
* CVE-2021-3620 ansible-connection module discloses sensitive info in
traceback error message (in 2.9.27) (bsc#1187725)
* CVE-2021-3583 Template Injection through yaml multi-line strings with
ansible facts used in template. (in 2.9.23) (bsc#1188061)
* ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15)
(bsc#1176460)
- Update to 2.9.22:
* CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
* CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
* CVE-2021-20191 (bsc#1181119) multiple collections exposes secured
values
* CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes
sensitive values
* CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module
dracut-saltboot:
- Require e2fsprogs (bsc#1202614)
- Update to version 0.1.1657643023.0d694ce
* Update dracut-saltboot dependencies (bsc#1200970)
* Fix network loading when ipappend is used in pxe config
* Add new information messages
golang-github-QubitProducts-exporter_exporter:
- Remove license file from %doc
mgr-daemon:
- Version 4.3.5-1
* Update translation strings
mgr-virtualization:
- Version 4.3.6-1
* Report all VMs in poller, not only running ones (bsc#1199528)
prometheus-blackbox_exporter:
- Exclude s390 arch
python-hwdata:
- Declare the LICENSE file as license and not doc
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
* Update translation strings
spacewalk-client-tools:
- Version 4.3.11-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.5-1
* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'
uyuni-proxy-systemd-services:
- Version 4.3.6-1
* Expose port 80 (bsc#1200142)
* Use volumes rather than bind mounts
* TFTPD to listen on udp port (bsc#1200968)
* Add TAG variable in configuration
* Fix containers namespaces in configuration
zypp-plugin-spacewalk:
- 1.0.13
* Log in before listing channels. (bsc#1197963, bsc#1193585)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3178=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3178=1
- SUSE Manager Tools 15:
zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3178=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3178=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3178=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3178=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3178=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3178=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3178=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3178=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3178=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
prometheus-blackbox_exporter-0.19.0-150000.1.11.1
wire-0.5.0-150000.1.6.1
wire-debuginfo-0.5.0-150000.1.6.1
- openSUSE Leap 15.4 (noarch):
ansible-2.9.27-150000.1.14.1
ansible-doc-2.9.27-150000.1.14.1
ansible-test-2.9.27-150000.1.14.1
dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
python3-hwdata-2.3.5-150000.3.9.1
spacecmd-4.3.14-150000.3.83.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
- openSUSE Leap 15.3 (noarch):
ansible-2.9.27-150000.1.14.1
ansible-doc-2.9.27-150000.1.14.1
ansible-test-2.9.27-150000.1.14.1
dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
python2-hwdata-2.3.5-150000.3.9.1
python3-hwdata-2.3.5-150000.3.9.1
spacecmd-4.3.14-150000.3.83.1
- SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
prometheus-blackbox_exporter-0.19.0-150000.1.11.1
python3-uyuni-common-libs-4.3.5-150000.1.24.1
- SUSE Manager Tools 15 (noarch):
ansible-2.9.27-150000.1.14.1
ansible-doc-2.9.27-150000.1.14.1
dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
mgr-daemon-4.3.5-150000.1.35.1
mgr-virtualization-host-4.3.6-150000.1.32.1
python3-hwdata-2.3.5-150000.3.9.1
python3-mgr-virtualization-common-4.3.6-150000.1.32.1
python3-mgr-virtualization-host-4.3.6-150000.1.32.1
python3-spacewalk-check-4.3.11-150000.3.65.1
python3-spacewalk-client-setup-4.3.11-150000.3.65.1
python3-spacewalk-client-tools-4.3.11-150000.3.65.1
python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
spacecmd-4.3.14-150000.3.83.1
spacewalk-check-4.3.11-150000.3.65.1
spacewalk-client-setup-4.3.11-150000.3.65.1
spacewalk-client-tools-4.3.11-150000.3.65.1
uyuni-proxy-systemd-services-4.3.6-150000.1.6.1
zypp-plugin-spacewalk-1.0.13-150000.3.32.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
python3-hwdata-2.3.5-150000.3.9.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
python3-hwdata-2.3.5-150000.3.9.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
python3-hwdata-2.3.5-150000.3.9.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
prometheus-blackbox_exporter-0.19.0-150000.1.11.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch):
ansible-2.9.27-150000.1.14.1
ansible-doc-2.9.27-150000.1.14.1
python3-hwdata-2.3.5-150000.3.9.1
python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
zypp-plugin-spacewalk-1.0.13-150000.3.32.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
prometheus-blackbox_exporter-0.19.0-150000.1.11.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch):
ansible-2.9.27-150000.1.14.1
ansible-doc-2.9.27-150000.1.14.1
python3-hwdata-2.3.5-150000.3.9.1
python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
zypp-plugin-spacewalk-1.0.13-150000.3.32.1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):
python3-hwdata-2.3.5-150000.3.9.1
python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
zypp-plugin-spacewalk-1.0.13-150000.3.32.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
References:
https://www.suse.com/security/cve/CVE-2021-20178.html
https://www.suse.com/security/cve/CVE-2021-20180.html
https://www.suse.com/security/cve/CVE-2021-20191.html
https://www.suse.com/security/cve/CVE-2021-20228.html
https://www.suse.com/security/cve/CVE-2021-3447.html
https://www.suse.com/security/cve/CVE-2021-3583.html
https://www.suse.com/security/cve/CVE-2021-3620.html
https://bugzilla.suse.com/1176460
https://bugzilla.suse.com/1180816
https://bugzilla.suse.com/1180942
https://bugzilla.suse.com/1181119
https://bugzilla.suse.com/1181935
https://bugzilla.suse.com/1183684
https://bugzilla.suse.com/1187725
https://bugzilla.suse.com/1188061
https://bugzilla.suse.com/1193585
https://bugzilla.suse.com/1197963
https://bugzilla.suse.com/1199528
https://bugzilla.suse.com/1200142
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200968
https://bugzilla.suse.com/1200970
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1202614
From sle-security-updates at lists.suse.com Thu Sep 8 13:47:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:47:27 +0200 (CEST)
Subject: SUSE-SU-2022:15037-1: moderate: Security update for SUSE Manager
Client Tools
Message-ID: <20220908134727.3FA03FD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:15037-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200163 #1200566 #1200591 #1201003 #1201082
#1202259 ECO-3319
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Ubuntu 18.04-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has 10 fixes is now available.
Description:
This update fixes the following issues:
salt:
- Put missing dpkgnotify pkgset beacon plugin to the salt-minion package
(bsc#1202259)
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
scap-security-guide:
- Fix the build for RHEL 7 and clones (python-setuptools is used)
- Fix the build for RHEL 9 and clones
- convert one bash emitter to new jinja method. (bsc#1200163)
- Add python3-setuptools for all builds (so it is also used on debian and
centos flavors)
- Updated to 0.1.62 (jsc#ECO-3319)
- Update rhel8 stig to v1r6
- OL7 STIG v2r7 update
- Initial definition of ANSSI BP28 minmal profile for SLE
- Updated to 0.1.61 (jsc#ECO-3319)
- Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7
- Introduce OL9 product
- Implement handling of logical expressions in platform definitions
- Bump disk size constraints to 7gb to avoid occasional disk fulls
failures.
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
* Update translation strings
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 18.04-CLIENT-TOOLS:
zypper in -t patch suse-ubu184ct-client-tools-202208-15037=1
Package List:
- SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all):
salt-common-3004+ds-1+122.1
salt-minion-3004+ds-1+122.1
scap-security-guide-ubuntu-0.1.62-20.1
spacecmd-4.3.14-50.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200163
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1201082
https://bugzilla.suse.com/1202259
From sle-security-updates at lists.suse.com Thu Sep 8 13:50:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:50:30 +0200 (CEST)
Subject: SUSE-CU-2022:2124-1: Security update of suse/manager/4.3/proxy-squid
Message-ID: <20220908135030.A4FE7FD84@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-squid
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2124-1
Container Tags : suse/manager/4.3/proxy-squid:4.3.1 , suse/manager/4.3/proxy-squid:4.3.1.9.6.1 , suse/manager/4.3/proxy-squid:latest
Container Release : 9.6.1
Severity : important
Type : security
References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557
1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460
1177460 1177460 1177460 1178346 1178350 1178353 1181658 1185637
1188127 1192951 1193282 1193659 1194708 1195059 1195157 1195283
1196490 1196861 1197065 1197178 1197570 1197718 1197771 1197794
1198176 1198341 1198446 1198627 1198720 1198731 1198732 1198751
1199132 1199140 1199166 1199232 1199240 1200170 1200334 1200550
1200734 1200735 1200736 1200737 1200747 1200855 1200855 1201099
1201276 1201385 1201560 1201640 1201795 1202175 1202310 1202593
CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097
CVE-2022-23308 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-32205
CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released: Wed Jul 6 14:15:13 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Type: recommended
Severity: moderate
References: 1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released: Tue Jul 26 14:55:40 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Type: security
Severity: important
References: 1198720,1200747,1201385
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- glibc-2.31-150300.37.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.7.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.4-150400.55.1 updated
- grep-3.1-150000.4.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.8.1 updated
- pam-1.3.0-150000.6.58.3 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 added
- libexpat1-2.4.4-150400.2.24 removed
- libltdl7-2.4.6-3.4.1 removed
- libnettle8-3.7.3-150400.2.21 removed
- libpython3_6m1_0-3.6.15-150300.10.21.1 removed
- libtdb1-1.4.4-150400.1.9 removed
- python3-3.6.15-150300.10.21.1 removed
- python3-PyYAML-5.4.1-1.1 removed
- python3-base-3.6.15-150300.10.21.1 removed
- squid-5.4.1-150400.1.16 removed
From sle-security-updates at lists.suse.com Thu Sep 8 13:49:18 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:49:18 +0200 (CEST)
Subject: SUSE-SU-2022:3170-1: moderate: Security update for SUSE Manager
Client Tools
Message-ID: <20220908134918.68DDEFD84@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3170-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200163 #1200566 #1200591 #1201003 #1201082
#1202259 ECO-3319
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Debian 10-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has 10 fixes is now available.
Description:
This update fixes the following issues:
salt:
- Put missing dpkgnotify pkgset beacon plugin to the salt-minion package
(bsc#1202259)
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore erros on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
scap-security-guide:
- Fix the build for RHEL 7 and clones (python-setuptools is used)
- Fix the build for RHEL 9 and clones
- convert one bash emitter to new jinja method. (bsc#1200163)
- Add python3-setuptools for all builds (so it is also used on debian and
centos flavors)
- Updated to 0.1.62 (jsc#ECO-3319)
- Update rhel8 stig to v1r6
- OL7 STIG v2r7 update
- Initial definition of ANSSI BP28 minmal profile for SLE
- Updated to 0.1.61 (jsc#ECO-3319)
- Stop building PCI-DSS-centric XCCDF benchmark for RHEL 7
- Introduce OL9 product
- Implement handling of logical expressions in platform definitions
- Bump disk size constraints to 7gb to avoid occasional disk fulls
failures.
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
* Update translation strings
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Debian 10-CLIENT-TOOLS:
zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-3170=1
Package List:
- SUSE Manager Debian 10-CLIENT-TOOLS (all):
salt-common-3004+ds-1+2.61.1
salt-minion-3004+ds-1+2.61.1
scap-security-guide-debian-0.1.62-2.21.1
spacecmd-4.3.14-2.33.1
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200163
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1201003
https://bugzilla.suse.com/1201082
https://bugzilla.suse.com/1202259
From sle-security-updates at lists.suse.com Thu Sep 8 13:50:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:50:43 +0200 (CEST)
Subject: SUSE-SU-2022:3207-1: moderate: Security update for libnl-1_1
Message-ID: <20220908135043.A89F9FD84@maintenance.suse.de>
SUSE Security Update: Security update for libnl-1_1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3207-1
Rating: moderate
References: #1020123
Cross-References: CVE-2017-0386
CVSS scores:
CVE-2017-0386 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2017-0386 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libnl-1_1 fixes the following issues:
- CVE-2017-0386: Fixed an issue that could enable a local malicious
application to execute arbitrary code within the context of a different
process. This only affects setups were libnl is passed untrusted
arguments. (bsc#1020123)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3207=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3207=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libnl-1_1-debugsource-1.1.4-6.3.1
libnl-1_1-devel-1.1.4-6.3.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libnl-1_1-debugsource-1.1.4-6.3.1
libnl1-1.1.4-6.3.1
libnl1-debuginfo-1.1.4-6.3.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libnl1-32bit-1.1.4-6.3.1
libnl1-debuginfo-32bit-1.1.4-6.3.1
References:
https://www.suse.com/security/cve/CVE-2017-0386.html
https://bugzilla.suse.com/1020123
From sle-security-updates at lists.suse.com Thu Sep 8 13:50:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:50:19 +0200 (CEST)
Subject: SUSE-CU-2022:2123-1: Security update of
suse/manager/4.3/proxy-salt-broker
Message-ID: <20220908135019.82DB2FD84@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2123-1
Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.1 , suse/manager/4.3/proxy-salt-broker:4.3.1.9.6.1 , suse/manager/4.3/proxy-salt-broker:latest
Container Release : 9.6.1
Severity : important
Type : security
References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557
1137373 1140016 1150451 1160171 1169582 1172055 1177460 1177460
1177460 1177460 1177460 1177460 1178331 1178332 1178346 1178350
1178353 1181475 1181658 1185637 1188127 1192951 1193282 1193659
1194550 1194708 1195059 1195157 1195283 1196025 1196026 1196125
1196168 1196169 1196171 1196490 1196784 1196861 1197065 1197178
1197443 1197570 1197684 1197718 1197771 1197794 1198176 1198341
1198446 1198511 1198627 1198720 1198731 1198732 1198751 1199042
1199132 1199140 1199166 1199232 1199240 1200170 1200334 1200550
1200624 1200734 1200735 1200736 1200737 1200747 1200855 1200855
1201099 1201225 1201276 1201385 1201560 1201640 1201795 1202175
1202310 1202593 CVE-2015-20107 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586
CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236
CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-29155 CVE-2022-29458
CVE-2022-29824 CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208
CVE-2022-34903 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released: Wed Jul 6 14:15:13 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released: Mon Jul 11 20:34:20 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1198511,CVE-2015-20107
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2358-1
Released: Tue Jul 12 04:21:59 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issues:
- Fix handling of keywords in new sysctl.conf (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Type: recommended
Severity: moderate
References: 1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released: Tue Jul 26 14:55:40 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2573-1
Released: Thu Jul 28 04:24:19 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Type: security
Severity: important
References: 1198720,1200747,1201385
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2640-1
Released: Wed Aug 3 10:43:44 2022
Summary: Recommended update for yaml-cpp
Type: recommended
Severity: moderate
References: 1160171,1178331,1178332,1200624
This update for yaml-cpp fixes the following issue:
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old
ABI to prevent ABI breakage and crash of applications compiled with 0.6.1
(bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- glibc-2.31-150300.37.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.7.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libyaml-cpp0_6-0.6.3-150400.4.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libaugeas0-1.12.0-150400.3.3.6 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- procps-3.3.15-150000.7.25.1 updated
- sles-release-15.4-150400.55.1 updated
- grep-3.1-150000.4.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.8.1 updated
- pam-1.3.0-150000.6.58.3 updated
- libzypp-17.30.2-150400.3.3.1 updated
- zypper-1.14.53-150400.3.3.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 added
- curl-7.79.1-150400.5.6.1 added
- openssl-1_1-1.1.1l-150400.7.7.1 updated
- libexpat1-2.4.4-150400.3.6.9 updated
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-3.6.15-150300.10.27.1 updated
From sle-security-updates at lists.suse.com Thu Sep 8 13:50:41 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:50:41 +0200 (CEST)
Subject: SUSE-CU-2022:2125-1: Security update of suse/manager/4.3/proxy-ssh
Message-ID: <20220908135041.D5623FD84@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2125-1
Container Tags : suse/manager/4.3/proxy-ssh:4.3.1 , suse/manager/4.3/proxy-ssh:4.3.1.9.6.1 , suse/manager/4.3/proxy-ssh:latest
Container Release : 9.6.1
Severity : important
Type : security
References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557
1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460
1177460 1177460 1177460 1178346 1178350 1178353 1181658 1185637
1188127 1192951 1193282 1193659 1194708 1195059 1195157 1195283
1196025 1196026 1196168 1196169 1196171 1196490 1196784 1196861
1197065 1197178 1197570 1197718 1197771 1197794 1198176 1198341
1198446 1198511 1198627 1198720 1198731 1198732 1198751 1199132
1199140 1199166 1199232 1199240 1200170 1200334 1200550 1200734
1200735 1200736 1200737 1200747 1200855 1200855 1201099 1201276
1201385 1201560 1201640 1201795 1202175 1202310 1202593 CVE-2015-20107
CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068 CVE-2022-2097
CVE-2022-23308 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314
CVE-2022-25315 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824 CVE-2022-32205
CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S?o Tom? and Pr?ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released: Wed Jul 6 14:15:13 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released: Mon Jul 11 20:34:20 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1198511,CVE-2015-20107
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Type: recommended
Severity: moderate
References: 1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released: Tue Jul 26 14:55:40 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Type: security
Severity: important
References: 1198720,1200747,1201385
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- glibc-2.31-150300.37.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.7.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.4-150400.55.1 updated
- grep-3.1-150000.4.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.8.1 updated
- pam-1.3.0-150000.6.58.3 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 added
- libexpat1-2.4.4-150400.3.6.9 updated
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-3.6.15-150300.10.27.1 updated
From sle-security-updates at lists.suse.com Thu Sep 8 13:50:54 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:50:54 +0200 (CEST)
Subject: SUSE-CU-2022:2126-1: Security update of suse/manager/4.3/proxy-tftpd
Message-ID: <20220908135054.476DBFD84@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2126-1
Container Tags : suse/manager/4.3/proxy-tftpd:4.3.1 , suse/manager/4.3/proxy-tftpd:4.3.1.9.6.1 , suse/manager/4.3/proxy-tftpd:latest
Container Release : 9.6.1
Severity : important
Type : security
References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557
1137373 1140016 1150451 1169582 1172055 1177460 1177460 1177460
1177460 1177460 1177460 1178346 1178350 1178353 1181658 1185637
1188127 1192951 1193282 1193659 1194708 1195059 1195157 1195283
1195916 1196025 1196026 1196168 1196169 1196171 1196490 1196696
1196784 1196861 1197065 1197178 1197570 1197718 1197771 1197794
1198176 1198331 1198341 1198446 1198511 1198627 1198720 1198731
1198732 1198751 1199132 1199140 1199166 1199232 1199240 1200170
1200334 1200550 1200734 1200735 1200736 1200737 1200747 1200771
1200855 1200855 1201099 1201276 1201385 1201560 1201640 1201795
1202175 1202310 1202498 1202498 1202593 CVE-2015-20107 CVE-2020-25659
CVE-2020-29651 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586 CVE-2022-2068
CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313
CVE-2022-25314 CVE-2022-25315 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-32205 CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1909-1
Released: Wed Jun 1 16:25:35 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1198751
This update for glibc fixes the following issues:
- Add the correct name for the IBM Z16 (bsc#1198751).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2019-1
Released: Wed Jun 8 16:50:07 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released: Wed Jul 6 14:15:13 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2355-1
Released: Mon Jul 11 12:44:33 2022
Summary: Recommended update for python-cryptography
Type: recommended
Severity: moderate
References: 1198331,CVE-2020-25659
This update for python-cryptography fixes the following issues:
python-cryptography was updated to 3.3.2.
update to 3.3.0:
* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
* Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
Update to 3.2.1:
Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.
update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
update to 3.1:
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
update to 3.0:
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
Update to 2.9:
* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
* Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
* Added support for parsing single_extensions in an OCSP response.
* NameAttribute values can now be empty strings.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released: Mon Jul 11 20:34:20 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1198511,CVE-2015-20107
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Type: recommended
Severity: moderate
References: 1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released: Tue Jul 26 14:55:40 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Type: security
Severity: important
References: 1198720,1200747,1201385
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released: Wed Aug 17 14:41:07 2022
Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type: security
Severity: moderate
References: 1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released: Mon Sep 5 15:16:02 2022
Summary: Recommended update for python-pyOpenSSL
Type: recommended
Severity: moderate
References: 1200771
This update for python-pyOpenSSL fixes the following issues:
- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).
python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- glibc-2.31-150300.37.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.7.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- sles-release-15.4-150400.55.1 updated
- grep-3.1-150000.4.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.8.1 updated
- pam-1.3.0-150000.6.58.3 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 added
- openssl-1_1-1.1.1l-150400.7.7.1 updated
- libexpat1-2.4.4-150400.3.6.9 updated
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-3.6.15-150300.10.27.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-apipkg-1.4-150000.3.2.1 added
- python3-py-1.10.0-150000.5.9.2 updated
- python3-cryptography-3.3.2-150400.16.3.1 updated
- python3-pyOpenSSL-21.0.0-150400.3.3.1 updated
From sle-security-updates at lists.suse.com Thu Sep 8 13:59:15 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:59:15 +0200 (CEST)
Subject: SUSE-SU-2022:3196-1: moderate: Security update for nodejs16
Message-ID: <20220908135915.B97B7FD84@maintenance.suse.de>
SUSE Security Update: Security update for nodejs16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3196-1
Rating: moderate
References: #1200303 #1200517 #1201710 #1202382 #1202383
Cross-References: CVE-2022-29244 CVE-2022-31150 CVE-2022-35948
CVE-2022-35949
CVSS scores:
CVE-2022-29244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29244 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-31150 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2022-31150 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35948 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35948 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35949 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-35949 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Web Scripting 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for nodejs16 fixes the following issues:
- CVE-2022-35949: Fixed SSRF when an application takes in user input into
the path/pathname option of undici.request (bsc#1202382).
- CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383).
- CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and
.npmignore file exclusion directives when run in a workspace
(bsc#1200517).
- CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710).
Bugfixes:
- Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Web Scripting 12:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-3196=1
Package List:
- SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.0-8.9.1
nodejs16-debuginfo-16.17.0-8.9.1
nodejs16-debugsource-16.17.0-8.9.1
nodejs16-devel-16.17.0-8.9.1
npm16-16.17.0-8.9.1
- SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
nodejs16-docs-16.17.0-8.9.1
References:
https://www.suse.com/security/cve/CVE-2022-29244.html
https://www.suse.com/security/cve/CVE-2022-31150.html
https://www.suse.com/security/cve/CVE-2022-35948.html
https://www.suse.com/security/cve/CVE-2022-35949.html
https://bugzilla.suse.com/1200303
https://bugzilla.suse.com/1200517
https://bugzilla.suse.com/1201710
https://bugzilla.suse.com/1202382
https://bugzilla.suse.com/1202383
From sle-security-updates at lists.suse.com Thu Sep 8 13:58:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 15:58:34 +0200 (CEST)
Subject: SUSE-SU-2022:3190-1: moderate: Security update for libEMF
Message-ID: <20220908135834.DF488FD84@maintenance.suse.de>
SUSE Security Update: Security update for libEMF
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3190-1
Rating: moderate
References: #1173070
Cross-References: CVE-2020-13999
CVSS scores:
CVE-2020-13999 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-13999 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libEMF fixes the following issues:
- CVE-2020-13999: Fixed an integer overflow that could lead to denial
of service via a crafted file (bsc#1173070).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3190=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3190=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
libEMF-debugsource-1.0.7-11.6.1
libEMF1-1.0.7-11.6.1
libEMF1-debuginfo-1.0.7-11.6.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libEMF-debugsource-1.0.7-11.6.1
libEMF-devel-1.0.7-11.6.1
libEMF1-1.0.7-11.6.1
libEMF1-debuginfo-1.0.7-11.6.1
References:
https://www.suse.com/security/cve/CVE-2020-13999.html
https://bugzilla.suse.com/1173070
From sle-security-updates at lists.suse.com Thu Sep 8 14:03:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 16:03:03 +0200 (CEST)
Subject: SUSE-SU-2022:3193-1: important: Security update for postgresql12
Message-ID: <20220908140303.7C63AFD99@maintenance.suse.de>
SUSE Security Update: Security update for postgresql12
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3193-1
Rating: important
References: #1198166 #1202368
Cross-References: CVE-2022-2625
CVSS scores:
CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for postgresql12 fixes the following issues:
- Update to 12.12:
- CVE-2022-2625: Fixed an issue where extension scripts would replace
objects not belonging to that extension (bsc#1202368).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3193=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3193=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3193=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3193=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3193=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3193=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3193=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3193=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
- SUSE OpenStack Cloud 9 (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
postgresql12-debugsource-12.12-3.30.2
postgresql12-devel-12.12-3.30.2
postgresql12-devel-debuginfo-12.12-3.30.2
- SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64):
postgresql12-server-devel-12.12-3.30.2
postgresql12-server-devel-debuginfo-12.12-3.30.2
- SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
postgresql-devel-14-4.17.2
postgresql-server-devel-14-4.17.2
- SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
postgresql12-12.12-3.30.2
postgresql12-contrib-12.12-3.30.2
postgresql12-contrib-debuginfo-12.12-3.30.2
postgresql12-debuginfo-12.12-3.30.2
postgresql12-debugsource-12.12-3.30.2
postgresql12-plperl-12.12-3.30.2
postgresql12-plperl-debuginfo-12.12-3.30.2
postgresql12-plpython-12.12-3.30.2
postgresql12-plpython-debuginfo-12.12-3.30.2
postgresql12-pltcl-12.12-3.30.2
postgresql12-pltcl-debuginfo-12.12-3.30.2
postgresql12-server-12.12-3.30.2
postgresql12-server-debuginfo-12.12-3.30.2
- SUSE Linux Enterprise Server 12-SP5 (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
postgresql12-docs-12.12-3.30.2
- SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
- SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
- SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
postgresql-14-4.17.2
postgresql-contrib-14-4.17.2
postgresql-docs-14-4.17.2
postgresql-plperl-14-4.17.2
postgresql-plpython-14-4.17.2
postgresql-pltcl-14-4.17.2
postgresql-server-14-4.17.2
References:
https://www.suse.com/security/cve/CVE-2022-2625.html
https://bugzilla.suse.com/1198166
https://bugzilla.suse.com/1202368
From sle-security-updates at lists.suse.com Thu Sep 8 14:08:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 16:08:14 +0200 (CEST)
Subject: SUSE-SU-2022:3180-1: moderate: Security update for SUSE Manager Salt
Bundle
Message-ID: <20220908140814.5EC05FD99@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Salt Bundle
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3180-1
Rating: moderate
References: #1195895 #1197288 #1198489 #1198744 #1199372
#1200566 #1201082
Cross-References: CVE-2022-22967
CVSS scores:
CVE-2022-22967 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22967 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Debian 11-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability and has 6 fixes is
now available.
Description:
This update fixes the following issues:
venv-salt-minion:
- Add support for gpgautoimport in zypperpkg module
- Update Salt to work with Jinja >= and <= 3.1.0 (bsc#1198744)
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Make Salt 3004 compatible with pyzmq >= 23.0.0 (bsc#1201082)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Fix possible errors on running post install script if semanage is
present on the system, but SELinux is not configured
- Remove unused imports in the venv wrappers
- Set VENV_PIP_TARGET to /var/lib/venv-salt-minion/local to force PIP use
it as the destination to install modules
- Fix ownership of salt thin directory when using the Salt Bundle
- Set default target for pip from VENV_PIP_TARGET environment variable
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
- Save log to logfile with docker.build
- Use Salt Bundle in dockermod
- Ignore errors on reading license files with dpkg_lowpkg (bsc#1197288)
- Fix PAM auth issue due missing check for PAM_ACCT_MGM return value
(CVE-2022-22967) (bsc#1200566)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Debian 11-CLIENT-TOOLS:
zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-x86_64-2022-3180=1
Package List:
- SUSE Manager Debian 11-CLIENT-TOOLS (amd64):
venv-salt-minion-3004-2.11.2
References:
https://www.suse.com/security/cve/CVE-2022-22967.html
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1197288
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198744
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1200566
https://bugzilla.suse.com/1201082
From sle-security-updates at lists.suse.com Thu Sep 8 14:11:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 16:11:10 +0200 (CEST)
Subject: SUSE-SU-2022:3191-1: moderate: Security update for libEMF
Message-ID: <20220908141110.4A3BDFD99@maintenance.suse.de>
SUSE Security Update: Security update for libEMF
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3191-1
Rating: moderate
References: #1173070
Cross-References: CVE-2020-13999
CVSS scores:
CVE-2020-13999 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-13999 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP3
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libEMF fixes the following issues:
- CVE-2020-13999: Fixed an integer overflow that could lead to denial
of service via a crafted file (bsc#1173070).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3191=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3191=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libEMF-debuginfo-1.0.7-150000.3.6.1
libEMF-debugsource-1.0.7-150000.3.6.1
libEMF-devel-1.0.7-150000.3.6.1
libEMF-utils-1.0.7-150000.3.6.1
libEMF-utils-debuginfo-1.0.7-150000.3.6.1
libEMF1-1.0.7-150000.3.6.1
libEMF1-debuginfo-1.0.7-150000.3.6.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
libEMF-debuginfo-1.0.7-150000.3.6.1
libEMF-debugsource-1.0.7-150000.3.6.1
libEMF1-1.0.7-150000.3.6.1
libEMF1-debuginfo-1.0.7-150000.3.6.1
References:
https://www.suse.com/security/cve/CVE-2020-13999.html
https://bugzilla.suse.com/1173070
From sle-security-updates at lists.suse.com Thu Sep 8 19:22:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 8 Sep 2022 21:22:07 +0200 (CEST)
Subject: SUSE-SU-2022:3212-1: moderate: Security update for rubygem-rake
Message-ID: <20220908192207.257B4FCF4@maintenance.suse.de>
SUSE Security Update: Security update for rubygem-rake
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3212-1
Rating: moderate
References: #1164804
Cross-References: CVE-2020-8130
CVSS scores:
CVE-2020-8130 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2020-8130 (SUSE): 5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-rake fixes the following issues:
- CVE-2020-8130: Fixed a command injection when supplying a filename that
began with the pipe character (bsc#1164804).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Containers 12:
zypper in -t patch SUSE-SLE-Module-Containers-12-2022-3212=1
Package List:
- SUSE Linux Enterprise Module for Containers 12 (x86_64):
ruby2.1-rubygem-rake-10.3.2-9.7.1
References:
https://www.suse.com/security/cve/CVE-2020-8130.html
https://bugzilla.suse.com/1164804
From sle-security-updates at lists.suse.com Fri Sep 9 08:08:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 10:08:53 +0200 (CEST)
Subject: SUSE-CU-2022:2149-1: Security update of suse/manager/4.3/proxy-httpd
Message-ID: <20220909080853.301B6FCF4@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2149-1
Container Tags : suse/manager/4.3/proxy-httpd:4.3.1 , suse/manager/4.3/proxy-httpd:4.3.1.9.7.1 , suse/manager/4.3/proxy-httpd:latest
Container Release : 9.7.1
Severity : important
Type : security
References : 1040589 1073299 1093392 1104700 1112310 1113554 1120402 1130557
1137373 1140016 1150451 1160171 1169582 1172055 1172179 1176460
1177460 1177460 1177460 1177460 1177460 1177460 1178331 1178332
1178346 1178350 1178353 1179962 1180816 1180942 1181119 1181223
1181475 1181658 1181935 1183684 1185637 1186011 1187028 1187725
1188061 1188127 1190462 1191925 1192449 1193282 1193585 1193600
1194351 1194394 1194550 1194708 1195059 1195157 1195455 1196025
1196026 1196125 1196168 1196169 1196171 1196490 1196704 1196784
1197178 1197443 1197507 1197570 1197684 1197689 1197718 1197771
1197794 1197963 1198176 1198331 1198341 1198356 1198358 1198446
1198511 1198627 1198720 1198731 1198732 1198913 1198944 1199042
1199132 1199140 1199147 1199157 1199166 1199232 1199240 1199523
1199524 1199528 1199629 1199646 1199652 1199656 1199659 1199662
1199663 1199679 1199714 1199727 1199779 1199817 1199874 1199950
1199984 1199998 1200110 1200142 1200170 1200276 1200278 1200334
1200338 1200340 1200341 1200345 1200347 1200348 1200350 1200352
1200485 1200532 1200550 1200591 1200591 1200606 1200624 1200707
1200734 1200735 1200736 1200737 1200747 1200771 1200802 1200855
1200855 1200968 1200970 1201003 1201003 1201099 1201142 1201189
1201224 1201225 1201276 1201385 1201411 1201498 1201560 1201640
1201782 1201795 1201842 1202011 1202175 1202310 1202593 1202614
1202724 CVE-2015-20107 CVE-2020-25659 CVE-2021-20178 CVE-2021-20180
CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620
CVE-2022-1292 CVE-2022-1304 CVE-2022-1348 CVE-2022-1586 CVE-2022-1706
CVE-2022-2068 CVE-2022-2097 CVE-2022-23308 CVE-2022-25235 CVE-2022-25236
CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-26377 CVE-2022-28614
CVE-2022-28615 CVE-2022-29155 CVE-2022-29404 CVE-2022-29458 CVE-2022-29824
CVE-2022-30522 CVE-2022-30556 CVE-2022-31248 CVE-2022-31813 CVE-2022-32205
CVE-2022-32206 CVE-2022-32207 CVE-2022-32208 CVE-2022-34903 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:1332-1
Released: Tue Jul 17 09:01:19 2018
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1073299,1093392
This update for timezone provides the following fixes:
- North Korea switches back from +0830 to +09 on 2018-05-05.
- Ireland's standard time is in the summer, with negative DST offset to standard time used
in Winter. (bsc#1073299)
- yast2-country is no longer setting TIMEZONE in /etc/sysconfig/clock and is calling systemd
timedatectl instead. Do not set /etc/localtime on timezone package updates to avoid
setting an incorrect timezone. (bsc#1093392)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2463-1
Released: Thu Oct 25 14:48:34 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1104700,1112310
This update for timezone, timezone-java fixes the following issues:
The timezone database was updated to 2018f:
- Volgograd moves from +03 to +04 on 2018-10-28.
- Fiji ends DST 2019-01-13, not 2019-01-20.
- Most of Chile changes DST dates, effective 2019-04-06 (bsc#1104700)
- Corrections to past timestamps of DST transitions
- Use 'PST' and 'PDT' for Philippine time
- minor code changes to zic handling of the TZif format
- documentation updates
Other bugfixes:
- Fixed a zic problem with the 1948-1951 DST transition in Japan (bsc#1112310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2018:2550-1
Released: Wed Oct 31 16:16:56 2018
Summary: Recommended update for timezone, timezone-java
Type: recommended
Severity: moderate
References: 1113554
This update provides the latest time zone definitions (2018g), including the following change:
- Morocco switched from +00/+01 to permanent +01 effective 2018-10-28 (bsc#1113554)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:102-1
Released: Tue Jan 15 18:02:58 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1120402
This update for timezone fixes the following issues:
- Update 2018i:
S??o Tom?? and Pr??ncipe switches from +01 to +00 on 2019-01-01. (bsc#1120402)
- Update 2018h:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move
Metlakatla, Alaska observes PST this winter only
Guess Morocco will continue to adjust clocks around Ramadan
Add predictions for Iran from 2038 through 2090
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:790-1
Released: Thu Mar 28 12:06:17 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1130557
This update for timezone fixes the following issues:
timezone was updated 2019a:
* Palestine 'springs forward' on 2019-03-30 instead of 2019-03-23
* Metlakatla 'fell back' to rejoin Alaska Time on 2019-01-20 at 02:00
* Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25)
* zic now has an -r option to limit the time range of output data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:1815-1
Released: Thu Jul 11 07:47:55 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1140016
This update for timezone fixes the following issues:
- Timezone update 2019b. (bsc#1140016):
- Brazil no longer observes DST.
- 'zic -b slim' outputs smaller TZif files.
- Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
- Add info about the Crimea situation.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:2762-1
Released: Thu Oct 24 07:08:44 2019
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1150451
This update for timezone fixes the following issues:
- Fiji observes DST from 2019-11-10 to 2020-01-12.
- Norfolk Island starts observing Australian-style DST.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1303-1
Released: Mon May 18 09:40:36 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1169582
This update for timezone fixes the following issues:
- timezone update 2020a. (bsc#1169582)
* Morocco springs forward on 2020-05-31, not 2020-05-24.
* Canada's Yukon advanced to -07 year-round on 2020-03-08.
* America/Nuuk renamed from America/Godthab.
* zic now supports expiration dates for leap second lists.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:1542-1
Released: Thu Jun 4 13:24:37 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1172055
This update for timezone fixes the following issue:
- zdump --version reported 'unknown' (bsc#1172055)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3099-1
Released: Thu Oct 29 19:33:41 2020
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020b (bsc#1177460)
* Revised predictions for Morocco's changes starting in 2023.
* Canada's Yukon changes to -07 on 2020-11-01, not 2020-03-08.
* Macquarie Island has stayed in sync with Tasmania since 2011.
* Casey, Antarctica is at +08 in winter and +11 in summer.
* zic no longer supports -y, nor the TYPE field of Rules.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3123-1
Released: Tue Nov 3 09:48:13 2020
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1177460,1178346,1178350,1178353
This update for timezone fixes the following issues:
- Generate 'fat' timezone files (was default before 2020b). (bsc#1178346, bsc#1178350, bsc#1178353)
- Palestine ends DST earlier than predicted, on 2020-10-24. (bsc#1177460)
- Fiji starts DST later than usual, on 2020-12-20. (bsc#1177460)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:179-1
Released: Wed Jan 20 13:38:51 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
- timezone update 2020f (bsc#1177460)
* 'make rearguard_tarballs' no longer generates a bad rearguard.zi,
fixing a 2020e bug.
- timezone update 2020e (bsc#1177460)
* Volgograd switches to Moscow time on 2020-12-27 at 02:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:301-1
Released: Thu Feb 4 08:46:27 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
- timezone update 2021a (bsc#1177460)
* South Sudan changes from +03 to +02 on 2021-02-01 at 00:00.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2573-1
Released: Thu Jul 29 14:21:52 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1188127
This update for timezone fixes the following issue:
- From systemd v249: when enumerating time zones the timedatectl tool will now consult the 'tzdata.zi' file shipped by
the IANA time zone database package, in addition to 'zone1970.tab', as before. This makes sure time zone aliases are
now correctly supported. This update adds the 'tzdata.zi' file (bsc#1188127).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3883-1
Released: Thu Dec 2 11:47:07 2021
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
Update timezone to 2021e (bsc#1177460)
- Palestine will fall back 10-29 (not 10-30) at 01:00
- Fiji suspends DST for the 2021/2022 season
- 'zic -r' marks unspecified timestamps with '-00'
- Fix a bug in 'zic -b fat' that caused old timestamps to be mishandled in 32-bit-only readers
- Refresh timezone info for china
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1118-1
Released: Tue Apr 5 18:34:06 2022
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References: 1177460
This update for timezone fixes the following issues:
- timezone update 2022a (bsc#1177460):
* Palestine will spring forward on 2022-03-27, not on 03-26
* `zdump -v` now outputs better failure indications
* Bug fixes for code that reads corrupted TZif data
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1655-1
Released: Fri May 13 15:36:10 2022
Summary: Recommended update for pam
Type: recommended
Severity: moderate
References: 1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1670-1
Released: Mon May 16 10:06:30 2022
Summary: Security update for openldap2
Type: security
Severity: important
References: 1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:1718-1
Released: Tue May 17 17:44:43 2022
Summary: Security update for e2fsprogs
Type: security
Severity: important
References: 1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1887-1
Released: Tue May 31 09:24:18 2022
Summary: Recommended update for grep
Type: recommended
Severity: moderate
References: 1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1899-1
Released: Wed Jun 1 10:43:22 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: important
References: 1198176
This update for libtirpc fixes the following issues:
- Add a check for nullpointer in check_address to prevent client from crashing (bsc#1198176)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2118-1
Released: Mon Jun 20 13:04:15 2022
Summary: Recommended update for SUSE Manager Client Tools
Type: recommended
Severity: moderate
References: 1181223,1190462,1193600,1196704,1197507,1197689
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
mgr-cfg:
- Version 4.3.6-1
* Corrected source URL in spec file
* Fix installation problem for SLE15SP4 due missing python-selinux
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
* Remove unused legacy code
mgr-custom-info:
- Version 4.3.3-1
* Remove unused legacy code
mgr-daemon:
- Version 4.3.4-1
* Corrected source URLs in spec file.
* Update translation strings
mgr-osad:
- Version 4.3.6-1
* Corrected source URL in spec file.
* Do not build python 2 package for SLE15SP4 and higher
* Removed spacewalk-selinux dependencies.
* Updated source url.
mgr-push:
- Version 4.3.4-1
* Corrected source URLs in spec file.
mgr-virtualization:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
prometheus-blackbox_exporter:
- Enhanced to build on Enterprise Linux 8
prometheus-postgres_exporter:
- Updated for RHEL8.
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.4-1
* Reorganize python files
spacecmd:
- Version 4.3.11-1
* on full system update call schedulePackageUpdate API (bsc#1197507)
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
* Add proxy config generation subcommand
* Option 'org_createfirst' added to perform initial organization and user creation
* Added gettext build requirement for RHEL.
* Removed RHEL 5 references.
* Include group formulas configuration in spacecmd group_backup and
spacecmd group_restore. This changes backup format to json,
previously used plain text is still supported for reading (bsc#1190462)
* Update translation strings
* Improved event history listing and added new system_eventdetails
command to retrieve the details of an event
* Make schedule_deletearchived to get all actions without display limit
* Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
spacewalk-client-tools:
- Version 4.3.9-1
* Corrected source URLs in spec file.
* do not build python 2 package for SLE15
* Remove unused legacy code
* Update translation strings
spacewalk-koan:
- Version 4.3.5-1
* Corrected source URLs in spec file.
spacewalk-oscap:
- Version 4.3.5-1
* Corrected source URLs in spec file.
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.3-1
* Adapt the package for changes in rhnlib
supportutils-plugin-susemanager-client:
- Version 4.3.2-1
* Add proxy containers config and logs
suseRegisterInfo:
- Version 4.3.3-1
* Bump version to 4.3.0
supportutils-plugin-salt:
- Add support for Salt Bundle
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
* Reorganize python files
* Add decompression of zck files to fileutils
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2294-1
Released: Wed Jul 6 13:34:15 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1196025,1196026,1196168,1196169,1196171,1196784,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315
This update for expat fixes the following issues:
- CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025).
- Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784).
- CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026).
- CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168).
- CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169).
- CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2302-1
Released: Wed Jul 6 13:37:15 2022
Summary: Security update for apache2
Type: security
Severity: important
References: 1198913,1200338,1200340,1200341,1200345,1200348,1200350,1200352,CVE-2022-26377,CVE-2022-28614,CVE-2022-28615,CVE-2022-29404,CVE-2022-30522,CVE-2022-30556,CVE-2022-31813
This update for apache2 fixes the following issues:
- CVE-2022-26377: Fixed possible request smuggling in mod_proxy_ajp (bsc#1200338)
- CVE-2022-28614: Fixed read beyond bounds via ap_rwrite() (bsc#1200340)
- CVE-2022-28615: Fixed read beyond bounds in ap_strcmp_match() (bsc#1200341)
- CVE-2022-29404: Fixed denial of service in mod_lua r:parsebody (bsc#1200345)
- CVE-2022-30556: Fixed information disclosure in mod_lua with websockets (bsc#1200350)
- CVE-2022-30522: Fixed mod_sed denial of service (bsc#1200352)
- CVE-2022-31813: Fixed mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (bsc#1200348)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2305-1
Released: Wed Jul 6 13:38:42 2022
Summary: Security update for curl
Type: security
Severity: important
References: 1200734,1200735,1200736,1200737,CVE-2022-32205,CVE-2022-32206,CVE-2022-32207,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-32205: Set-Cookie denial of service (bsc#1200734)
- CVE-2022-32206: HTTP compression denial of service (bsc#1200735)
- CVE-2022-32207: Unpreserved file permissions (bsc#1200736)
- CVE-2022-32208: FTP-KRB bad message verification (bsc#1200737)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2308-1
Released: Wed Jul 6 14:15:13 2022
Summary: Security update for openssl-1_1
Type: security
Severity: important
References: 1185637,1199166,1200550,1201099,CVE-2022-1292,CVE-2022-2068,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2323-1
Released: Thu Jul 7 12:16:58 2022
Summary: Recommended update for systemd-presets-branding-SLE
Type: recommended
Severity: low
References:
This update for systemd-presets-branding-SLE fixes the following issues:
- Enable suseconnect-keepalive.timer for SUSEConnect (jsc#SLE-23312)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2355-1
Released: Mon Jul 11 12:44:33 2022
Summary: Recommended update for python-cryptography
Type: recommended
Severity: moderate
References: 1198331,CVE-2020-25659
This update for python-cryptography fixes the following issues:
python-cryptography was updated to 3.3.2.
update to 3.3.0:
* BACKWARDS INCOMPATIBLE: The GCM and AESGCM now require 64-bit
to 1024-bit (8 byte to 128 byte) initialization vectors. This
change is to conform with an upcoming OpenSSL release that will
no longer support sizes outside this window.
* BACKWARDS INCOMPATIBLE: When deserializing asymmetric keys we
now raise ValueError rather than UnsupportedAlgorithm when an
unsupported cipher is used. This change is to conform with an
upcoming OpenSSL release that will no longer distinguish
between error types.
* BACKWARDS INCOMPATIBLE: We no longer allow loading of finite
field Diffie-Hellman parameters of less than 512 bits in
length. This change is to conform with an upcoming OpenSSL
release that no longer supports smaller sizes. These keys were
already wildly insecure and should not have been used in any
application outside of testing.
* Added the recover_data_from_signature() function to
RSAPublicKey for recovering the signed data from an RSA
signature.
Update to 3.2.1:
Disable blinding on RSA public keys to address an error with
some versions of OpenSSL.
update to 3.2 (bsc#1178168, CVE-2020-25659):
* CVE-2020-25659: Attempted to make RSA PKCS#1v1.5 decryption more constant time,
to protect against Bleichenbacher vulnerabilities. Due to limitations imposed
by our API, we cannot completely mitigate this vulnerability.
* Added basic support for PKCS7 signing (including SMIME) via PKCS7SignatureBuilder.
update to 3.1:
* **BACKWARDS INCOMPATIBLE:** Removed support for ``idna`` based
:term:`U-label` parsing in various X.509 classes. This support was originally
deprecated in version 2.1 and moved to an extra in 2.5.
* ``backend`` arguments to functions are no longer required and the
default backend will automatically be selected if no ``backend`` is provided.
* Added initial support for parsing certificates from PKCS7 files with
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
and
:func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
.
* Calling ``update`` or ``update_into`` on
:class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with ``data``
longer than 2\ :sup:`31` bytes no longer raises an ``OverflowError``. This
also resolves the same issue in :doc:`/fernet`.
update to 3.0:
* RSA generate_private_key() no longer accepts public_exponent values except
65537 and 3 (the latter for legacy purposes).
* X.509 certificate parsing now enforces that the version field contains
a valid value, rather than deferring this check until version is accessed.
* Deprecated support for Python 2
* Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa
private keys: load_ssh_private_key() for loading and OpenSSH for writing.
* Added support for OpenSSH certificates to load_ssh_public_key().
* Added encrypt_at_time() and decrypt_at_time() to Fernet.
* Added support for the SubjectInformationAccess X.509 extension.
* Added support for parsing SignedCertificateTimestamps in OCSP responses.
* Added support for parsing attributes in certificate signing requests via get_attribute_for_oid().
* Added support for encoding attributes in certificate signing requests via add_attribute().
* On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL???s built-in CSPRNG
instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.
* Added initial support for creating PKCS12 files with serialize_key_and_certificates().
Update to 2.9:
* BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to
low usage and maintenance burden.
* BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed.
Users on older version of OpenSSL will need to upgrade.
* BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed.
* Removed support for calling public_bytes() with no arguments, as per
our deprecation policy. You must now pass encoding and format.
* BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string()
returns the RDNs as required by RFC 4514.
* Added support for parsing single_extensions in an OCSP response.
* NameAttribute values can now be empty strings.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2357-1
Released: Mon Jul 11 20:34:20 2022
Summary: Security update for python3
Type: security
Severity: important
References: 1198511,CVE-2015-20107
This update for python3 fixes the following issues:
- CVE-2015-20107: avoid command injection in the mailcap module (bsc#1198511).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2358-1
Released: Tue Jul 12 04:21:59 2022
Summary: Recommended update for augeas
Type: recommended
Severity: moderate
References: 1197443
This update for augeas fixes the following issues:
- Fix handling of keywords in new sysctl.conf (bsc#1197443)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2361-1
Released: Tue Jul 12 12:05:01 2022
Summary: Security update for pcre
Type: security
Severity: important
References: 1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2396-1
Released: Thu Jul 14 11:57:58 2022
Summary: Security update for logrotate
Type: security
Severity: important
References: 1192449,1199652,1200278,1200802,CVE-2022-1348
This update for logrotate fixes the following issues:
Security issues fixed:
- CVE-2022-1348: Fixed insecure permissions for state file creation (bsc#1199652).
- Improved coredump handing for SUID binaries (bsc#1192449).
Non-security issues fixed:
- Fixed 'logrotate emits unintended warning: keyword size not properly separated, found 0x3d' (bsc#1200278, bsc#1200802).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2406-1
Released: Fri Jul 15 11:49:01 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1197718,1199140,1200334,1200855
This update for glibc fixes the following issues:
- powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334)
- Disable warnings due to deprecated libselinux symbols used by nss and nscd (bsc#1197718)
- i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718)
- rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051)
This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2469-1
Released: Thu Jul 21 04:38:31 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1137373,1181658,1194708,1195157,1197570,1198732,1200170,1201276
This update for systemd fixes the following issues:
- Make {/etc,/usr/lib}/systemd/network owned by both udev and systemd-network. The configuration files put in these
directories are read by both udevd and systemd-networkd (bsc#1201276)
- Allow control characters in environment variable values (bsc#1200170)
- Fix issues with multipath setup (bsc#1137373, bsc#1181658, bsc#1194708, bsc#1195157, bsc#1197570)
- Fix parsing error in s390 udev rules conversion script (bsc#1198732)
- core/device: device_coldplug(): don't set DEVICE_DEAD
- core/device: do not downgrade device state if it is already enumerated
- core/device: drop unnecessary condition
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2488-1
Released: Thu Jul 21 12:15:27 2022
Summary: Feature update for python-python-debian
Type: feature
Severity: moderate
References:
This feature update for python-python-debian provides:
- Rename python-debian to python-python-debian according to the Python packaging guidelines (jsc#SLE-24672)
- Provide python-python-debian version 0.1.44 (jsc#SLE-24672)
* Add support for zstd compression in .deb files
* Use logging.warning rather than warnings for data problems.
* Support for finding files (including changelog.Debian.gz) that are beyond a symlink within the package
* Update packaging for zstd compressed .deb code
* Annotate binutils build-dep with
* Update Standards-Version to 4.6.1
* Various improvements to the round-trip-safe deb822 parser
* Support the Files-Included field in debian/copyright
* Fix URL for API documentation in README.rst
* RTS parser: minor documentation fixes
* Declare minimum Python version of 3.5 for most modules except the RTS parser. Add CI testing with Python 3.5
* RTS parser: Handle leading tabs for setting values
* RTS parser: Preserve original field case
* RTS parser: Expose str type for keys in paragraphs
* Use logging for warnings about data that's being read, rather than the warnings module
* Fix type checks for mypy 0.910
* Silence lintian complaint about touching the dpkg database in the examples
* Add RTS parser to setup.py so that it is installed.
* Add copyright attribution for RTS parser
* RTS parser: Accept tabs as continuation line marker
* Interpretation: Preserve tab as continuation line if used
* RTS parser: Make value interpretation tokenization consistent
* RTS parser: Add interpretation for Uploaders field
* Add contextmanager to DebFile
* Added format/comment preserving deb822 parser as debian._deb822_repro.
* Add Build-Depends-Arch, Build-Conflicts-Arch to list of relationship fields
* In debian.changelog.get_maintainer, cope with unknown UIDs
* Numerous enhancements to the deb822.BuildInfo class
* Include portability patch for pwd module on Windows
* Drop the deb822.BuildInfo.get_debian_suite function
* Move re.compile calls out of functions
* Revert unintended renaming of Changelog.get_version/set_version
* Add a type for .buildinfo files (deb822.BuildInfo)
* Add support for SHA1-Download and SHA256-* variants in PdiffIndex class for .diff/Index files
* Permit single-character package names in dependency relationship specifications
* Update to debhelper-compat (= 13)
* Update examples to use #!/usr/bin/python3
* Fix tabs vs spaces in examples.
* Provide accessor for source package version for binary packages
* Allow debian_support.PackageFile to accept StringIO as well as BytesIO
* Change handling of case-insensitive field names to allow Deb822 objects to be serialised
* Add SHA265 support to handling of pdiffs
* Add support for additional headers for merged pdiffs to PDiffIndex
* Add a debian.watch module for parsing watch files
* Prevent stripping of last newline in initial lines before changelog files
* Add a Copyright.files_excluded field
* Allow specifying allow_missing_author when reserializing changelog entries
* Drop python2 support (from version 0.1.37)
* Add Rules-Requires-Root: no
* Parse Built-Using relationship fields
* Extend Deb822 parser to allow underscores in the field name
* Add accessors for Version objects from Deb822
- Remove superfluous devel dependency for noarch package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2493-1
Released: Thu Jul 21 14:35:08 2022
Summary: Recommended update for rpm-config-SUSE
Type: recommended
Severity: moderate
References: 1193282
This update for rpm-config-SUSE fixes the following issues:
- Add SBAT values macros for other packages (bsc#1193282)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2494-1
Released: Thu Jul 21 15:16:42 2022
Summary: Recommended update for glibc
Type: recommended
Severity: important
References: 1200855,1201560,1201640
This update for glibc fixes the following issues:
- Remove tunables from static tls surplus patch which caused crashes (bsc#1200855)
- i386: Disable check_consistency for GCC 5 and above (bsc#1201640, BZ #25788)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2546-1
Released: Mon Jul 25 14:43:22 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1196125,1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a status injection vulnerability (bsc#1201225).
- Use AES as default cipher instead of 3DES when we are in FIPS mode. (bsc#1196125)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2552-1
Released: Tue Jul 26 14:55:40 2022
Summary: Security update for libxml2
Type: security
Severity: important
References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
Update to 2.9.14:
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
Update to version 2.9.13:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes. (bsc#1196490)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2573-1
Released: Thu Jul 28 04:24:19 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2632-1
Released: Wed Aug 3 09:51:00 2022
Summary: Security update for permissions
Type: security
Severity: important
References: 1198720,1200747,1201385
This update for permissions fixes the following issues:
* apptainer: fix starter-suid location (bsc#1198720)
* static permissions: remove deprecated bind / named chroot entries (bsc#1200747)
* postfix: add postlog setgid for maildrop binary (bsc#1201385)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2640-1
Released: Wed Aug 3 10:43:44 2022
Summary: Recommended update for yaml-cpp
Type: recommended
Severity: moderate
References: 1160171,1178331,1178332,1200624
This update for yaml-cpp fixes the following issue:
- Version 0.6.3 changed ABI without changing SONAME. Re-add symbol from the old
ABI to prevent ABI breakage and crash of applications compiled with 0.6.1
(bsc#1200624, bsc#1178332, bsc#1178331, bsc#1160171).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3021-1
Released: Mon Sep 5 11:57:55 2022
Summary: Recommended update for python-dmidecode
Type: recommended
Severity: moderate
References: 1194351
This update for python-dmidecode fixes the following issues:
- Fixed memory map size for 'Type Detail' (bsc#1194351)
- Use update-alternatives mechanism instead of shared subpackage.
- Realign the spec file for python singlespec
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released: Mon Sep 5 15:16:02 2022
Summary: Recommended update for python-pyOpenSSL
Type: recommended
Severity: moderate
References: 1200771
This update for python-pyOpenSSL fixes the following issues:
- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).
python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3135-1
Released: Wed Sep 7 08:39:31 2022
Summary: Recommended update for hwdata
Type: recommended
Severity: low
References: 1200110
This update for hwdata fixes the following issue:
- Update pci, usb and vendor ids to version 0.360 (bsc#1200110)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3178-1
Released: Thu Sep 8 09:35:05 2022
Summary: Important security update for SUSE Manager Client Tools
Type: security
Severity: important
References: 1176460,1180816,1180942,1181119,1181935,1183684,1187725,1188061,1193585,1197963,1199528,1200142,1200591,1200968,1200970,1201003,1202614,CVE-2021-20178,CVE-2021-20180,CVE-2021-20191,CVE-2021-20228,CVE-2021-3447,CVE-2021-3583,CVE-2021-3620
This update fixes the following issues:
ansible:
- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
* CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)
* CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061)
* ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
- Update to 2.9.22:
* CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
* CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
* CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
* CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
* CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module
dracut-saltboot:
- Require e2fsprogs (bsc#1202614)
- Update to version 0.1.1657643023.0d694ce
* Update dracut-saltboot dependencies (bsc#1200970)
* Fix network loading when ipappend is used in pxe config
* Add new information messages
golang-github-QubitProducts-exporter_exporter:
- Remove license file from %doc
mgr-daemon:
- Version 4.3.5-1
* Update translation strings
mgr-virtualization:
- Version 4.3.6-1
* Report all VMs in poller, not only running ones (bsc#1199528)
prometheus-blackbox_exporter:
- Exclude s390 arch
python-hwdata:
- Declare the LICENSE file as license and not doc
spacecmd:
- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
* Update translation strings
spacewalk-client-tools:
- Version 4.3.11-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.5-1
* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'
uyuni-proxy-systemd-services:
- Version 4.3.6-1
* Expose port 80 (bsc#1200142)
* Use volumes rather than bind mounts
* TFTPD to listen on udp port (bsc#1200968)
* Add TAG variable in configuration
* Fix containers namespaces in configuration
zypp-plugin-spacewalk:
- 1.0.13
* Log in before listing channels. (bsc#1197963, bsc#1193585)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3194-1
Released: Thu Sep 8 10:04:36 2022
Summary: Security update for SUSE Manager 4.3: Server and Proxy
Type: security
Severity: moderate
References: 1172179,1179962,1186011,1187028,1191925,1194394,1195455,1198356,1198358,1198944,1199147,1199157,1199523,1199629,1199646,1199656,1199659,1199662,1199663,1199679,1199714,1199727,1199779,1199817,1199874,1199950,1199984,1199998,1200276,1200347,1200532,1200591,1200606,1200707,1201003,1201142,1201189,1201224,1201411,1201498,1201782,1201842,1202724,CVE-2022-31248
Security update for SUSE Manager 4.3: Server and Proxy
The following package changes have been done:
- libldap-data-2.4.46-150200.14.11.2 updated
- libtirpc-netconfig-1.2.6-150300.3.6.1 updated
- glibc-2.31-150300.37.1 updated
- libcrypt1-4.4.15-150300.4.4.3 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libcom_err2-1.46.4-150400.3.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.9.1 updated
- libstdc++6-11.3.0+git1637-150000.1.9.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.1l-150400.7.7.1 updated
- libopenssl1_1-hmac-1.1.1l-150400.7.7.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libxml2-2-2.9.14-150400.5.7.1 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libyaml-cpp0_6-0.6.3-150400.4.3.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libaugeas0-1.12.0-150400.3.3.6 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- procps-3.3.15-150000.7.25.1 updated
- sles-release-15.4-150400.55.1 updated
- grep-3.1-150000.4.6.1 updated
- libtirpc3-1.2.6-150300.3.6.1 updated
- gpg2-2.2.27-150300.3.5.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- rpm-config-SUSE-1-150400.14.3.1 updated
- permissions-20201225-150400.5.8.1 updated
- pam-1.3.0-150000.6.58.3 updated
- libzypp-17.30.2-150400.3.3.1 updated
- zypper-1.14.53-150400.3.3.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 added
- curl-7.79.1-150400.5.6.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libexpat1-2.4.4-150400.3.6.9 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- zstd-1.5.0-150400.1.71 added
- libpython3_6m1_0-3.6.15-150300.10.27.1 updated
- python3-base-3.6.15-150300.10.27.1 updated
- python3-3.6.15-150300.10.27.1 updated
- systemd-presets-branding-SLE-15.1-150100.20.11.1 updated
- python3-uyuni-common-libs-4.3.5-150400.3.3.2 updated
- hwdata-0.360-150000.3.48.1 updated
- apache2-utils-2.4.51-150400.6.3.1 updated
- systemd-249.12-150400.8.10.1 updated
- python3-python-debian-0.1.44-150400.9.3.1 added
- python3-hwdata-2.3.5-150000.3.9.1 updated
- logrotate-3.18.1-150400.3.7.1 updated
- apache2-2.4.51-150400.6.3.1 updated
- apache2-prefork-2.4.51-150400.6.3.1 updated
- python3-cryptography-3.3.2-150400.16.3.1 updated
- python3-pyOpenSSL-21.0.0-150400.3.3.1 updated
- spacewalk-backend-4.3.15-150400.3.3.5 updated
- python3-libxml2-2.9.14-150400.5.7.1 updated
- python3-dmidecode-3.12.2-150400.14.3.1 updated
- python3-spacewalk-client-tools-4.3.11-150400.3.3.4 updated
- spacewalk-client-tools-4.3.11-150400.3.3.4 updated
- spacewalk-proxy-package-manager-4.3.12-150400.3.5.1 updated
- spacewalk-proxy-common-4.3.12-150400.3.5.1 updated
- spacewalk-proxy-broker-4.3.12-150400.3.5.1 updated
- spacewalk-proxy-redirect-4.3.12-150400.3.5.1 updated
- binutils-2.37-150100.7.29.1 removed
- bzip2-1.0.8-150400.1.122 removed
- cpp-7-3.9.1 removed
- cpp7-7.5.0+r278197-4.30.1 removed
- crypto-policies-20210917.c9d86d1-150400.1.7 removed
- dwz-0.12-1.483 removed
- file-5.32-7.14.1 removed
- gcc-7-3.9.1 removed
- gcc7-7.5.0+r278197-4.30.1 removed
- gettext-runtime-0.20.2-1.43 removed
- gettext-tools-0.20.2-1.43 removed
- glibc-devel-2.31-150300.26.5 removed
- glibc-locale-2.31-150300.26.5 removed
- glibc-locale-base-2.31-150300.26.5 removed
- gzip-1.10-150200.10.1 removed
- libasan4-7.5.0+r278197-4.30.1 removed
- libatomic1-11.3.0+git1637-150000.1.9.1 removed
- libcilkrts5-7.5.0+r278197-4.30.1 removed
- libctf-nobfd0-2.37-150100.7.29.1 removed
- libctf0-2.37-150100.7.29.1 removed
- libgomp1-11.3.0+git1637-150000.1.9.1 removed
- libisl15-0.18-1.443 removed
- libitm1-11.3.0+git1637-150000.1.9.1 removed
- liblsan0-11.3.0+git1637-150000.1.9.1 removed
- libmpc3-1.1.0-1.47 removed
- libmpfr6-4.0.2-3.3.1 removed
- libmpx2-8.2.1+r264010-150000.1.6.4 removed
- libmpxwrappers2-8.2.1+r264010-150000.1.6.4 removed
- libtextstyle0-0.20.2-1.43 removed
- libtsan0-11.3.0+git1637-150000.1.9.1 removed
- libubsan0-7.5.0+r278197-4.30.1 removed
- libxcrypt-devel-4.4.15-150300.4.2.41 removed
- linux-glibc-devel-5.14-150400.4.44 removed
- make-4.2.1-7.3.2 removed
- openssl-1.1.1l-150400.1.5 removed
- openssl-1_1-1.1.1l-150400.5.14 removed
- patch-2.7.6-150000.5.3.1 removed
- perl-5.26.1-150300.17.3.1 removed
- perl-DBI-1.642-3.9.1 removed
- perl-Module-Implementation-0.09-1.22 removed
- perl-Module-Runtime-0.016-1.17 removed
- perl-Params-Validate-1.29-1.25 removed
- perl-Try-Tiny-0.30-1.17 removed
- python-rpm-macros-20220106.80d3756-150400.1.44 removed
- python3-debian-0.1.31-3.19 removed
- python3-spacewalk-certs-tools-4.3.13-150400.1.1 removed
- rpm-build-4.14.3-150300.46.1 removed
- spacewalk-base-minimal-4.3.20-150400.1.2 removed
- spacewalk-base-minimal-config-4.3.20-150400.1.2 removed
- spacewalk-certs-tools-4.3.13-150400.1.1 removed
- spacewalk-ssl-cert-check-4.3.2-150400.1.29 removed
- sudo-1.9.9-150400.2.5 removed
- susemanager-build-keys-15.3.5-150400.1.12 removed
- susemanager-build-keys-web-15.3.5-150400.1.12 removed
- systemd-rpm-macros-11-7.27.1 removed
- tar-1.34-150000.3.12.1 removed
From sle-security-updates at lists.suse.com Fri Sep 9 10:20:02 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 12:20:02 +0200 (CEST)
Subject: SUSE-SU-2022:3225-1: important: Security update for mariadb
Message-ID: <20220909102002.39194FCF4@maintenance.suse.de>
SUSE Security Update: Security update for mariadb
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3225-1
Rating: important
References: #1197459 #1200105 #1201161 #1201163 #1201164
#1201165 #1201166 #1201167 #1201168 #1201169
#1201170
Cross-References: CVE-2018-25032 CVE-2022-32081 CVE-2022-32083
CVE-2022-32084 CVE-2022-32085 CVE-2022-32086
CVE-2022-32087 CVE-2022-32088 CVE-2022-32089
CVE-2022-32091
CVSS scores:
CVE-2018-25032 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2018-25032 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32081 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32081 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32083 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32083 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32084 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32084 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32085 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32085 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32086 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32086 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32087 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32087 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32088 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32088 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32089 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32089 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32091 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves 10 vulnerabilities and has one errata
is now available.
Description:
This update for mariadb fixes the following issues:
Update to 10.4.26:
- CVE-2022-32089 (bsc#1201169)
- CVE-2022-32081 (bsc#1201161)
- CVE-2022-32091 (bsc#1201170)
- CVE-2022-32084 (bsc#1201164)
- CVE-2018-25032 (bsc#1197459)
- CVE-2022-32088 (bsc#1201168)
- CVE-2022-32087 (bsc#1201167)
- CVE-2022-32086 (bsc#1201166)
- CVE-2022-32085 (bsc#1201165)
- CVE-2022-32083 (bsc#1201163)
Bugfixes:
- Update mysql-systemd-helper to be aware of custom group (bsc#1200105).
External references:
- https://mariadb.com/kb/en/library/mariadb-10426-release-notes
- https://mariadb.com/kb/en/library/mariadb-10426-changelog
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3225=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3225=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3225=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3225=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3225=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3225=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3225=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3225=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3225=1
Package List:
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Manager Server 4.1 (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Manager Proxy 4.1 (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Manager Proxy 4.1 (x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libmariadbd-devel-10.4.26-150200.3.31.1
libmariadbd19-10.4.26-150200.3.31.1
libmariadbd19-debuginfo-10.4.26-150200.3.31.1
mariadb-10.4.26-150200.3.31.1
mariadb-client-10.4.26-150200.3.31.1
mariadb-client-debuginfo-10.4.26-150200.3.31.1
mariadb-debuginfo-10.4.26-150200.3.31.1
mariadb-debugsource-10.4.26-150200.3.31.1
mariadb-tools-10.4.26-150200.3.31.1
mariadb-tools-debuginfo-10.4.26-150200.3.31.1
- SUSE Enterprise Storage 7 (noarch):
mariadb-errormessages-10.4.26-150200.3.31.1
References:
https://www.suse.com/security/cve/CVE-2018-25032.html
https://www.suse.com/security/cve/CVE-2022-32081.html
https://www.suse.com/security/cve/CVE-2022-32083.html
https://www.suse.com/security/cve/CVE-2022-32084.html
https://www.suse.com/security/cve/CVE-2022-32085.html
https://www.suse.com/security/cve/CVE-2022-32086.html
https://www.suse.com/security/cve/CVE-2022-32087.html
https://www.suse.com/security/cve/CVE-2022-32088.html
https://www.suse.com/security/cve/CVE-2022-32089.html
https://www.suse.com/security/cve/CVE-2022-32091.html
https://bugzilla.suse.com/1197459
https://bugzilla.suse.com/1200105
https://bugzilla.suse.com/1201161
https://bugzilla.suse.com/1201163
https://bugzilla.suse.com/1201164
https://bugzilla.suse.com/1201165
https://bugzilla.suse.com/1201166
https://bugzilla.suse.com/1201167
https://bugzilla.suse.com/1201168
https://bugzilla.suse.com/1201169
https://bugzilla.suse.com/1201170
From sle-security-updates at lists.suse.com Fri Sep 9 16:22:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 18:22:17 +0200 (CEST)
Subject: SUSE-SU-2022:3230-1: important: Security update for gdk-pixbuf
Message-ID: <20220909162217.DAD71FCF4@maintenance.suse.de>
SUSE Security Update: Security update for gdk-pixbuf
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3230-1
Rating: important
References: #1194633
Cross-References: CVE-2021-44648
CVSS scores:
CVE-2021-44648 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-44648 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for gdk-pixbuf fixes the following issues:
- CVE-2021-44648: Fixed overflow vulnerability in lzw code size
(bsc#1194633).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3230=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3230=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3230=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3230=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3230=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3230=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3230=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3230=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3230=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3230=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3230=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3230=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3230=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3230=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- openSUSE Leap 15.3 (x86_64):
gdk-pixbuf-devel-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-devel-32bit-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- openSUSE Leap 15.3 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Manager Server 4.1 (x86_64):
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Manager Server 4.1 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Manager Proxy 4.1 (x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Manager Proxy 4.1 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
gdk-pixbuf-debugsource-2.40.0-150200.3.9.1
gdk-pixbuf-devel-2.40.0-150200.3.9.1
gdk-pixbuf-devel-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-debuginfo-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-2.40.0-150200.3.9.1
gdk-pixbuf-thumbnailer-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-debuginfo-2.40.0-150200.3.9.1
typelib-1_0-GdkPixbuf-2_0-2.40.0-150200.3.9.1
typelib-1_0-GdkPixdata-2_0-2.40.0-150200.3.9.1
- SUSE Enterprise Storage 7 (x86_64):
gdk-pixbuf-query-loaders-32bit-2.40.0-150200.3.9.1
gdk-pixbuf-query-loaders-32bit-debuginfo-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-2.40.0-150200.3.9.1
libgdk_pixbuf-2_0-0-32bit-debuginfo-2.40.0-150200.3.9.1
- SUSE Enterprise Storage 7 (noarch):
gdk-pixbuf-lang-2.40.0-150200.3.9.1
References:
https://www.suse.com/security/cve/CVE-2021-44648.html
https://bugzilla.suse.com/1194633
From sle-security-updates at lists.suse.com Fri Sep 9 16:24:52 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 18:24:52 +0200 (CEST)
Subject: SUSE-SU-2022:3229-1: important: Security update for vim
Message-ID: <20220909162452.A88B1FCF4@maintenance.suse.de>
SUSE Security Update: Security update for vim
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3229-1
Rating: important
References: #1200270 #1200697 #1200698 #1200700 #1200701
#1200732 #1200884 #1200902 #1200903 #1200904
#1201132 #1201133 #1201134 #1201135 #1201136
#1201150 #1201151 #1201152 #1201153 #1201154
#1201155 #1201249 #1201356 #1201359 #1201363
#1201620 #1201863 #1202046 #1202049 #1202050
#1202051 #1202414 #1202420 #1202421 #1202511
#1202512 #1202515 #1202552 #1202599 #1202687
#1202689 #1202862
Cross-References: CVE-2022-1720 CVE-2022-1968 CVE-2022-2124
CVE-2022-2125 CVE-2022-2126 CVE-2022-2129
CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208
CVE-2022-2210 CVE-2022-2231 CVE-2022-2257
CVE-2022-2264 CVE-2022-2284 CVE-2022-2285
CVE-2022-2286 CVE-2022-2287 CVE-2022-2304
CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
CVE-2022-2522 CVE-2022-2571 CVE-2022-2580
CVE-2022-2581 CVE-2022-2598 CVE-2022-2816
CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
CVE-2022-2849 CVE-2022-2862 CVE-2022-2874
CVE-2022-2889 CVE-2022-2923 CVE-2022-2946
CVE-2022-3016
CVSS scores:
CVE-2022-1720 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1720 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-1968 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-1968 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2022-2124 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2124 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2125 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2125 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2126 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2126 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2129 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2129 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2175 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2175 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2182 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2182 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
CVE-2022-2183 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2183 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2022-2206 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2206 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
CVE-2022-2207 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2207 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2208 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2208 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2210 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2210 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-2231 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2231 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2257 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2257 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2264 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2264 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2284 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2284 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2285 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2285 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2022-2286 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2286 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2287 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CVE-2022-2287 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2304 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2304 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-2343 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2343 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2344 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2344 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2345 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2345 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2522 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2522 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2571 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2571 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-2580 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2580 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-2581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2581 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CVE-2022-2598 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2598 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2816 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2816 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2817 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2817 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2819 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2819 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2845 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2845 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2849 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2849 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2862 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2862 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
CVE-2022-2874 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2874 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2889 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2889 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2923 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2923 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-2946 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2946 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
CVE-2022-3016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3016 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 40 vulnerabilities and has two fixes
is now available.
Description:
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent()
(bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through
parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg()
(bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl()
(bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim
prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to
9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to
9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock()
(bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar()
(bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent()
(bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk()
(bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both()
(bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name()
(bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer
overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk()
(bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check()
(bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special()
(bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr()
(bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand
(bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to
ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string()
(bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr()
(bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to
diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet()
(bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function()
(bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len()
(bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar()
(bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in
evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository
vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval
(bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285
(bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib
issue (bsc#1201620).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3229=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3229=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3229=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3229=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3229=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3229=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3229=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3229=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3229=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3229=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3229=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3229=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3229=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3229=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3229=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3229=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3229=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3229=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3229=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3229=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3229=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3229=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3229=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3229=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3229=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3229=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3229=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3229=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- openSUSE Leap Micro 5.2 (noarch):
vim-data-common-9.0.0313-150000.5.25.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- openSUSE Leap 15.4 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- openSUSE Leap 15.3 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Manager Server 4.1 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Manager Proxy 4.1 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Manager Proxy 4.1 (x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Micro 5.2 (noarch):
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
vim-small-9.0.0313-150000.5.25.1
vim-small-debuginfo-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise Micro 5.1 (noarch):
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Enterprise Storage 7 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
- SUSE Enterprise Storage 6 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE CaaS Platform 4.0 (noarch):
vim-data-9.0.0313-150000.5.25.1
vim-data-common-9.0.0313-150000.5.25.1
- SUSE CaaS Platform 4.0 (x86_64):
gvim-9.0.0313-150000.5.25.1
gvim-debuginfo-9.0.0313-150000.5.25.1
vim-9.0.0313-150000.5.25.1
vim-debuginfo-9.0.0313-150000.5.25.1
vim-debugsource-9.0.0313-150000.5.25.1
References:
https://www.suse.com/security/cve/CVE-2022-1720.html
https://www.suse.com/security/cve/CVE-2022-1968.html
https://www.suse.com/security/cve/CVE-2022-2124.html
https://www.suse.com/security/cve/CVE-2022-2125.html
https://www.suse.com/security/cve/CVE-2022-2126.html
https://www.suse.com/security/cve/CVE-2022-2129.html
https://www.suse.com/security/cve/CVE-2022-2175.html
https://www.suse.com/security/cve/CVE-2022-2182.html
https://www.suse.com/security/cve/CVE-2022-2183.html
https://www.suse.com/security/cve/CVE-2022-2206.html
https://www.suse.com/security/cve/CVE-2022-2207.html
https://www.suse.com/security/cve/CVE-2022-2208.html
https://www.suse.com/security/cve/CVE-2022-2210.html
https://www.suse.com/security/cve/CVE-2022-2231.html
https://www.suse.com/security/cve/CVE-2022-2257.html
https://www.suse.com/security/cve/CVE-2022-2264.html
https://www.suse.com/security/cve/CVE-2022-2284.html
https://www.suse.com/security/cve/CVE-2022-2285.html
https://www.suse.com/security/cve/CVE-2022-2286.html
https://www.suse.com/security/cve/CVE-2022-2287.html
https://www.suse.com/security/cve/CVE-2022-2304.html
https://www.suse.com/security/cve/CVE-2022-2343.html
https://www.suse.com/security/cve/CVE-2022-2344.html
https://www.suse.com/security/cve/CVE-2022-2345.html
https://www.suse.com/security/cve/CVE-2022-2522.html
https://www.suse.com/security/cve/CVE-2022-2571.html
https://www.suse.com/security/cve/CVE-2022-2580.html
https://www.suse.com/security/cve/CVE-2022-2581.html
https://www.suse.com/security/cve/CVE-2022-2598.html
https://www.suse.com/security/cve/CVE-2022-2816.html
https://www.suse.com/security/cve/CVE-2022-2817.html
https://www.suse.com/security/cve/CVE-2022-2819.html
https://www.suse.com/security/cve/CVE-2022-2845.html
https://www.suse.com/security/cve/CVE-2022-2849.html
https://www.suse.com/security/cve/CVE-2022-2862.html
https://www.suse.com/security/cve/CVE-2022-2874.html
https://www.suse.com/security/cve/CVE-2022-2889.html
https://www.suse.com/security/cve/CVE-2022-2923.html
https://www.suse.com/security/cve/CVE-2022-2946.html
https://www.suse.com/security/cve/CVE-2022-3016.html
https://bugzilla.suse.com/1200270
https://bugzilla.suse.com/1200697
https://bugzilla.suse.com/1200698
https://bugzilla.suse.com/1200700
https://bugzilla.suse.com/1200701
https://bugzilla.suse.com/1200732
https://bugzilla.suse.com/1200884
https://bugzilla.suse.com/1200902
https://bugzilla.suse.com/1200903
https://bugzilla.suse.com/1200904
https://bugzilla.suse.com/1201132
https://bugzilla.suse.com/1201133
https://bugzilla.suse.com/1201134
https://bugzilla.suse.com/1201135
https://bugzilla.suse.com/1201136
https://bugzilla.suse.com/1201150
https://bugzilla.suse.com/1201151
https://bugzilla.suse.com/1201152
https://bugzilla.suse.com/1201153
https://bugzilla.suse.com/1201154
https://bugzilla.suse.com/1201155
https://bugzilla.suse.com/1201249
https://bugzilla.suse.com/1201356
https://bugzilla.suse.com/1201359
https://bugzilla.suse.com/1201363
https://bugzilla.suse.com/1201620
https://bugzilla.suse.com/1201863
https://bugzilla.suse.com/1202046
https://bugzilla.suse.com/1202049
https://bugzilla.suse.com/1202050
https://bugzilla.suse.com/1202051
https://bugzilla.suse.com/1202414
https://bugzilla.suse.com/1202420
https://bugzilla.suse.com/1202421
https://bugzilla.suse.com/1202511
https://bugzilla.suse.com/1202512
https://bugzilla.suse.com/1202515
https://bugzilla.suse.com/1202552
https://bugzilla.suse.com/1202599
https://bugzilla.suse.com/1202687
https://bugzilla.suse.com/1202689
https://bugzilla.suse.com/1202862
From sle-security-updates at lists.suse.com Fri Sep 9 16:29:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 18:29:39 +0200 (CEST)
Subject: SUSE-SU-2022:3231-1: important: Security update for python-PyYAML
Message-ID: <20220909162939.66C9CFCF4@maintenance.suse.de>
SUSE Security Update: Security update for python-PyYAML
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3231-1
Rating: important
References: #1174514
Cross-References: CVE-2020-14343
CVSS scores:
CVE-2020-14343 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-14343 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Module for Containers 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Manager Tools 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-PyYAML fixes the following issues:
- CVE-2020-14343: Fixed a arbitrary code execution when processing
untrusted YAML files through the full_load method or with the FullLoader
loader. This Fixes an incomplete solution for CVE-2020-1747
(bnc#1174514).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12:
zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3231=1
- SUSE Linux Enterprise Module for Containers 12:
zypper in -t patch SUSE-SLE-Module-Containers-12-2022-3231=1
- SUSE Linux Enterprise Module for Advanced Systems Management 12:
zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-3231=1
Package List:
- SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):
python-PyYAML-5.1.2-26.15.1
python-PyYAML-debuginfo-5.1.2-26.15.1
python-PyYAML-debugsource-5.1.2-26.15.1
python3-PyYAML-5.1.2-26.15.1
- SUSE Linux Enterprise Module for Containers 12 (x86_64):
python-PyYAML-5.1.2-26.15.1
python-PyYAML-debuginfo-5.1.2-26.15.1
python-PyYAML-debugsource-5.1.2-26.15.1
- SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):
python-PyYAML-5.1.2-26.15.1
python-PyYAML-debuginfo-5.1.2-26.15.1
python-PyYAML-debugsource-5.1.2-26.15.1
python3-PyYAML-5.1.2-26.15.1
References:
https://www.suse.com/security/cve/CVE-2020-14343.html
https://bugzilla.suse.com/1174514
From sle-security-updates at lists.suse.com Fri Sep 9 16:30:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 18:30:28 +0200 (CEST)
Subject: SUSE-SU-2022:3232-1: important: Security update for keepalived
Message-ID: <20220909163028.D1539FCF4@maintenance.suse.de>
SUSE Security Update: Security update for keepalived
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3232-1
Rating: important
References: #1193115 #1202808
Cross-References: CVE-2021-44225
CVSS scores:
CVE-2021-44225 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-44225 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to insufficient
control in the D-Bus policy (bsc#1193115).
Bugfixes:
- Set ProtectKernelModules to false in service file (bsc#1202808).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3232=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3232=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
keepalived-2.2.2-150400.3.5.1
keepalived-debuginfo-2.2.2-150400.3.5.1
keepalived-debugsource-2.2.2-150400.3.5.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
keepalived-2.2.2-150400.3.5.1
keepalived-debuginfo-2.2.2-150400.3.5.1
keepalived-debugsource-2.2.2-150400.3.5.1
References:
https://www.suse.com/security/cve/CVE-2021-44225.html
https://bugzilla.suse.com/1193115
https://bugzilla.suse.com/1202808
From sle-security-updates at lists.suse.com Fri Sep 9 19:18:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 21:18:16 +0200 (CEST)
Subject: SUSE-SU-2022:3234-1: important: Security update for keepalived
Message-ID: <20220909191816.EB9B9FCF4@maintenance.suse.de>
SUSE Security Update: Security update for keepalived
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3234-1
Rating: important
References: #1193115
Cross-References: CVE-2021-44225
CVSS scores:
CVE-2021-44225 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-44225 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products:
HPE Helion Openstack 8
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to insufficient
control in the D-Bus policy (bsc#1193115).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3234=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2022-3234=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2022-3234=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (x86_64):
keepalived-2.0.19-3.9.1
keepalived-debuginfo-2.0.19-3.9.1
keepalived-debugsource-2.0.19-3.9.1
- SUSE OpenStack Cloud 8 (x86_64):
keepalived-2.0.19-3.9.1
keepalived-debuginfo-2.0.19-3.9.1
keepalived-debugsource-2.0.19-3.9.1
- HPE Helion Openstack 8 (x86_64):
keepalived-2.0.19-3.9.1
keepalived-debuginfo-2.0.19-3.9.1
keepalived-debugsource-2.0.19-3.9.1
References:
https://www.suse.com/security/cve/CVE-2021-44225.html
https://bugzilla.suse.com/1193115
From sle-security-updates at lists.suse.com Fri Sep 9 19:18:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 9 Sep 2022 21:18:50 +0200 (CEST)
Subject: SUSE-SU-2022:3235-1: important: Security update for keepalived
Message-ID: <20220909191850.21DF8FCF4@maintenance.suse.de>
SUSE Security Update: Security update for keepalived
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3235-1
Rating: important
References: #1193115
Cross-References: CVE-2021-44225
CVSS scores:
CVE-2021-44225 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2021-44225 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Affected Products:
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for keepalived fixes the following issues:
- CVE-2021-44225: Fix a potential privilege escalation due to insufficient
control in the D-Bus policy (bsc#1193115).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3235=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3235=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
keepalived-2.0.19-3.6.1
keepalived-debuginfo-2.0.19-3.6.1
keepalived-debugsource-2.0.19-3.6.1
- SUSE OpenStack Cloud 9 (x86_64):
keepalived-2.0.19-3.6.1
keepalived-debuginfo-2.0.19-3.6.1
keepalived-debugsource-2.0.19-3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-44225.html
https://bugzilla.suse.com/1193115
From sle-security-updates at lists.suse.com Sat Sep 10 08:27:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 10 Sep 2022 10:27:20 +0200 (CEST)
Subject: SUSE-CU-2022:2173-1: Security update of bci/nodejs
Message-ID: <20220910082720.203C4FCF4@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2173-1
Container Tags : bci/node:14 , bci/node:14-33.25 , bci/nodejs:14 , bci/nodejs:14-33.25
Container Release : 33.25
Severity : moderate
Type : security
References : 1193951 CVE-2020-21913
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
The following package changes have been done:
- rpm-ndb-4.14.3-150300.49.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- container:sles15-image-15.0.0-27.11.21 updated
From sle-security-updates at lists.suse.com Mon Sep 12 10:23:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:23:16 +0200 (CEST)
Subject: SUSE-SU-2022:3245-1: important: Security update for libyang
Message-ID: <20220912102316.16E7FFD84@maintenance.suse.de>
SUSE Security Update: Security update for libyang
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3245-1
Rating: important
References: #1186374 #1186375 #1186376 #1186378
Cross-References: CVE-2021-28902 CVE-2021-28903 CVE-2021-28904
CVE-2021-28906
CVSS scores:
CVE-2021-28902 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28902 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28903 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28903 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28904 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28904 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28906 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28906 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for libyang fixes the following issues:
- CVE-2021-28906: Fixed missing check in read_yin_leaf that can lead to
DoS (bsc#1186378)
- CVE-2021-28904: Fixed missing check in ext_get_plugin that lead to DoS
(bsc#1186376).
- CVE-2021-28903: Fixed stack overflow in lyxml_parse_mem (bsc#1186375).
- CVE-2021-28902: Fixed missing check in read_yin_container that can lead
to DoS (bsc#1186374).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3245=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3245=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3245=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3245=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libyang-cpp-devel-1.0.184-150300.3.6.1
libyang-cpp1-1.0.184-150300.3.6.1
libyang-cpp1-debuginfo-1.0.184-150300.3.6.1
libyang-debuginfo-1.0.184-150300.3.6.1
libyang-debugsource-1.0.184-150300.3.6.1
libyang-devel-1.0.184-150300.3.6.1
libyang-extentions-1.0.184-150300.3.6.1
libyang-extentions-debuginfo-1.0.184-150300.3.6.1
libyang1-1.0.184-150300.3.6.1
libyang1-debuginfo-1.0.184-150300.3.6.1
python3-yang-1.0.184-150300.3.6.1
python3-yang-debuginfo-1.0.184-150300.3.6.1
yang-tools-1.0.184-150300.3.6.1
yang-tools-debuginfo-1.0.184-150300.3.6.1
- openSUSE Leap 15.4 (noarch):
libyang-doc-1.0.184-150300.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libyang-cpp-devel-1.0.184-150300.3.6.1
libyang-cpp1-1.0.184-150300.3.6.1
libyang-cpp1-debuginfo-1.0.184-150300.3.6.1
libyang-debuginfo-1.0.184-150300.3.6.1
libyang-debugsource-1.0.184-150300.3.6.1
libyang-devel-1.0.184-150300.3.6.1
libyang-extentions-1.0.184-150300.3.6.1
libyang-extentions-debuginfo-1.0.184-150300.3.6.1
libyang1-1.0.184-150300.3.6.1
libyang1-debuginfo-1.0.184-150300.3.6.1
python3-yang-1.0.184-150300.3.6.1
python3-yang-debuginfo-1.0.184-150300.3.6.1
yang-tools-1.0.184-150300.3.6.1
yang-tools-debuginfo-1.0.184-150300.3.6.1
- openSUSE Leap 15.3 (noarch):
libyang-doc-1.0.184-150300.3.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
libyang-debuginfo-1.0.184-150300.3.6.1
libyang-debugsource-1.0.184-150300.3.6.1
libyang-extentions-1.0.184-150300.3.6.1
libyang-extentions-debuginfo-1.0.184-150300.3.6.1
libyang1-1.0.184-150300.3.6.1
libyang1-debuginfo-1.0.184-150300.3.6.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libyang-debuginfo-1.0.184-150300.3.6.1
libyang-debugsource-1.0.184-150300.3.6.1
libyang-extentions-1.0.184-150300.3.6.1
libyang-extentions-debuginfo-1.0.184-150300.3.6.1
libyang1-1.0.184-150300.3.6.1
libyang1-debuginfo-1.0.184-150300.3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-28902.html
https://www.suse.com/security/cve/CVE-2021-28903.html
https://www.suse.com/security/cve/CVE-2021-28904.html
https://www.suse.com/security/cve/CVE-2021-28906.html
https://bugzilla.suse.com/1186374
https://bugzilla.suse.com/1186375
https://bugzilla.suse.com/1186376
https://bugzilla.suse.com/1186378
From sle-security-updates at lists.suse.com Mon Sep 12 10:24:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:24:20 +0200 (CEST)
Subject: SUSE-SU-2022:3246-1: important: Security update for frr
Message-ID: <20220912102420.04FA9FD84@maintenance.suse.de>
SUSE Security Update: Security update for frr
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3246-1
Rating: important
References: #1202022 #1202023
Cross-References: CVE-2019-25074 CVE-2022-37032
CVSS scores:
CVE-2019-25074 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-37032 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for frr fixes the following issues:
- CVE-2022-37032: Fixed out-of-bounds read in the BGP daemon that may lead
to information disclosure or denial of service (bsc#1202023).
- CVE-2019-25074: Fixed a memory leak in the IS-IS daemon that may lead to
server memory exhaustion (bsc#1202022).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3246=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3246=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3246=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3246=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.7.1
frr-debuginfo-7.4-150300.4.7.1
frr-debugsource-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr0-debuginfo-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrr_pb0-debuginfo-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrcares0-debuginfo-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrsnmp0-debuginfo-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libfrrzmq0-debuginfo-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
libmlag_pb0-debuginfo-7.4-150300.4.7.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.7.1
frr-debuginfo-7.4-150300.4.7.1
frr-debugsource-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr0-debuginfo-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrr_pb0-debuginfo-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrcares0-debuginfo-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrsnmp0-debuginfo-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libfrrzmq0-debuginfo-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
libmlag_pb0-debuginfo-7.4-150300.4.7.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.7.1
frr-debuginfo-7.4-150300.4.7.1
frr-debugsource-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr0-debuginfo-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrr_pb0-debuginfo-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrcares0-debuginfo-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrsnmp0-debuginfo-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libfrrzmq0-debuginfo-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
libmlag_pb0-debuginfo-7.4-150300.4.7.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
frr-7.4-150300.4.7.1
frr-debuginfo-7.4-150300.4.7.1
frr-debugsource-7.4-150300.4.7.1
frr-devel-7.4-150300.4.7.1
libfrr0-7.4-150300.4.7.1
libfrr0-debuginfo-7.4-150300.4.7.1
libfrr_pb0-7.4-150300.4.7.1
libfrr_pb0-debuginfo-7.4-150300.4.7.1
libfrrcares0-7.4-150300.4.7.1
libfrrcares0-debuginfo-7.4-150300.4.7.1
libfrrfpm_pb0-7.4-150300.4.7.1
libfrrfpm_pb0-debuginfo-7.4-150300.4.7.1
libfrrgrpc_pb0-7.4-150300.4.7.1
libfrrgrpc_pb0-debuginfo-7.4-150300.4.7.1
libfrrospfapiclient0-7.4-150300.4.7.1
libfrrospfapiclient0-debuginfo-7.4-150300.4.7.1
libfrrsnmp0-7.4-150300.4.7.1
libfrrsnmp0-debuginfo-7.4-150300.4.7.1
libfrrzmq0-7.4-150300.4.7.1
libfrrzmq0-debuginfo-7.4-150300.4.7.1
libmlag_pb0-7.4-150300.4.7.1
libmlag_pb0-debuginfo-7.4-150300.4.7.1
References:
https://www.suse.com/security/cve/CVE-2019-25074.html
https://www.suse.com/security/cve/CVE-2022-37032.html
https://bugzilla.suse.com/1202022
https://bugzilla.suse.com/1202023
From sle-security-updates at lists.suse.com Mon Sep 12 10:25:29 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:25:29 +0200 (CEST)
Subject: SUSE-SU-2022:3248-1: important: Security update for qpdf
Message-ID: <20220912102529.14811FD84@maintenance.suse.de>
SUSE Security Update: Security update for qpdf
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3248-1
Rating: important
References: #1188514
Cross-References: CVE-2021-36978
CVSS scores:
CVE-2021-36978 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-36978 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for qpdf fixes the following issues:
- CVE-2021-36978: Fixed heap-based buffer overflow in
Pl_ASCII85Decoder::write (bsc#1188514).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3248=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3248=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3248=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3248=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3248=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3248=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3248=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3248=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3248=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3248=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3248=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3248=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3248=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Manager Proxy 4.1 (x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libqpdf26-9.0.2-150200.3.3.1
libqpdf26-debuginfo-9.0.2-150200.3.3.1
qpdf-9.0.2-150200.3.3.1
qpdf-debuginfo-9.0.2-150200.3.3.1
qpdf-debugsource-9.0.2-150200.3.3.1
qpdf-devel-9.0.2-150200.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-36978.html
https://bugzilla.suse.com/1188514
From sle-security-updates at lists.suse.com Mon Sep 12 10:26:36 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:26:36 +0200 (CEST)
Subject: SUSE-SU-2022:3250-1: moderate: Security update for nodejs16
Message-ID: <20220912102636.7E127FD84@maintenance.suse.de>
SUSE Security Update: Security update for nodejs16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3250-1
Rating: moderate
References: #1200303 #1200517 #1201710 #1202382 #1202383
Cross-References: CVE-2022-29244 CVE-2022-31150 CVE-2022-35948
CVE-2022-35949
CVSS scores:
CVE-2022-29244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29244 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-31150 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2022-31150 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35948 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35948 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35949 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-35949 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Web Scripting 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for nodejs16 fixes the following issues:
- CVE-2022-35949: Fixed SSRF when an application takes in user input into
the path/pathname option of undici.request (bsc#1202382).
- CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383).
- CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and
.npmignore file exclusion directives when run in a workspace
(bsc#1200517).
- CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710).
Bugfixes:
- Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3250=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-3250=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
corepack16-16.17.0-150400.3.6.1
nodejs16-16.17.0-150400.3.6.1
nodejs16-debuginfo-16.17.0-150400.3.6.1
nodejs16-debugsource-16.17.0-150400.3.6.1
nodejs16-devel-16.17.0-150400.3.6.1
npm16-16.17.0-150400.3.6.1
- openSUSE Leap 15.4 (noarch):
nodejs16-docs-16.17.0-150400.3.6.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.0-150400.3.6.1
nodejs16-debuginfo-16.17.0-150400.3.6.1
nodejs16-debugsource-16.17.0-150400.3.6.1
nodejs16-devel-16.17.0-150400.3.6.1
npm16-16.17.0-150400.3.6.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch):
nodejs16-docs-16.17.0-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-29244.html
https://www.suse.com/security/cve/CVE-2022-31150.html
https://www.suse.com/security/cve/CVE-2022-35948.html
https://www.suse.com/security/cve/CVE-2022-35949.html
https://bugzilla.suse.com/1200303
https://bugzilla.suse.com/1200517
https://bugzilla.suse.com/1201710
https://bugzilla.suse.com/1202382
https://bugzilla.suse.com/1202383
From sle-security-updates at lists.suse.com Mon Sep 12 10:27:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:27:43 +0200 (CEST)
Subject: SUSE-SU-2022:3244-1: important: Security update for samba
Message-ID: <20220912102743.F0587FD84@maintenance.suse.de>
SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3244-1
Rating: important
References: #1200102 #1202803 #1202976
Cross-References: CVE-2022-1615 CVE-2022-32743
CVSS scores:
CVE-2022-1615 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1615 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32743 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-32743 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for samba fixes the following issues:
- CVE-2022-1615: Fixed error handling in random number generation
(bso#15103)(bsc#1202976).
- CVE-2022-32743: Implement validated dnsHostName write rights
(bso#14833)(bsc#1202803).
Bugfixes:
- Fixed use after free when iterating smbd_server_connection->connections
after tree disconnect failure (bso#15128)(bsc#1200102).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3244=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3244=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3244=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ctdb-4.15.8+git.527.8d0c05d313e-150400.3.14.1
ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
ctdb-pcp-pmda-4.15.8+git.527.8d0c05d313e-150400.3.14.1
ctdb-pcp-pmda-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-gpupdate-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-test-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-test-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-tool-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- openSUSE Leap 15.4 (aarch64 x86_64):
samba-ceph-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- openSUSE Leap 15.4 (x86_64):
libsamba-policy0-python3-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy0-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-devel-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-python3-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-python3-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- openSUSE Leap 15.4 (noarch):
samba-doc-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libsamba-policy-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy-python3-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy0-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1
libsamba-policy0-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ad-dc-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-devel-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-dsdb-modules-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-dsdb-modules-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-gpupdate-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ldb-ldap-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ldb-ldap-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-python3-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-python3-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-winbind-libs-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64):
samba-ceph-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-ceph-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
samba-client-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-client-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-32bit-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-libs-32bit-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ctdb-4.15.8+git.527.8d0c05d313e-150400.3.14.1
ctdb-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-debuginfo-4.15.8+git.527.8d0c05d313e-150400.3.14.1
samba-debugsource-4.15.8+git.527.8d0c05d313e-150400.3.14.1
References:
https://www.suse.com/security/cve/CVE-2022-1615.html
https://www.suse.com/security/cve/CVE-2022-32743.html
https://bugzilla.suse.com/1200102
https://bugzilla.suse.com/1202803
https://bugzilla.suse.com/1202976
From sle-security-updates at lists.suse.com Mon Sep 12 10:30:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:30:34 +0200 (CEST)
Subject: SUSE-SU-2022:3247-1: important: Security update for bluez
Message-ID: <20220912103034.A19A3FD84@maintenance.suse.de>
SUSE Security Update: Security update for bluez
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3247-1
Rating: important
References: #1194704
Cross-References: CVE-2022-0204
CVSS scores:
CVE-2022-0204 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0204 (SUSE): 7.1 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for bluez fixes the following issues:
- CVE-2022-0204: Fixed check if the prepare writes would append more than
the allowed maximum attribute length (bsc#1194704).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3247=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3247=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3247=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3247=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bluez-5.62-150400.4.5.1
bluez-cups-5.62-150400.4.5.1
bluez-cups-debuginfo-5.62-150400.4.5.1
bluez-debuginfo-5.62-150400.4.5.1
bluez-debugsource-5.62-150400.4.5.1
bluez-deprecated-5.62-150400.4.5.1
bluez-deprecated-debuginfo-5.62-150400.4.5.1
bluez-devel-5.62-150400.4.5.1
bluez-test-5.62-150400.4.5.1
bluez-test-debuginfo-5.62-150400.4.5.1
libbluetooth3-5.62-150400.4.5.1
libbluetooth3-debuginfo-5.62-150400.4.5.1
- openSUSE Leap 15.4 (noarch):
bluez-auto-enable-devices-5.62-150400.4.5.1
- openSUSE Leap 15.4 (x86_64):
bluez-devel-32bit-5.62-150400.4.5.1
libbluetooth3-32bit-5.62-150400.4.5.1
libbluetooth3-32bit-debuginfo-5.62-150400.4.5.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
bluez-cups-5.62-150400.4.5.1
bluez-cups-debuginfo-5.62-150400.4.5.1
bluez-debuginfo-5.62-150400.4.5.1
bluez-debugsource-5.62-150400.4.5.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
bluez-debuginfo-5.62-150400.4.5.1
bluez-debugsource-5.62-150400.4.5.1
bluez-devel-5.62-150400.4.5.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
bluez-5.62-150400.4.5.1
bluez-debuginfo-5.62-150400.4.5.1
bluez-debugsource-5.62-150400.4.5.1
bluez-deprecated-5.62-150400.4.5.1
bluez-deprecated-debuginfo-5.62-150400.4.5.1
libbluetooth3-5.62-150400.4.5.1
libbluetooth3-debuginfo-5.62-150400.4.5.1
References:
https://www.suse.com/security/cve/CVE-2022-0204.html
https://bugzilla.suse.com/1194704
From sle-security-updates at lists.suse.com Mon Sep 12 10:31:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:31:55 +0200 (CEST)
Subject: SUSE-SU-2022:3249-1: important: Security update for clamav
Message-ID: <20220912103155.43F53FD84@maintenance.suse.de>
SUSE Security Update: Security update for clamav
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3249-1
Rating: important
References: #1202986
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that contains security fixes can now be installed.
Description:
This update for clamav fixes the following issues:
clamav was updated to 0.103.7 (bsc#1202986)
* Upgrade the vendored UnRAR library to version 6.1.7.
* Fix logical signature "Intermediates" feature.
* Relax constraints on slightly malformed zip archives that contain
overlapping file entries.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3249=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3249=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3249=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3249=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3249=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3249=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3249=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3249=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3249=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3249=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3249=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3249=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3249=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3249=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3249=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3249=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3249=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3249=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3249=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3249=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3249=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3249=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3249=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Manager Proxy 4.1 (x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
- SUSE CaaS Platform 4.0 (x86_64):
clamav-0.103.7-150000.3.41.1
clamav-debuginfo-0.103.7-150000.3.41.1
clamav-debugsource-0.103.7-150000.3.41.1
clamav-devel-0.103.7-150000.3.41.1
libclamav9-0.103.7-150000.3.41.1
libclamav9-debuginfo-0.103.7-150000.3.41.1
libfreshclam2-0.103.7-150000.3.41.1
libfreshclam2-debuginfo-0.103.7-150000.3.41.1
References:
https://bugzilla.suse.com/1202986
From sle-security-updates at lists.suse.com Mon Sep 12 10:33:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:33:14 +0200 (CEST)
Subject: SUSE-SU-2022:3251-1: moderate: Security update for nodejs16
Message-ID: <20220912103314.BB5E7FD84@maintenance.suse.de>
SUSE Security Update: Security update for nodejs16
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3251-1
Rating: moderate
References: #1200303 #1200517 #1201710 #1202382 #1202383
Cross-References: CVE-2022-29244 CVE-2022-31150 CVE-2022-35948
CVE-2022-35949
CVSS scores:
CVE-2022-29244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29244 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2022-31150 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVE-2022-31150 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35948 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35948 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-35949 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-35949 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Web Scripting 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for nodejs16 fixes the following issues:
- CVE-2022-35949: Fixed SSRF when an application takes in user input into
the path/pathname option of undici.request (bsc#1202382).
- CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383).
- CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and
.npmignore file exclusion directives when run in a workspace
(bsc#1200517).
- CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710).
Bugfixes:
- Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3251=1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3:
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-3251=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.0-150300.7.9.1
nodejs16-debuginfo-16.17.0-150300.7.9.1
nodejs16-debugsource-16.17.0-150300.7.9.1
nodejs16-devel-16.17.0-150300.7.9.1
npm16-16.17.0-150300.7.9.1
- openSUSE Leap 15.3 (noarch):
nodejs16-docs-16.17.0-150300.7.9.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64):
nodejs16-16.17.0-150300.7.9.1
nodejs16-debuginfo-16.17.0-150300.7.9.1
nodejs16-debugsource-16.17.0-150300.7.9.1
nodejs16-devel-16.17.0-150300.7.9.1
npm16-16.17.0-150300.7.9.1
- SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch):
nodejs16-docs-16.17.0-150300.7.9.1
References:
https://www.suse.com/security/cve/CVE-2022-29244.html
https://www.suse.com/security/cve/CVE-2022-31150.html
https://www.suse.com/security/cve/CVE-2022-35948.html
https://www.suse.com/security/cve/CVE-2022-35949.html
https://bugzilla.suse.com/1200303
https://bugzilla.suse.com/1200517
https://bugzilla.suse.com/1201710
https://bugzilla.suse.com/1202382
https://bugzilla.suse.com/1202383
From sle-security-updates at lists.suse.com Mon Sep 12 10:34:32 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 12:34:32 +0200 (CEST)
Subject: SUSE-SU-2022:3252-1: moderate: Security update for freetype2
Message-ID: <20220912103432.324F1FD84@maintenance.suse.de>
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3252-1
Rating: moderate
References: #1198823 #1198830 #1198832
Cross-References: CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
CVSS scores:
CVE-2022-27404 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27404 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-27405 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27405 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-27406 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27406 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface
(bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface
(bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface
(bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3252=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3252=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3252=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3252=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3252=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3252=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3252=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3252=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3252=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ft2demos-2.10.4-150000.4.12.1
ftbench-2.10.4-150000.4.12.1
ftdiff-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
ftgamma-2.10.4-150000.4.12.1
ftgrid-2.10.4-150000.4.12.1
ftinspect-2.10.4-150000.4.12.1
ftlint-2.10.4-150000.4.12.1
ftmulti-2.10.4-150000.4.12.1
ftstring-2.10.4-150000.4.12.1
ftvalid-2.10.4-150000.4.12.1
ftview-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- openSUSE Leap 15.4 (x86_64):
freetype2-devel-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- openSUSE Leap 15.4 (noarch):
freetype2-profile-tti35-2.10.4-150000.4.12.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ft2demos-2.10.4-150000.4.12.1
ftbench-2.10.4-150000.4.12.1
ftdiff-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
ftgamma-2.10.4-150000.4.12.1
ftgrid-2.10.4-150000.4.12.1
ftinspect-2.10.4-150000.4.12.1
ftlint-2.10.4-150000.4.12.1
ftmulti-2.10.4-150000.4.12.1
ftstring-2.10.4-150000.4.12.1
ftvalid-2.10.4-150000.4.12.1
ftview-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- openSUSE Leap 15.3 (x86_64):
freetype2-devel-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- openSUSE Leap 15.3 (noarch):
freetype2-profile-tti35-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
ftdump-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
ftdump-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
References:
https://www.suse.com/security/cve/CVE-2022-27404.html
https://www.suse.com/security/cve/CVE-2022-27405.html
https://www.suse.com/security/cve/CVE-2022-27406.html
https://bugzilla.suse.com/1198823
https://bugzilla.suse.com/1198830
https://bugzilla.suse.com/1198832
From sle-security-updates at lists.suse.com Mon Sep 12 16:20:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 18:20:16 +0200 (CEST)
Subject: SUSE-SU-2022:3259-1: important: Security update for rubygem-kramdown
Message-ID: <20220912162016.0DF40F78E@maintenance.suse.de>
SUSE Security Update: Security update for rubygem-kramdown
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3259-1
Rating: important
References: #1174297
Cross-References: CVE-2020-14001
CVSS scores:
CVE-2020-14001 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-14001 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for rubygem-kramdown fixes the following issues:
- CVE-2020-14001: Fixed processing template options inside documents
allowing unintended read access or embedded Ruby code execution
(bsc#1174297).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3259=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3259=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3259=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3259=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3259=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3259=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-3259=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
ruby2.5-rubygem-kramdown-doc-1.15.0-150000.3.3.1
ruby2.5-rubygem-kramdown-testsuite-1.15.0-150000.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
ruby2.5-rubygem-kramdown-doc-1.15.0-150000.3.3.1
ruby2.5-rubygem-kramdown-testsuite-1.15.0-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-kramdown-1.15.0-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-14001.html
https://bugzilla.suse.com/1174297
From sle-security-updates at lists.suse.com Mon Sep 12 16:21:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 12 Sep 2022 18:21:19 +0200 (CEST)
Subject: SUSE-SU-2022:1064-2: important: Security update for python2-numpy
Message-ID: <20220912162119.C1832F78E@maintenance.suse.de>
SUSE Security Update: Security update for python2-numpy
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1064-2
Rating: important
References: #1193907 #1193911 #1193913
Cross-References: CVE-2021-33430 CVE-2021-41495 CVE-2021-41496
CVSS scores:
CVE-2021-33430 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33430 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41495 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41495 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-41496 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-41496 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for python2-numpy fixes the following issues:
- CVE-2021-33430: Fixed buffer overflow that could lead to DoS in
PyArray_NewFromDescr_int function of ctors.c (bsc#1193913).
- CVE-2021-41496: Fixed buffer overflow that could lead to DoS in
array_from_pyobj function of fortranobject.c (bsc#1193907).
- CVE-2021-41495: Fixed Null Pointer Dereference in numpy.sort due to
missing return value validation (bsc#1193911).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-1064=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1064=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1064=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1064=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1064=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1064=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1064=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1064=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-1064=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
python-numpy_1_16_5-gnu-hpc-debugsource-1.16.5-150200.3.5.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- SUSE Manager Proxy 4.1 (x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
python-numpy_1_16_5-gnu-hpc-debugsource-1.16.5-150200.3.5.1
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-devel-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150200.3.5.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
python-numpy_1_16_5-gnu-hpc-debugsource-1.16.5-150200.3.5.1
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy-gnu-hpc-devel-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-debuginfo-1.16.5-150200.3.5.1
python2-numpy_1_16_5-gnu-hpc-devel-1.16.5-150200.3.5.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
python2-numpy-1.16.5-150200.3.5.1
python2-numpy-debuginfo-1.16.5-150200.3.5.1
python2-numpy-debugsource-1.16.5-150200.3.5.1
python2-numpy-devel-1.16.5-150200.3.5.1
References:
https://www.suse.com/security/cve/CVE-2021-33430.html
https://www.suse.com/security/cve/CVE-2021-41495.html
https://www.suse.com/security/cve/CVE-2021-41496.html
https://bugzilla.suse.com/1193907
https://bugzilla.suse.com/1193911
https://bugzilla.suse.com/1193913
From sle-security-updates at lists.suse.com Tue Sep 13 07:16:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 13 Sep 2022 09:16:19 +0200 (CEST)
Subject: SUSE-CU-2022:2188-1: Security update of suse/sle-micro/5.3/toolbox
Message-ID: <20220913071619.8C3D5F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2188-1
Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-4.2.35 , suse/sle-micro/5.3/toolbox:latest
Container Release : 4.2.35
Severity : important
Type : security
References : 1185605 1200270 1200697 1200698 1200700 1200701 1200732 1200884
1200902 1200903 1200904 1201132 1201133 1201134 1201135 1201136
1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201356
1201359 1201363 1201620 1201863 1202011 1202046 1202049 1202050
1202051 1202414 1202420 1202421 1202511 1202512 1202515 1202552
1202599 1202687 1202689 1202862 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124
CVE-2022-2125 CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182
CVE-2022-2183 CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210
CVE-2022-2231 CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285
CVE-2022-2286 CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344
CVE-2022-2345 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581
CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923
CVE-2022-2946 CVE-2022-3016
-----------------------------------------------------------------
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:3126-1
Released: Wed Sep 7 04:34:30 2022
Summary: Feature update for gdb
Type: feature
Severity: important
References: 1185605
This feature update for gdb fixes the following issues:
- Enable build option `--with-debuginfod` (bsc#1185605, jsc#PED-1246, jsc#PED-1149, jsc#PED-1138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
The following package changes have been done:
- gdb-11.1-150400.15.3.1 updated
- libdebuginfod1-dummy-0.185-150400.5.3.1 added
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
From sle-security-updates at lists.suse.com Tue Sep 13 08:07:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 13 Sep 2022 10:07:34 +0200 (CEST)
Subject: SUSE-CU-2022:2199-1: Security update of bci/nodejs
Message-ID: <20220913080734.D313EF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2199-1
Container Tags : bci/node:16 , bci/node:16-9.29 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.29 , bci/nodejs:latest
Container Release : 9.29
Severity : moderate
Type : security
References : 1200303 1200517 1201710 1202382 1202383 CVE-2022-29244 CVE-2022-31150
CVE-2022-35948 CVE-2022-35949
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3250-1
Released: Mon Sep 12 09:06:45 2022
Summary: Security update for nodejs16
Type: security
Severity: moderate
References: 1200303,1200517,1201710,1202382,1202383,CVE-2022-29244,CVE-2022-31150,CVE-2022-35948,CVE-2022-35949
This update for nodejs16 fixes the following issues:
- CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request (bsc#1202382).
- CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383).
- CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (bsc#1200517).
- CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710).
Bugfixes:
- Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303)
The following package changes have been done:
- nodejs16-16.17.0-150400.3.6.1 updated
- npm16-16.17.0-150400.3.6.1 updated
From sle-security-updates at lists.suse.com Tue Sep 13 08:09:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 13 Sep 2022 10:09:22 +0200 (CEST)
Subject: SUSE-CU-2022:2200-1: Security update of bci/openjdk-devel
Message-ID: <20220913080922.42CD9F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2200-1
Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.58 , bci/openjdk-devel:latest
Container Release : 34.58
Severity : moderate
Type : security
References : 1198823 1198830 1198832 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
The following package changes have been done:
- libfreetype6-2.10.4-150000.4.12.1 updated
- container:bci-openjdk-11-15.4-30.27 updated
From sle-security-updates at lists.suse.com Tue Sep 13 08:10:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 13 Sep 2022 10:10:51 +0200 (CEST)
Subject: SUSE-CU-2022:2201-1: Security update of bci/openjdk
Message-ID: <20220913081051.32F16F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2201-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-30.27 , bci/openjdk:latest
Container Release : 30.27
Severity : moderate
Type : security
References : 1198823 1198830 1198832 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
The following package changes have been done:
- libfreetype6-2.10.4-150000.4.12.1 updated
From sle-security-updates at lists.suse.com Tue Sep 13 08:12:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 13 Sep 2022 10:12:47 +0200 (CEST)
Subject: SUSE-CU-2022:2203-1: Security update of suse/sle-micro/5.1/toolbox
Message-ID: <20220913081247.63B4FF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2203-1
Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.281 , suse/sle-micro/5.1/toolbox:latest
Container Release : 2.2.281
Severity : important
Type : security
References : 1200270 1200697 1200698 1200700 1200701 1200732 1200884 1200902
1200903 1200904 1201132 1201133 1201134 1201135 1201136 1201150
1201151 1201152 1201153 1201154 1201155 1201249 1201356 1201359
1201363 1201620 1201863 1202046 1202049 1202050 1202051 1202414
1202420 1202421 1202511 1202512 1202515 1202552 1202599 1202687
1202689 1202862 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125
CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598
CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849
CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946
CVE-2022-3016
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
The following package changes have been done:
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
From sle-security-updates at lists.suse.com Tue Sep 13 08:16:35 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 13 Sep 2022 10:16:35 +0200 (CEST)
Subject: SUSE-CU-2022:2205-1: Security update of suse/sle-micro/5.2/toolbox
Message-ID: <20220913081635.C64B6F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2205-1
Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.102 , suse/sle-micro/5.2/toolbox:latest
Container Release : 6.2.102
Severity : important
Type : security
References : 1200270 1200697 1200698 1200700 1200701 1200732 1200884 1200902
1200903 1200904 1201132 1201133 1201134 1201135 1201136 1201150
1201151 1201152 1201153 1201154 1201155 1201249 1201356 1201359
1201363 1201620 1201863 1202046 1202049 1202050 1202051 1202414
1202420 1202421 1202511 1202512 1202515 1202552 1202599 1202687
1202689 1202862 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125
CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581 CVE-2022-2598
CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845 CVE-2022-2849
CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923 CVE-2022-2946
CVE-2022-3016
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
The following package changes have been done:
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
From sle-security-updates at lists.suse.com Wed Sep 14 07:20:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 09:20:47 +0200 (CEST)
Subject: SUSE-SU-2022:3263-1: important: Security update for the Linux Kernel
Message-ID: <20220914072047.211E2F78E@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3263-1
Rating: important
References: #1133374 #1191881 #1196616 #1201420 #1201726
#1201948 #1202096 #1202346 #1202347 #1202393
#1202897 #1202898 #1203098 #1203107
Cross-References: CVE-2019-3900 CVE-2020-36516 CVE-2022-20368
CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
CVE-2022-26373 CVE-2022-2991 CVE-2022-3028
CVE-2022-36879 CVE-2022-39188
CVSS scores:
CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2991 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2991 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP3-BCL
______________________________________________________________________________
An update that solves 11 vulnerabilities and has three
fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm
implemenation (bsc#1201420).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2019-3900: Fixed infinite loop the vhost_net kernel module that
could result in a DoS scenario (bnc#1133374).
The following non-security bugs were fixed:
- net_sched: cls_route: Disallowed handle of 0 (bsc#1202393).
- mm, rmap: Fixed anon_vma->degree ambiguity leading to double-reuse
(bsc#1203098).
- lightnvm: Removed lightnvm implemenation (bsc#1191881).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3263=1
Package List:
- SUSE Linux Enterprise Server 12-SP3-BCL (noarch):
kernel-devel-4.4.180-94.174.1
kernel-macros-4.4.180-94.174.1
kernel-source-4.4.180-94.174.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
kernel-default-4.4.180-94.174.1
kernel-default-base-4.4.180-94.174.1
kernel-default-base-debuginfo-4.4.180-94.174.1
kernel-default-debuginfo-4.4.180-94.174.1
kernel-default-debugsource-4.4.180-94.174.1
kernel-default-devel-4.4.180-94.174.1
kernel-syms-4.4.180-94.174.1
References:
https://www.suse.com/security/cve/CVE-2019-3900.html
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2991.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1133374
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
From sle-security-updates at lists.suse.com Wed Sep 14 08:06:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 10:06:10 +0200 (CEST)
Subject: SUSE-CU-2022:2209-1: Security update of suse/sle15
Message-ID: <20220914080610.186D0F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2209-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.195
Container Release : 9.5.195
Severity : important
Type : security
References : 1197178 1198731 1199140 1199895 1200842 1200993 1201092 1201225
1201576 1201638 CVE-2022-34903
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3129-1
Released: Wed Sep 7 04:42:53 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3144-1
Released: Wed Sep 7 11:04:23 2022
Summary: Security update for gpg2
Type: security
Severity: important
References: 1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a potential signature forgery via injection
into the status line when certain unusual conditions are met (bsc#1201225).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3223-1
Released: Fri Sep 9 04:33:35 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
The following package changes have been done:
- gpg2-2.2.5-150000.4.22.1 updated
- libblkid1-2.33.2-150100.4.24.1 updated
- libfdisk1-2.33.2-150100.4.24.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libmount1-2.33.2-150100.4.24.1 updated
- libsmartcols1-2.33.2-150100.4.24.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libuuid1-2.33.2-150100.4.24.1 updated
- libzypp-17.31.0-150200.42.1 updated
- util-linux-2.33.2-150100.4.24.1 updated
- zypper-1.14.55-150200.36.1 updated
From sle-security-updates at lists.suse.com Wed Sep 14 08:56:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 10:56:20 +0200 (CEST)
Subject: SUSE-CU-2022:2229-1: Security update of ses/7.1/rook/ceph
Message-ID: <20220914085620.954E3F78E@maintenance.suse.de>
SUSE Container Update Advisory: ses/7.1/rook/ceph
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2229-1
Container Tags : ses/7.1/rook/ceph:1.8.10 , ses/7.1/rook/ceph:1.8.10.0 , ses/7.1/rook/ceph:1.8.10.0.4.5.173 , ses/7.1/rook/ceph:latest , ses/7.1/rook/ceph:sle15.3.pacific
Container Release : 4.5.173
Severity : important
Type : security
References : 1041090 1047178 1164384 1181475 1183308 1192616 1193951 1194131
1194875 1195059 1195359 1195463 1195881 1195916 1196017 1196044
1196212 1196499 1196696 1196733 1196785 1196850 1197017 1197178
1198341 1198627 1198731 1198752 1198925 1199140 1199235 1199524
1199895 1200064 1200485 1200553 1200800 1200842 1200993 1201092
1201253 1201576 1201638 1202175 1202310 1202498 1202498 1202593
CVE-2017-6512 CVE-2019-20454 CVE-2020-21913 CVE-2020-29651 CVE-2021-3979
CVE-2022-1587 CVE-2022-1706 CVE-2022-2309 CVE-2022-29458 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container ses/7.1/rook/ceph was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2628-1
Released: Tue Aug 2 12:21:23 2022
Summary: Recommended update for apparmor
Type: recommended
Severity: important
References: 1195463,1196850
This update for apparmor fixes the following issues:
- Add new rule to fix reported 'DENIED' audit records with Apparmor profile 'usr.sbin.smbd' (bsc#1196850)
- Add new rule to allow reading of openssl.cnf (bsc#1195463)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2649-1
Released: Wed Aug 3 15:06:21 2022
Summary: Security update for pcre2
Type: security
Severity: important
References: 1164384,1199235,CVE-2019-20454,CVE-2022-1587
This update for pcre2 fixes the following issues:
- CVE-2019-20454: Fixed out-of-bounds read in JIT mode when \X is used in non-UTF mode (bsc#1164384).
- CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2717-1
Released: Tue Aug 9 12:54:16 2022
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2817-1
Released: Tue Aug 16 12:03:46 2022
Summary: Security update for ceph
Type: security
Severity: important
References: 1194131,1194875,1195359,1196044,1196733,1196785,1200064,1200553,CVE-2021-3979
This update for ceph fixes the following issues:
- Update to 16.2.9-536-g41a9f9a5573:
+ (bsc#1195359, bsc#1200553) rgw: check bucket shard init status in RGWRadosBILogTrimCR
+ (bsc#1194131) ceph-volume: honour osd_dmcrypt_key_size option (CVE-2021-3979)
- Update to 16.2.9-158-gd93952c7eea:
+ cmake: check for python(\d)\.(\d+) when building boost
+ make-dist: patch boost source to support python 3.10
- Update to ceph-16.2.9-58-ge2e5cb80063:
+ (bsc#1200064, pr#480) Remove last vestiges of docker.io image paths
- Update to 16.2.9.50-g7d9f12156fb:
+ (jsc#SES-2515) High-availability NFS export
+ (bsc#1196044) cephadm: prometheus: The generatorURL in alerts is only using hostname
+ (bsc#1196785) cephadm: avoid crashing on expected non-zero exit
- Update to 16.2.7-969-g6195a460d89
+ (jsc#SES-2515) High-availability NFS export
- Update to v16.2.7-654-gd5a90ff46f0
+ (bsc#1196733) remove build directory during %clean
- Update to v16.2.7-652-gf5dc462fdb5
+ (bsc#1194875) [SES7P] include/buffer: include memory
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2831-1
Released: Wed Aug 17 14:41:07 2022
Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins
Type: security
Severity: moderate
References: 1195916,1196696,CVE-2020-29651
This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues:
- Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972)
- Remove redundant python3 dependency from Requires
- Update regular expression to fix python shebang
- Style is enforced upstream and triggers unnecessary build version requirements
- Allow specifying fs_id in cloudwatch log group name
- Includes fix for stunnel path
- Added hardening to systemd service(s).
- Raise minimal pytest version
- Fix typo in the ansi2html Requires
- Cleanup with spec-cleaner
- Make sure the tests are really executed
- Remove useless devel dependency
- Multiprocessing support in Python 3.8 was broken, but is now fixed
- Bumpy the URL to point to github rather than to docs
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2908-1
Released: Fri Aug 26 11:36:03 2022
Summary: Security update for python-lxml
Type: security
Severity: important
References: 1201253,CVE-2022-2309
This update for python-lxml fixes the following issues:
- CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2926-1
Released: Mon Aug 29 10:38:52 2022
Summary: Feature update for LibreOffice
Type: feature
Severity: moderate
References: 1041090,1183308,1192616,1195881,1196017,1196212,1196499,1197017
This feature update for LibreOffice provides the following fixes:
abseil-cpp:
- Provide abseil-cpp version 20211102.0 as LibreOffice 7.3 dependency. (jsc#SLE-23447)
- Mention already fixed issues. (fate#326485, bsc#1041090)
libcuckoo:
- Provide libcuckoo version 0.3 as LibreOffice dependency. (jsc#SLE-23447)
libixion:
- Update libixion from version 0.16.1 to version 0.17.0. (jsc#SLE-23447)
- Build with mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Build with gcc11 and gcc11-c++. (jsc#SLE-23447)
- Remove unneeded vulkan dependency
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
libreoffice:
- Update LibreOffice from version 7.2.5.1 to version 7.3.3.1. (jsc#SLE-23447, jsc#SLE-24021)
* Update bundled dependencies:
* gpgme from version 1.13.1 to version 1.16.0
* libgpg-error from version 1.37 to version 1.43
* libassuan from version 2.5.3 to version 2.5.5
* pdfium from version 4500 to version 4699
* skia from version m90-45c57e116ee0ce214bdf78405a4762722e4507d9 to version m97-a7230803d64ae9d44f4e1282444801119a3ae967
* boost from version 1_75 to version 1_77
* icu4c from version 69_1 to version 70_1
* On SUSE Linux Enterprise 15 SP3 and newer require curl-devel 7.68.0 or newer
* New build dependencies:
* abseil-cpp-devel
* libassuan0
* libcuckoo-devel
* libopenjp2
* requrire liborcus-0.17 instead of liborcus-0.16
* requrire mdds-2.0 instead of mdds-1.5
* Do not use serf-1 anymore but use curl instead.
* Other fixes:
* Extraneous/missing lines in table in Impress versus PowerPoint (bsc#1192616)
* Text with tabs appears quite different in Impress than in PowerPoint (bsc#1196212)
* Bullets appear larger and green instead of black. (bsc#1195881)
* Enable gtk3_kde5 and make it possible to use gtk3 in kde with the kde filepicker (bsc#1197017)
* Mention already fixed issues. (bsc#1183308, bsc#1196017, bsc#1196499)
liborcus:
- Update liborcus from version 0.16.1 to version 0.17.2. (jsc#SLE-23447)
- Require mdds-2_0 instead of mdds-1.5. (jsc#SLE-23447)
- Require libixion-0.17 instead of libixion-0.16. (jsc#SLE-23447)
- Build with libtool and use autotools. (jsc#SLE-23447)
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
mdds-2_0:
- Provide mdds-2_0 version 2.0.2 as LibreOffice dependency. (jsc#SLE-23447)
myspell-dictionaries:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
ucpp:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
xmlsec1:
- Provide binaries for non x86_64 architectures directly to SUSE Package Hub. (ijsc#MSC-303)
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:2972-1
Released: Thu Sep 1 11:08:16 2022
Summary: Feature update for python-kubernetes
Type: feature
Severity: moderate
References:
This feature update for python-kubernetes provides:
- Deliver python3-kubernetes to the Containers Module 15 SP4. (jsc#SLE-17904, MSC-443)
* Deliver python3-google-auth to Basesystem Module 15 SP4 as dependency of python3-kubernetes.
* Deliver python3-cachetools to Basesystem Module 15 SP4 as dependency of python3-google-auth.
- There are no visible changes for the final user.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3142-1
Released: Wed Sep 7 09:54:18 2022
Summary: Security update for icu
Type: security
Severity: moderate
References: 1193951,CVE-2020-21913
This update for icu fixes the following issues:
- CVE-2020-21913: Fixed a memory safetey issue that could lead to use
after free (bsc#1193951).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3223-1
Released: Fri Sep 9 04:33:35 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- ceph-base-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-grafana-dashboards-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mds-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-dashboard-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-modules-core-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-rook-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mgr-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-mon-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-osd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-prometheus-alerts-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-radosgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- cephadm-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- ceph-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libapparmor1-2.13.6-150300.3.15.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcephfs2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcephsqlite-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libicu-suse65_1-65.1-150200.4.5.1 updated
- libicu65_1-ledata-65.1-150200.4.5.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libpcre2-8-0-10.31-150000.3.12.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- librados2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librbd1-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- librgw2-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libxmlsec1-1-1.2.28-150100.7.11.1 updated
- libxmlsec1-openssl1-1.2.28-150100.7.11.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150200.42.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-apipkg-1.4-150000.3.2.1 updated
- python3-cachetools-4.1.0-150200.3.4.1 updated
- python3-ceph-argparse-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-ceph-common-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-cephfs-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-google-auth-1.21.2-150300.3.6.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 added
- python3-kubernetes-8.0.1-150100.3.7.1 updated
- python3-lxml-4.7.1-150200.3.10.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- python3-py-1.10.0-150000.5.9.2 updated
- python3-rados-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rbd-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- python3-rgw-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- rbd-mirror-16.2.9.536+g41a9f9a5573-150300.3.3.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-246.16-150300.7.51.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- zypper-1.14.55-150200.36.1 updated
- container:sles15-image-15.0.0-17.20.36 updated
From sle-security-updates at lists.suse.com Wed Sep 14 10:21:33 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:21:33 +0200 (CEST)
Subject: SUSE-SU-2022:3270-1: important: Security update for samba
Message-ID: <20220914102133.E3ED5FD84@maintenance.suse.de>
SUSE Security Update: Security update for samba
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3270-1
Rating: important
References: #1200102 #1202976
Cross-References: CVE-2022-1615
CVSS scores:
CVE-2022-1615 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1615 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for samba fixes the following issues:
- CVE-2022-1615: Fixed error handling in random number generation
(bso#15103)(bsc#1202976).
Bugfixes:
- Fixed use after free when iterating smbd_server_connection->connections
after tree disconnect failure (bso#15128)(bsc#1200102).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3270=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3270=1
- SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3270=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libsamba-policy-devel-4.15.8+git.473.1a1018e0a0b-3.71.2
libsamba-policy-python3-devel-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-debugsource-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-devel-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64):
samba-devel-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libsamba-policy0-python3-4.15.8+git.473.1a1018e0a0b-3.71.2
libsamba-policy0-python3-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-libs-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-libs-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-debugsource-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-ldb-ldap-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-ldb-ldap-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-python3-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-python3-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-python3-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-python3-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-tool-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-winbind-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-winbind-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-winbind-libs-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-winbind-libs-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libsamba-policy0-python3-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
libsamba-policy0-python3-debuginfo-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-debuginfo-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-libs-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-client-libs-debuginfo-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-debuginfo-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-python3-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-libs-python3-debuginfo-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-winbind-libs-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-winbind-libs-debuginfo-32bit-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise Server 12-SP5 (aarch64):
samba-devel-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise Server 12-SP5 (ppc64le):
libsamba-policy-python3-devel-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise Server 12-SP5 (noarch):
samba-doc-4.15.8+git.473.1a1018e0a0b-3.71.2
- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
ctdb-4.15.8+git.473.1a1018e0a0b-3.71.2
ctdb-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-debuginfo-4.15.8+git.473.1a1018e0a0b-3.71.2
samba-debugsource-4.15.8+git.473.1a1018e0a0b-3.71.2
References:
https://www.suse.com/security/cve/CVE-2022-1615.html
https://bugzilla.suse.com/1200102
https://bugzilla.suse.com/1202976
From sle-security-updates at lists.suse.com Wed Sep 14 10:22:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:22:23 +0200 (CEST)
Subject: SUSE-SU-2022:3266-1: important: Security update for libzapojit
Message-ID: <20220914102223.8F42CFD84@maintenance.suse.de>
SUSE Security Update: Security update for libzapojit
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3266-1
Rating: important
References: #1189844
Cross-References: CVE-2021-39360
CVSS scores:
CVE-2021-39360 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39360 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libzapojit fixes the following issues:
- CVE-2021-39360: Fixed missing guard against invalid SSL certificates
(bsc#1189844).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3266=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3266=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
libzapojit-0_0-0-0.0.3-5.3.1
libzapojit-0_0-0-debuginfo-0.0.3-5.3.1
libzapojit-debugsource-0.0.3-5.3.1
typelib-1_0-Zpj-0_0-0.0.3-5.3.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libzapojit-0_0-0-0.0.3-5.3.1
libzapojit-0_0-0-debuginfo-0.0.3-5.3.1
libzapojit-debugsource-0.0.3-5.3.1
libzapojit-devel-0.0.3-5.3.1
typelib-1_0-Zpj-0_0-0.0.3-5.3.1
References:
https://www.suse.com/security/cve/CVE-2021-39360.html
https://bugzilla.suse.com/1189844
From sle-security-updates at lists.suse.com Wed Sep 14 10:23:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:23:31 +0200 (CEST)
Subject: SUSE-SU-2022:3272-1: important: Security update for MozillaFirefox
Message-ID: <20220914102331.DA833FD84@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3272-1
Rating: important
References: #1200793 #1201758 #1202645
Cross-References: CVE-2022-2200 CVE-2022-2505 CVE-2022-34468
CVE-2022-34469 CVE-2022-34470 CVE-2022-34471
CVE-2022-34472 CVE-2022-34473 CVE-2022-34474
CVE-2022-34475 CVE-2022-34476 CVE-2022-34477
CVE-2022-34478 CVE-2022-34479 CVE-2022-34480
CVE-2022-34481 CVE-2022-34482 CVE-2022-34483
CVE-2022-34484 CVE-2022-34485 CVE-2022-36314
CVE-2022-36318 CVE-2022-36319 CVE-2022-38472
CVE-2022-38473 CVE-2022-38476 CVE-2022-38477
CVE-2022-38478
CVSS scores:
CVE-2022-2505 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-36314 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.2.0esr ESR:
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-34 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error
handling
* CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have
inherited the parent's permissions
* CVE-2022-38476 (bmo#1760998) Data race and potential use-after-free in
PK11_ChangePW
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in
Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13
Firefox Extended Support Release 102.1 ESR
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-30 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722) Mouse Position spoofing with CSS
transforms
* CVE-2022-36318 (bmo#1771774) Directory indexes for bundled resources
reflected URL parameters
* CVE-2022-36314 (bmo#1773894) Opening local .lnk
files
could cause unexpected network loads
* CVE-2022-2505 (bmo#1769739, bmo#1772824) Memory safety bugs fixed in
Firefox 103 and 102.1
- Firefox Extended Support Release 102.0.1 ESR
* Fixed: Fixed bookmark shortcut creation by dragging to Windows File
Explorer and dropping partially broken (bmo#1774683)
* Fixed: Fixed bookmarks sidebar flashing white when opened in dark mode
(bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with content in
both English and a non-Latin alphabet (bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last visible
message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is closed*
checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
Firefox 102.0 ESR:
* New:
- We now provide more secure connections: Firefox can now automatically
upgrade to HTTPS using HTTPS RR as Alt-Svc headers.
- For added viewing pleasure, full-range color levels are now supported
for video playback on many systems.
- Find it easier now! Mac users can now access the macOS share options
from the Firefox File menu.
- Voil??! Support for images containing ICC v4 profiles is enabled on
macOS.
- Firefox now supports the new AVIF image format, which is based on the
modern and royalty-free AV1 video codec. It
offers significant bandwidth savings for sites compared to existing
image formats. It also supports transparency and
other advanced features.
- Firefox PDF viewer now supports filling more forms (e.g., XFA-based
forms, used by multiple governments and banks). Learn more.
- When available system memory is critically low, Firefox on Windows
will automatically unload tabs based on their last access time, memory
usage, and other attributes. This helps to reduce Firefox
out-of-memory crashes. Forgot something? Switching to an unloaded tab
automatically reloads it.
- To prevent session loss for macOS users who are running Firefox from a
mounted .dmg file, they???ll now be prompted to finish installation.
Bear in mind, this permission prompt
only appears the first time these users run Firefox on their computer.
- For your safety, Firefox now blocks downloads that rely on insecure
connections, protecting against potentially malicious or unsafe
downloads. Learn more and see where to find downloads in Firefox.
- Improved web compatibility for privacy protections with SmartBlock
3.0: In Private Browsing and Strict Tracking Protection, Firefox goes
to great lengths to protect your web browsing activity from trackers.
As part of this, the built- in content blocking will automatically
block third-party scripts, images, and other content from being loaded
from cross-site tracking companies reported by Disconnect. Learn more.
- Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing. This feature prevents sites from
unknowingly leaking private information to trackers. Learn more.
- Introducing Firefox Suggest, a feature that provides website
suggestions as you type into the address bar. Learn more about this
faster way to navigate the web and locale- specific features.
- Firefox macOS now uses Apple's low-power mode for fullscreen video on
sites such as YouTube and Twitch. This meaningfully extends battery
life in long viewing sessions. Now your kids can find out what the fox
says on a loop without you ever missing a beat???
- With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
- On Windows, there will now be fewer interruptions because Firefox
won???t prompt you for updates. Instead, a background agent will
download and install updates even if Firefox is closed.
- On Linux, we???ve improved WebGL performance and reduced power
consumption for many users.
- To better protect all Firefox users against side-channel attacks, such
as Spectre, we introduced Site Isolation.
- Firefox no longer warns you by default when you exit the browser or
close a window using a menu, button, or three-key command. This should
cut back on unwelcome notifications, which is always nice???however,
if you prefer a bit of notice, you???ll still have full control over
the quit/close modal behavior. All warnings can be managed within
Firefox Settings. No worries! More details here.
- Firefox supports the new Snap Layouts menus when running on Windows 11.
- RLBox???a new technology that hardens Firefox against potential
security vulnerabilities in third-party libraries???is now enabled on
all platforms.
- We???ve reduced CPU usage on macOS in Firefox and WindowServer during
event processing.
- We???ve also reduced the power usage of software decoded video on
macOS, especially in fullscreen. This includes streaming sites such as
Netflix and Amazon Prime Video.
- You can now move the Picture-in-Picture toggle button to the opposite
side of the video. Simply look for the new context menu option Move
Picture-in-Picture Toggle to Left (Right) Side.
- We???ve made significant improvements in noise suppression and
auto-gain-control, as well as slight improvements in echo-cancellation
to provide you with a better overall experience.
- We???ve also significantly reduced main-thread load.
- When printing, you can now choose to print only the
odd/even pages.
- Firefox now supports and displays the new style of scrollbars on
Windows 11.
- Firefox has a new optimized download flow. Instead of prompting every
time, files will download automatically. However, they can still be
opened from the downloads panel with just one click. Easy! More
information
- Firefox no longer asks what to do for each file by default. You
won???t be prompted to choose a helper application or save to disk
before downloading a file unless you have changed your download action
setting for that type of file.
- Any files you download will be immediately saved on your disk.
Depending on the current configuration, they???ll be saved in your
preferred download folder, or you???ll be asked to select a location
for each download. Windows and Linux users will find their downloaded
files in the destination folder. They???ll no longer be put in the
Temp folder.
- Firefox allows users to choose from a number of built-in search
engines to set as their default. In this release, some users who had
previously configured a default engine might notice their default
search engine has changed since Mozilla was unable to secure formal
permission to continue including certain search engines in Firefox.
- You can now toggle Narrate in ReaderMode with the keyboard shortcut
"n."
- You can find added support for search???with or without
diacritics???in the PDF viewer.
- The Linux sandbox has been strengthened: processes exposed to web
content no longer have access to the X Window system (X11).
- Firefox now supports credit card autofill and capture in Germany,
France, and the United Kingdom.
- We now support captions/subtitles display on YouTube, Prime Video, and
Netflix videos you watch in Picture-in-Picture. Just turn on the
subtitles on the in-page video player, and they will appear in PiP.
- Picture-in-Picture now also supports video captions on websites that
use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian
Broadcasting Corporation, and many more).
- On the first run after install, Firefox detects when its language does
not match the operating system language and
offers the user a choice between the two languages.
- Firefox spell checking now checks spelling in multiple languages. To
enable additional languages, select them in the text field???s context
menu.
- HDR video is now supported in Firefox on Mac???starting with YouTube!
Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
higher-fidelity video content. No need to manually flip any
preferences to turn HDR video support
on???just make sure battery preferences are NOT set to ???optimize
video streaming while on battery???.
- Hardware-accelerated AV1 video decoding is enabled on Windows with
supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce
30). Installing the AV1 Video Extension from the Microsoft Store may
also be required.
- Video overlay is enabled on Windows for Intel GPUs, reducing power
usage during video playback.
- Improved fairness between painting and handling other events. This
noticeably improves the performance of the volume slider on Twitch.
- Scrollbars on Linux and Windows 11 won't take space by default. On
Linux, users can change this in Settings. On Windows, Firefox follows
the system setting (System Settings > Accessibility > Visual Effects >
Always show scrollbars).
- Firefox now ignores less restricted referrer policies???including
unsafe-url, no-referrer-when-downgrade, and
origin-when-cross-origin???for cross-site subresource/iframe requests
to prevent privacy leaks from the referrer.
- Reading is now easier with the prefers-contrast media query, which
allows sites to detect if the user has requested that web content is
presented with a higher (or lower) contrast.
- All non-configured MIME types can now be assigned a custom action upon
download completion.
- Firefox now allows users to use as many microphones as they want, at
the same time, during video conferencing. The most exciting benefit is
that you can easily switch your microphones at any time (if your
conferencing service provider enables this flexibility).
- Print preview has been updated.
* Fixed: Various security fixes.
- MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way
to overlay the address bar with web content
* CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537) CSP sandbox header without
`allow-scripts` can be bypassed via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880) Drag and drop of malicious image could
have led to malicious executable and potential code execution
* CVE-2022-34483 (bmo#1335845) Drag and drop of malicious image could
have led to malicious executable and potential code execution
* CVE-2022-34476 (bmo#1387919) ASN.1 parser could have been tricked into
accepting malformed ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246) Potential integer overflow
in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138) Sandboxed iframes could redirect to
external schemes
* CVE-2022-34469 (bmo#1721220) TLS certificate errors on HSTS-protected
domains could be bypassed by the user on Firefox for Android
* CVE-2022-34471 (bmo#1766047) Compromised server could trick a browser
into an addon downgrade
* CVE-2022-34472 (bmo#1770123) Unavailable PAC file resulted in OCSP
requests being blocked
* CVE-2022-34478 (bmo#1773717) Microsoft protocols can be attacked if a
user accepts a prompt
* CVE-2022-2200 (bmo#1771381) Undesired attributes could be set as part
of prototype pollution
* CVE-2022-34480 (bmo#1454072) Free of uninitialized pointer in lg_init
* CVE-2022-34477 (bmo#1731614) MediaError message property leaked
information on cross-
origin same-site pages
* CVE-2022-34475 (bmo#1757210) HTML Sanitizer could have been bypassed
via same-origin script via use tags
* CVE-2022-34473 (bmo#1770888) HTML Sanitizer could have been bypassed
via use tags
* CVE-2022-34484 (bmo#1763634, bmo#1772651) Memory safety bugs fixed in
Firefox 102 and Firefox ESR 91.11
* CVE-2022-34485 (bmo#1768409, bmo#1768578) Memory safety bugs fixed in
Firefox 102
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3272=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3272=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3272=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3272=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3272=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3272=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3272=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3272=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3272=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3272=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
- SUSE CaaS Platform 4.0 (x86_64):
MozillaFirefox-102.2.0-150000.150.56.1
MozillaFirefox-branding-SLE-102-150000.4.22.1
MozillaFirefox-debuginfo-102.2.0-150000.150.56.1
MozillaFirefox-debugsource-102.2.0-150000.150.56.1
MozillaFirefox-devel-102.2.0-150000.150.56.1
MozillaFirefox-translations-common-102.2.0-150000.150.56.1
MozillaFirefox-translations-other-102.2.0-150000.150.56.1
References:
https://www.suse.com/security/cve/CVE-2022-2200.html
https://www.suse.com/security/cve/CVE-2022-2505.html
https://www.suse.com/security/cve/CVE-2022-34468.html
https://www.suse.com/security/cve/CVE-2022-34469.html
https://www.suse.com/security/cve/CVE-2022-34470.html
https://www.suse.com/security/cve/CVE-2022-34471.html
https://www.suse.com/security/cve/CVE-2022-34472.html
https://www.suse.com/security/cve/CVE-2022-34473.html
https://www.suse.com/security/cve/CVE-2022-34474.html
https://www.suse.com/security/cve/CVE-2022-34475.html
https://www.suse.com/security/cve/CVE-2022-34476.html
https://www.suse.com/security/cve/CVE-2022-34477.html
https://www.suse.com/security/cve/CVE-2022-34478.html
https://www.suse.com/security/cve/CVE-2022-34479.html
https://www.suse.com/security/cve/CVE-2022-34480.html
https://www.suse.com/security/cve/CVE-2022-34481.html
https://www.suse.com/security/cve/CVE-2022-34482.html
https://www.suse.com/security/cve/CVE-2022-34483.html
https://www.suse.com/security/cve/CVE-2022-34484.html
https://www.suse.com/security/cve/CVE-2022-34485.html
https://www.suse.com/security/cve/CVE-2022-36314.html
https://www.suse.com/security/cve/CVE-2022-36318.html
https://www.suse.com/security/cve/CVE-2022-36319.html
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38476.html
https://www.suse.com/security/cve/CVE-2022-38477.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://bugzilla.suse.com/1200793
https://bugzilla.suse.com/1201758
https://bugzilla.suse.com/1202645
From sle-security-updates at lists.suse.com Wed Sep 14 10:24:48 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:24:48 +0200 (CEST)
Subject: SUSE-SU-2022:3269-1: important: Security update for postgresql14
Message-ID: <20220914102448.EBDDCFD84@maintenance.suse.de>
SUSE Security Update: Security update for postgresql14
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3269-1
Rating: important
References: #1198166 #1200437 #1202368
Cross-References: CVE-2022-2625
CVSS scores:
CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace
objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the
CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3269=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3269=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3269=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3269=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3269=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3269=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3269=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3269=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
- SUSE OpenStack Cloud 9 (x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
postgresql14-debugsource-14.5-3.14.7
postgresql14-debugsource-14.5-3.14.9
postgresql14-devel-14.5-3.14.9
postgresql14-devel-debuginfo-14.5-3.14.9
- SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64):
postgresql14-server-devel-14.5-3.14.9
postgresql14-server-devel-debuginfo-14.5-3.14.9
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
postgresql14-14.5-3.14.9
postgresql14-contrib-14.5-3.14.9
postgresql14-contrib-debuginfo-14.5-3.14.9
postgresql14-debuginfo-14.5-3.14.9
postgresql14-debugsource-14.5-3.14.7
postgresql14-debugsource-14.5-3.14.9
postgresql14-plperl-14.5-3.14.9
postgresql14-plperl-debuginfo-14.5-3.14.9
postgresql14-plpython-14.5-3.14.9
postgresql14-plpython-debuginfo-14.5-3.14.9
postgresql14-pltcl-14.5-3.14.9
postgresql14-pltcl-debuginfo-14.5-3.14.9
postgresql14-server-14.5-3.14.9
postgresql14-server-debuginfo-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP5 (noarch):
postgresql14-docs-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libecpg6-14.5-3.14.9
libecpg6-debuginfo-14.5-3.14.9
libpq5-14.5-3.14.9
libpq5-32bit-14.5-3.14.9
libpq5-debuginfo-14.5-3.14.9
libpq5-debuginfo-32bit-14.5-3.14.9
References:
https://www.suse.com/security/cve/CVE-2022-2625.html
https://bugzilla.suse.com/1198166
https://bugzilla.suse.com/1200437
https://bugzilla.suse.com/1202368
From sle-security-updates at lists.suse.com Wed Sep 14 10:26:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:26:30 +0200 (CEST)
Subject: SUSE-SU-2022:3264-1: important: Security update for the Linux Kernel
Message-ID: <20220914102630.47A4DFD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3264-1
Rating: important
References: #1023051 #1065729 #1156395 #1179722 #1179723
#1181862 #1191662 #1191667 #1191881 #1192594
#1192968 #1194272 #1194535 #1197158 #1197755
#1197756 #1197757 #1197760 #1197763 #1197920
#1198971 #1199291 #1200431 #1200845 #1200868
#1200869 #1200870 #1200871 #1200872 #1200873
#1201019 #1201420 #1201610 #1201705 #1201726
#1201948 #1202096 #1202097 #1202346 #1202347
#1202393 #1202396 #1202447 #1202564 #1202577
#1202636 #1202672 #1202701 #1202708 #1202709
#1202710 #1202711 #1202712 #1202713 #1202714
#1202715 #1202716 #1202717 #1202718 #1202720
#1202722 #1202745 #1202756 #1202810 #1202811
#1202860 #1202895 #1202898 #1203063 #1203098
#1203107 #1203116 #1203117 #1203135 #1203136
#1203137 SLE-24635
Cross-References: CVE-2016-3695 CVE-2020-27784 CVE-2021-4155
CVE-2021-4203 CVE-2022-20368 CVE-2022-20369
CVE-2022-2588 CVE-2022-26373 CVE-2022-2663
CVE-2022-2905 CVE-2022-2977 CVE-2022-3028
CVE-2022-36879 CVE-2022-39188 CVE-2022-39190
CVSS scores:
CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Legacy Software 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves 15 vulnerabilities, contains one
feature and has 61 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP3 kernel was updated receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in
net/netfilter/nf_tables_api.c and could cause a denial of service upon
binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way
XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()
printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
(git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
(git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
(git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise
(git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine
(git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP
machines (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
(git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header
(git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link()
(git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without
DYNAMIC_FTRACE (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
(git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
(git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
(git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
(bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant
(bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled
(git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
(git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
(git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected
(git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag
(git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error
(git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces
(bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg()
(bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- SUNRPC reverting d03727b248d0 ("NFSv4 fix CLOSE not waiting for direct
IO compeletion") (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291,
jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC
(bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device()
(bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291,
jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams
(bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines
(bsc#1199291, jsc#SLE-24635).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not
available (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights()
(bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights()
(bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: m_can: process interrupt only when not runtime suspended
(git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
(git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY
(git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral
(git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations()
error (git-fixes).
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
(git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
(git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read()
(git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks
(bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no
sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped
pages (bsc#1200873).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info
(bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities
(git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
(git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
(git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- kabi/severities: add stmmac driver local sumbols
- kbuild: do not create built-in objects for external module builds
(jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862
git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc()
(git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- list: add "list_del_init_careful()" to go with "list_empty_careful()"
(bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class
(git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE
(bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols
(git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
(git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
(git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in
'jazz_sonic_probe()' (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel
(git-fixes).
- net: dsa: b53: fix an off by one in checking "vlan->vid" (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources
(git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory
(git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is
running (git-fixes).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in
ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition
(git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send
(git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods
(git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nvme: fix RCU hole that allowed for endless looping in multipath round
robin (bsc#1202636).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10
(git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
(git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for
PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- profiling: fix shift too large makes kernel panic (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness()
(git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr
(bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied
(git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE
(git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594
LTC#197522).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT
discovery (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and
tegra30 (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions
(git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit
engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation
(git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
(git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP
receptacles (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
(git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
(git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
armada_37xx_wdt_probe() (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand side'
(git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors
(git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode
(git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3264=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3264=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3264=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3264=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3264=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise Module for Legacy Software 15-SP3:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-3264=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3264=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3264=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3264=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3264=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3264=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
kernel-default-5.3.18-150300.59.93.1
kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
- openSUSE Leap 15.4 (aarch64):
dtb-al-5.3.18-150300.59.93.1
dtb-zte-5.3.18-150300.59.93.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.93.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.93.1
dlm-kmp-default-5.3.18-150300.59.93.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.93.1
gfs2-kmp-default-5.3.18-150300.59.93.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-5.3.18-150300.59.93.1
kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
kernel-default-base-rebuild-5.3.18-150300.59.93.1.150300.18.54.1
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
kernel-default-devel-5.3.18-150300.59.93.1
kernel-default-devel-debuginfo-5.3.18-150300.59.93.1
kernel-default-extra-5.3.18-150300.59.93.1
kernel-default-extra-debuginfo-5.3.18-150300.59.93.1
kernel-default-livepatch-5.3.18-150300.59.93.1
kernel-default-livepatch-devel-5.3.18-150300.59.93.1
kernel-default-optional-5.3.18-150300.59.93.1
kernel-default-optional-debuginfo-5.3.18-150300.59.93.1
kernel-obs-build-5.3.18-150300.59.93.1
kernel-obs-build-debugsource-5.3.18-150300.59.93.1
kernel-obs-qa-5.3.18-150300.59.93.1
kernel-syms-5.3.18-150300.59.93.1
kselftests-kmp-default-5.3.18-150300.59.93.1
kselftests-kmp-default-debuginfo-5.3.18-150300.59.93.1
ocfs2-kmp-default-5.3.18-150300.59.93.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
reiserfs-kmp-default-5.3.18-150300.59.93.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.93.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-5.3.18-150300.59.93.1
kernel-debug-debuginfo-5.3.18-150300.59.93.1
kernel-debug-debugsource-5.3.18-150300.59.93.1
kernel-debug-devel-5.3.18-150300.59.93.1
kernel-debug-devel-debuginfo-5.3.18-150300.59.93.1
kernel-debug-livepatch-devel-5.3.18-150300.59.93.1
kernel-kvmsmall-5.3.18-150300.59.93.1
kernel-kvmsmall-debuginfo-5.3.18-150300.59.93.1
kernel-kvmsmall-debugsource-5.3.18-150300.59.93.1
kernel-kvmsmall-devel-5.3.18-150300.59.93.1
kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.93.1
kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.93.1
- openSUSE Leap 15.3 (aarch64 x86_64):
cluster-md-kmp-preempt-5.3.18-150300.59.93.1
cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
dlm-kmp-preempt-5.3.18-150300.59.93.1
dlm-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
gfs2-kmp-preempt-5.3.18-150300.59.93.1
gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-5.3.18-150300.59.93.1
kernel-preempt-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-debugsource-5.3.18-150300.59.93.1
kernel-preempt-devel-5.3.18-150300.59.93.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-extra-5.3.18-150300.59.93.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-livepatch-devel-5.3.18-150300.59.93.1
kernel-preempt-optional-5.3.18-150300.59.93.1
kernel-preempt-optional-debuginfo-5.3.18-150300.59.93.1
kselftests-kmp-preempt-5.3.18-150300.59.93.1
kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
ocfs2-kmp-preempt-5.3.18-150300.59.93.1
ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
reiserfs-kmp-preempt-5.3.18-150300.59.93.1
reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.93.1
- openSUSE Leap 15.3 (aarch64):
cluster-md-kmp-64kb-5.3.18-150300.59.93.1
cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
dlm-kmp-64kb-5.3.18-150300.59.93.1
dlm-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
dtb-al-5.3.18-150300.59.93.1
dtb-allwinner-5.3.18-150300.59.93.1
dtb-altera-5.3.18-150300.59.93.1
dtb-amd-5.3.18-150300.59.93.1
dtb-amlogic-5.3.18-150300.59.93.1
dtb-apm-5.3.18-150300.59.93.1
dtb-arm-5.3.18-150300.59.93.1
dtb-broadcom-5.3.18-150300.59.93.1
dtb-cavium-5.3.18-150300.59.93.1
dtb-exynos-5.3.18-150300.59.93.1
dtb-freescale-5.3.18-150300.59.93.1
dtb-hisilicon-5.3.18-150300.59.93.1
dtb-lg-5.3.18-150300.59.93.1
dtb-marvell-5.3.18-150300.59.93.1
dtb-mediatek-5.3.18-150300.59.93.1
dtb-nvidia-5.3.18-150300.59.93.1
dtb-qcom-5.3.18-150300.59.93.1
dtb-renesas-5.3.18-150300.59.93.1
dtb-rockchip-5.3.18-150300.59.93.1
dtb-socionext-5.3.18-150300.59.93.1
dtb-sprd-5.3.18-150300.59.93.1
dtb-xilinx-5.3.18-150300.59.93.1
dtb-zte-5.3.18-150300.59.93.1
gfs2-kmp-64kb-5.3.18-150300.59.93.1
gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
kernel-64kb-5.3.18-150300.59.93.1
kernel-64kb-debuginfo-5.3.18-150300.59.93.1
kernel-64kb-debugsource-5.3.18-150300.59.93.1
kernel-64kb-devel-5.3.18-150300.59.93.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.93.1
kernel-64kb-extra-5.3.18-150300.59.93.1
kernel-64kb-extra-debuginfo-5.3.18-150300.59.93.1
kernel-64kb-livepatch-devel-5.3.18-150300.59.93.1
kernel-64kb-optional-5.3.18-150300.59.93.1
kernel-64kb-optional-debuginfo-5.3.18-150300.59.93.1
kselftests-kmp-64kb-5.3.18-150300.59.93.1
kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
ocfs2-kmp-64kb-5.3.18-150300.59.93.1
ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
reiserfs-kmp-64kb-5.3.18-150300.59.93.1
reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.93.1
- openSUSE Leap 15.3 (noarch):
kernel-devel-5.3.18-150300.59.93.1
kernel-docs-5.3.18-150300.59.93.1
kernel-docs-html-5.3.18-150300.59.93.1
kernel-macros-5.3.18-150300.59.93.1
kernel-source-5.3.18-150300.59.93.1
kernel-source-vanilla-5.3.18-150300.59.93.1
- openSUSE Leap 15.3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.93.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.93.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
kernel-default-extra-5.3.18-150300.59.93.1
kernel-default-extra-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-debugsource-5.3.18-150300.59.93.1
kernel-preempt-extra-5.3.18-150300.59.93.1
kernel-preempt-extra-debuginfo-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
kernel-default-livepatch-5.3.18-150300.59.93.1
kernel-default-livepatch-devel-5.3.18-150300.59.93.1
kernel-livepatch-5_3_18-150300_59_93-default-1-150300.7.3.1
- SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
reiserfs-kmp-default-5.3.18-150300.59.93.1
reiserfs-kmp-default-debuginfo-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.3.18-150300.59.93.1
kernel-obs-build-debugsource-5.3.18-150300.59.93.1
kernel-syms-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
kernel-preempt-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-debugsource-5.3.18-150300.59.93.1
kernel-preempt-devel-5.3.18-150300.59.93.1
kernel-preempt-devel-debuginfo-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
kernel-docs-5.3.18-150300.59.93.1
kernel-source-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150300.59.93.1
kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
kernel-default-devel-5.3.18-150300.59.93.1
kernel-default-devel-debuginfo-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64):
kernel-preempt-5.3.18-150300.59.93.1
kernel-preempt-debuginfo-5.3.18-150300.59.93.1
kernel-preempt-debugsource-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64):
kernel-64kb-5.3.18-150300.59.93.1
kernel-64kb-debuginfo-5.3.18-150300.59.93.1
kernel-64kb-debugsource-5.3.18-150300.59.93.1
kernel-64kb-devel-5.3.18-150300.59.93.1
kernel-64kb-devel-debuginfo-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
kernel-devel-5.3.18-150300.59.93.1
kernel-macros-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x):
kernel-zfcpdump-5.3.18-150300.59.93.1
kernel-zfcpdump-debuginfo-5.3.18-150300.59.93.1
kernel-zfcpdump-debugsource-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.93.1
kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
kernel-default-5.3.18-150300.59.93.1
kernel-default-base-5.3.18-150300.59.93.1.150300.18.54.1
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150300.59.93.1
cluster-md-kmp-default-debuginfo-5.3.18-150300.59.93.1
dlm-kmp-default-5.3.18-150300.59.93.1
dlm-kmp-default-debuginfo-5.3.18-150300.59.93.1
gfs2-kmp-default-5.3.18-150300.59.93.1
gfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debuginfo-5.3.18-150300.59.93.1
kernel-default-debugsource-5.3.18-150300.59.93.1
ocfs2-kmp-default-5.3.18-150300.59.93.1
ocfs2-kmp-default-debuginfo-5.3.18-150300.59.93.1
References:
https://www.suse.com/security/cve/CVE-2016-3695.html
https://www.suse.com/security/cve/CVE-2020-27784.html
https://www.suse.com/security/cve/CVE-2021-4155.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2905.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://www.suse.com/security/cve/CVE-2022-39190.html
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1179722
https://bugzilla.suse.com/1179723
https://bugzilla.suse.com/1181862
https://bugzilla.suse.com/1191662
https://bugzilla.suse.com/1191667
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1192594
https://bugzilla.suse.com/1192968
https://bugzilla.suse.com/1194272
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1197755
https://bugzilla.suse.com/1197756
https://bugzilla.suse.com/1197757
https://bugzilla.suse.com/1197760
https://bugzilla.suse.com/1197763
https://bugzilla.suse.com/1197920
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1199291
https://bugzilla.suse.com/1200431
https://bugzilla.suse.com/1200845
https://bugzilla.suse.com/1200868
https://bugzilla.suse.com/1200869
https://bugzilla.suse.com/1200870
https://bugzilla.suse.com/1200871
https://bugzilla.suse.com/1200872
https://bugzilla.suse.com/1200873
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202447
https://bugzilla.suse.com/1202564
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202636
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202701
https://bugzilla.suse.com/1202708
https://bugzilla.suse.com/1202709
https://bugzilla.suse.com/1202710
https://bugzilla.suse.com/1202711
https://bugzilla.suse.com/1202712
https://bugzilla.suse.com/1202713
https://bugzilla.suse.com/1202714
https://bugzilla.suse.com/1202715
https://bugzilla.suse.com/1202716
https://bugzilla.suse.com/1202717
https://bugzilla.suse.com/1202718
https://bugzilla.suse.com/1202720
https://bugzilla.suse.com/1202722
https://bugzilla.suse.com/1202745
https://bugzilla.suse.com/1202756
https://bugzilla.suse.com/1202810
https://bugzilla.suse.com/1202811
https://bugzilla.suse.com/1202860
https://bugzilla.suse.com/1202895
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203063
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203116
https://bugzilla.suse.com/1203117
https://bugzilla.suse.com/1203135
https://bugzilla.suse.com/1203136
https://bugzilla.suse.com/1203137
From sle-security-updates at lists.suse.com Wed Sep 14 10:33:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:33:46 +0200 (CEST)
Subject: SUSE-SU-2022:3273-1: important: Security update for MozillaFirefox
Message-ID: <20220914103346.A7610FD84@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3273-1
Rating: important
References: #1200793 #1201758 #1202645
Cross-References: CVE-2022-2200 CVE-2022-2505 CVE-2022-34468
CVE-2022-34469 CVE-2022-34470 CVE-2022-34471
CVE-2022-34472 CVE-2022-34473 CVE-2022-34474
CVE-2022-34475 CVE-2022-34476 CVE-2022-34477
CVE-2022-34478 CVE-2022-34479 CVE-2022-34480
CVE-2022-34481 CVE-2022-34482 CVE-2022-34483
CVE-2022-34484 CVE-2022-34485 CVE-2022-36314
CVE-2022-36318 CVE-2022-36319 CVE-2022-38472
CVE-2022-38473 CVE-2022-38476 CVE-2022-38477
CVE-2022-38478
CVSS scores:
CVE-2022-2505 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-36314 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes 28 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.2.0esr ESR:
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-34 (bsc#1202645)
* CVE-2022-38472 (bmo#1769155) Address bar spoofing via XSLT error
handling
* CVE-2022-38473 (bmo#1771685) Cross-origin XSLT Documents would have
inherited the parent's permissions
* CVE-2022-38476 (bmo#1760998) Data race and potential use-after-free in
PK11_ChangePW
* CVE-2022-38477 (bmo#1760611, bmo#1770219, bmo#1771159, bmo#1773363)
Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2
* CVE-2022-38478 (bmo#1770630, bmo#1776658) Memory safety bugs fixed in
Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13
Firefox Extended Support Release 102.1 ESR
* Fixed: Various stability, functionality, and security fixes.
- MFSA 2022-30 (bsc#1201758)
* CVE-2022-36319 (bmo#1737722) Mouse Position spoofing with CSS
transforms
* CVE-2022-36318 (bmo#1771774) Directory indexes for bundled resources
reflected URL parameters
* CVE-2022-36314 (bmo#1773894) Opening local .lnk
files
could cause unexpected network loads
* CVE-2022-2505 (bmo#1769739, bmo#1772824) Memory safety bugs fixed in
Firefox 103 and 102.1
- Firefox Extended Support Release 102.0.1 ESR
* Fixed: Fixed bookmark shortcut creation by dragging to Windows File
Explorer and dropping partially broken (bmo#1774683)
* Fixed: Fixed bookmarks sidebar flashing white when opened in dark mode
(bmo#1776157)
* Fixed: Fixed multilingual spell checking not working with content in
both English and a non-Latin alphabet (bmo#1773802)
* Fixed: Developer tools: Fixed an issue where the console
output keep getting scrolled to the bottom when the last visible
message is an evaluation result (bmo#1776262)
* Fixed: Fixed *Delete cookies and site data when Firefox is closed*
checkbox getting disabled on startup (bmo#1777419)
* Fixed: Various stability fixes
Firefox 102.0 ESR:
* New:
- We now provide more secure connections: Firefox can now automatically
upgrade to HTTPS using HTTPS RR as Alt-Svc headers.
- For added viewing pleasure, full-range color levels are now supported
for video playback on many systems.
- Find it easier now! Mac users can now access the macOS share options
from the Firefox File menu.
- Voil??! Support for images containing ICC v4 profiles is enabled on
macOS.
- Firefox now supports the new AVIF image format, which is based on the
modern and royalty-free AV1 video codec. It
offers significant bandwidth savings for sites compared to existing
image formats. It also supports transparency and
other advanced features.
- Firefox PDF viewer now supports filling more forms (e.g., XFA-based
forms, used by multiple governments and banks). Learn more.
- When available system memory is critically low, Firefox on Windows
will automatically unload tabs based on their last access time, memory
usage, and other attributes. This helps to reduce Firefox
out-of-memory crashes. Forgot something? Switching to an unloaded tab
automatically reloads it.
- To prevent session loss for macOS users who are running Firefox from a
mounted .dmg file, they???ll now be prompted to finish installation.
Bear in mind, this permission prompt
only appears the first time these users run Firefox on their computer.
- For your safety, Firefox now blocks downloads that rely on insecure
connections, protecting against potentially malicious or unsafe
downloads. Learn more and see where to find downloads in Firefox.
- Improved web compatibility for privacy protections with SmartBlock
3.0: In Private Browsing and Strict Tracking Protection, Firefox goes
to great lengths to protect your web browsing activity from trackers.
As part of this, the built- in content blocking will automatically
block third-party scripts, images, and other content from being loaded
from cross-site tracking companies reported by Disconnect. Learn more.
- Introducing a new referrer tracking protection in Strict Tracking
Protection and Private Browsing. This feature prevents sites from
unknowingly leaking private information to trackers. Learn more.
- Introducing Firefox Suggest, a feature that provides website
suggestions as you type into the address bar. Learn more about this
faster way to navigate the web and locale- specific features.
- Firefox macOS now uses Apple's low-power mode for fullscreen video on
sites such as YouTube and Twitch. This meaningfully extends battery
life in long viewing sessions. Now your kids can find out what the fox
says on a loop without you ever missing a beat???
- With this release, power users can use about:unloads to release system
resources by manually unloading tabs without closing them.
- On Windows, there will now be fewer interruptions because Firefox
won???t prompt you for updates. Instead, a background agent will
download and install updates even if Firefox is closed.
- On Linux, we???ve improved WebGL performance and reduced power
consumption for many users.
- To better protect all Firefox users against side-channel attacks, such
as Spectre, we introduced Site Isolation.
- Firefox no longer warns you by default when you exit the browser or
close a window using a menu, button, or three-key command. This should
cut back on unwelcome notifications, which is always nice???however,
if you prefer a bit of notice, you???ll still have full control over
the quit/close modal behavior. All warnings can be managed within
Firefox Settings. No worries! More details here.
- Firefox supports the new Snap Layouts menus when running on Windows 11.
- RLBox???a new technology that hardens Firefox against potential
security vulnerabilities in third-party libraries???is now enabled on
all platforms.
- We???ve reduced CPU usage on macOS in Firefox and WindowServer during
event processing.
- We???ve also reduced the power usage of software decoded video on
macOS, especially in fullscreen. This includes streaming sites such as
Netflix and Amazon Prime Video.
- You can now move the Picture-in-Picture toggle button to the opposite
side of the video. Simply look for the new context menu option Move
Picture-in-Picture Toggle to Left (Right) Side.
- We???ve made significant improvements in noise suppression and
auto-gain-control, as well as slight improvements in echo-cancellation
to provide you with a better overall experience.
- We???ve also significantly reduced main-thread load.
- When printing, you can now choose to print only the
odd/even pages.
- Firefox now supports and displays the new style of scrollbars on
Windows 11.
- Firefox has a new optimized download flow. Instead of prompting every
time, files will download automatically. However, they can still be
opened from the downloads panel with just one click. Easy! More
information
- Firefox no longer asks what to do for each file by default. You
won???t be prompted to choose a helper application or save to disk
before downloading a file unless you have changed your download action
setting for that type of file.
- Any files you download will be immediately saved on your disk.
Depending on the current configuration, they???ll be saved in your
preferred download folder, or you???ll be asked to select a location
for each download. Windows and Linux users will find their downloaded
files in the destination folder. They???ll no longer be put in the
Temp folder.
- Firefox allows users to choose from a number of built-in search
engines to set as their default. In this release, some users who had
previously configured a default engine might notice their default
search engine has changed since Mozilla was unable to secure formal
permission to continue including certain search engines in Firefox.
- You can now toggle Narrate in ReaderMode with the keyboard shortcut
"n."
- You can find added support for search???with or without
diacritics???in the PDF viewer.
- The Linux sandbox has been strengthened: processes exposed to web
content no longer have access to the X Window system (X11).
- Firefox now supports credit card autofill and capture in Germany,
France, and the United Kingdom.
- We now support captions/subtitles display on YouTube, Prime Video, and
Netflix videos you watch in Picture-in-Picture. Just turn on the
subtitles on the in-page video player, and they will appear in PiP.
- Picture-in-Picture now also supports video captions on websites that
use Web Video Text Track (WebVTT) format (e.g., Coursera.org, Canadian
Broadcasting Corporation, and many more).
- On the first run after install, Firefox detects when its language does
not match the operating system language and
offers the user a choice between the two languages.
- Firefox spell checking now checks spelling in multiple languages. To
enable additional languages, select them in the text field???s context
menu.
- HDR video is now supported in Firefox on Mac???starting with YouTube!
Firefox users on macOS 11+ (with HDR-compatible screens) can enjoy
higher-fidelity video content. No need to manually flip any
preferences to turn HDR video support
on???just make sure battery preferences are NOT set to ???optimize
video streaming while on battery???.
- Hardware-accelerated AV1 video decoding is enabled on Windows with
supported GPUs (Intel Gen 11+, AMD RDNA 2 Excluding Navi 24, GeForce
30). Installing the AV1 Video Extension from the Microsoft Store may
also be required.
- Video overlay is enabled on Windows for Intel GPUs, reducing power
usage during video playback.
- Improved fairness between painting and handling other events. This
noticeably improves the performance of the volume slider on Twitch.
- Scrollbars on Linux and Windows 11 won't take space by default. On
Linux, users can change this in Settings. On Windows, Firefox follows
the system setting (System Settings > Accessibility > Visual Effects >
Always show scrollbars).
- Firefox now ignores less restricted referrer policies???including
unsafe-url, no-referrer-when-downgrade, and
origin-when-cross-origin???for cross-site subresource/iframe requests
to prevent privacy leaks from the referrer.
- Reading is now easier with the prefers-contrast media query, which
allows sites to detect if the user has requested that web content is
presented with a higher (or lower) contrast.
- All non-configured MIME types can now be assigned a custom action upon
download completion.
- Firefox now allows users to use as many microphones as they want, at
the same time, during video conferencing. The most exciting benefit is
that you can easily switch your microphones at any time (if your
conferencing service provider enables this flexibility).
- Print preview has been updated.
* Fixed: Various security fixes.
- MFSA 2022-24 (bsc#1200793)
* CVE-2022-34479 (bmo#1745595) A popup window could be resized in a way
to overlay the address bar with web content
* CVE-2022-34470 (bmo#1765951) Use-after-free in nsSHistory
* CVE-2022-34468 (bmo#1768537) CSP sandbox header without
`allow-scripts` can be bypassed via retargeted javascript: URI
* CVE-2022-34482 (bmo#845880) Drag and drop of malicious image could
have led to malicious executable and potential code execution
* CVE-2022-34483 (bmo#1335845) Drag and drop of malicious image could
have led to malicious executable and potential code execution
* CVE-2022-34476 (bmo#1387919) ASN.1 parser could have been tricked into
accepting malformed ASN.1
* CVE-2022-34481 (bmo#1483699, bmo#1497246) Potential integer overflow
in ReplaceElementsAt
* CVE-2022-34474 (bmo#1677138) Sandboxed iframes could redirect to
external schemes
* CVE-2022-34469 (bmo#1721220) TLS certificate errors on HSTS-protected
domains could be bypassed by the user on Firefox for Android
* CVE-2022-34471 (bmo#1766047) Compromised server could trick a browser
into an addon downgrade
* CVE-2022-34472 (bmo#1770123) Unavailable PAC file resulted in OCSP
requests being blocked
* CVE-2022-34478 (bmo#1773717) Microsoft protocols can be attacked if a
user accepts a prompt
* CVE-2022-2200 (bmo#1771381) Undesired attributes could be set as part
of prototype pollution
* CVE-2022-34480 (bmo#1454072) Free of uninitialized pointer in lg_init
* CVE-2022-34477 (bmo#1731614) MediaError message property leaked
information on cross-
origin same-site pages
* CVE-2022-34475 (bmo#1757210) HTML Sanitizer could have been bypassed
via same-origin script via use tags
* CVE-2022-34473 (bmo#1770888) HTML Sanitizer could have been bypassed
via use tags
* CVE-2022-34484 (bmo#1763634, bmo#1772651) Memory safety bugs fixed in
Firefox 102 and Firefox ESR 91.11
* CVE-2022-34485 (bmo#1768409, bmo#1768578) Memory safety bugs fixed in
Firefox 102
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3273=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3273=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3273=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3273=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3273=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3273=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3273=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3273=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
- SUSE OpenStack Cloud 9 (x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
MozillaFirefox-102.2.0-112.130.1
MozillaFirefox-branding-SLE-102-35.9.1
MozillaFirefox-debuginfo-102.2.0-112.130.1
MozillaFirefox-debugsource-102.2.0-112.130.1
MozillaFirefox-devel-102.2.0-112.130.1
MozillaFirefox-translations-common-102.2.0-112.130.1
References:
https://www.suse.com/security/cve/CVE-2022-2200.html
https://www.suse.com/security/cve/CVE-2022-2505.html
https://www.suse.com/security/cve/CVE-2022-34468.html
https://www.suse.com/security/cve/CVE-2022-34469.html
https://www.suse.com/security/cve/CVE-2022-34470.html
https://www.suse.com/security/cve/CVE-2022-34471.html
https://www.suse.com/security/cve/CVE-2022-34472.html
https://www.suse.com/security/cve/CVE-2022-34473.html
https://www.suse.com/security/cve/CVE-2022-34474.html
https://www.suse.com/security/cve/CVE-2022-34475.html
https://www.suse.com/security/cve/CVE-2022-34476.html
https://www.suse.com/security/cve/CVE-2022-34477.html
https://www.suse.com/security/cve/CVE-2022-34478.html
https://www.suse.com/security/cve/CVE-2022-34479.html
https://www.suse.com/security/cve/CVE-2022-34480.html
https://www.suse.com/security/cve/CVE-2022-34481.html
https://www.suse.com/security/cve/CVE-2022-34482.html
https://www.suse.com/security/cve/CVE-2022-34483.html
https://www.suse.com/security/cve/CVE-2022-34484.html
https://www.suse.com/security/cve/CVE-2022-34485.html
https://www.suse.com/security/cve/CVE-2022-36314.html
https://www.suse.com/security/cve/CVE-2022-36318.html
https://www.suse.com/security/cve/CVE-2022-36319.html
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38476.html
https://www.suse.com/security/cve/CVE-2022-38477.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://bugzilla.suse.com/1200793
https://bugzilla.suse.com/1201758
https://bugzilla.suse.com/1202645
From sle-security-updates at lists.suse.com Wed Sep 14 10:35:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:35:12 +0200 (CEST)
Subject: SUSE-SU-2022:3265-1: important: Security update for the Linux Kernel
Message-ID: <20220914103512.EC7FDFD99@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3265-1
Rating: important
References: #1054914 #1065729 #1078216 #1093777 #1094120
#1107937 #1120716 #1141488 #1179310 #1181862
#1189904 #1190397 #1191881 #1194535 #1196616
#1197158 #1198388 #1199617 #1199665 #1201019
#1201264 #1201420 #1201442 #1201610 #1201705
#1201726 #1201948 #1202017 #1202096 #1202154
#1202346 #1202347 #1202393 #1202396 #1202528
#1202577 #1202672 #1202830 #1202897 #1202898
#1203013 #1203098 #1203126
Cross-References: CVE-2020-36516 CVE-2021-4203 CVE-2022-20368
CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
CVE-2022-26373 CVE-2022-2639 CVE-2022-29581
CVE-2022-2977 CVE-2022-3028 CVE-2022-36879
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise High Availability 12-SP5
SUSE Linux Enterprise High Performance Computing 12-SP5
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 31 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-29581: Fixed improper update of reference count vulnerability
in net/sched that allowed a local attacker to cause privilege escalation
to root (bnc#1199665).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed possible out of bounds write due to improper input
validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
The following non-security bugs were fixed:
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- Fix releasing of old bundles in xfrm_bundle_lookup() (bsc#1201264
bsc#1190397 bsc#1199617).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- README, patch-tag-template, header.py: Abolish Novell and FATE
(bsc#1189904).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint
(git-fixes).
- bs-upload-kernel: Workaround for vim syntax highlighting
- bs-upload-kernel: build klp_symbols when supported. cherry-picked from
kbuild
- btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
- btrfs: add a trace class for dumping the current ENOSPC state
(bsc#1202528).
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- btrfs: do not do preemptive flushing if the majority is global rsv
(bsc#1202528).
- btrfs: do not include the global rsv size in the preemptive used amount
(bsc#1202528).
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- btrfs: handle preemptive delalloc flushing slightly differently
(bsc#1202528).
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- btrfs: improve preemptive background space flushing (bsc#1202528).
- btrfs: include delalloc related info in dump space info tracepoint
(bsc#1202528).
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- btrfs: make flush_space take a enum btrfs_flush_state instead of int
(bsc#1202528).
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered
(bsc#1202528).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
- btrfs: rip out may_commit_transaction (bsc#1202528).
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets
(bsc#1202528).
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- btrfs: take into account global rsv in need_preemptive_reclaim
(bsc#1202528).
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc
(bsc#1202528).
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt
(bsc#1202528).
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking
(bsc#1202528).
- btrfs: use the global rsv size in the preemptive thresh calculation
(bsc#1202528).
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- ceph: do not truncate file in atomic_open (bsc#1202830).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (git-fixes).
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- fuse: limit nsec (bsc#1203126).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- kabi/severities: add mlx5 internal symbols
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- md-raid: destroy the bitmap after destroying the thread (git-fixes).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mvpp2: fix panic on module removal (git-fixes).
- mvpp2: refactor the HW checksum setup (git-fixes).
- net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
- net/mlx5: Fix auto group size calculation (git-fixes).
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- net/mlx5e: Use the inner headers to determine tc/pedit offload
limitation on decap flows (git-fixes).
- net: dsa: mt7530: Change the LINK bit to reflect the link status
(git-fixes).
- net: emaclite: Simplify if-else statements (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls
(git-fixes).
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
(git-fixes).
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- net: ll_temac: Fix support for little-endian platforms (git-fixes).
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- net: usb: lan78xx: Connect PHY before registering MAC (git-fixes).
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop
profiles (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- pNFS: Do not keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- phy: tegra: fix device-tree node lookups (git-fixes).
- powerpc/perf: Add privileged access check for thread_imc (bsc#1054914,
git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
(bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914,
git-fixes).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: Use darn instruction for get_random_seed() on Power9
(bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914,
git-fixes).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- run_oldconfig.sh: Only use dummy tools if they exist (bcs#1181862).
- scripts/run_oldconfig.sh: Make dumy-tools executable (bcs#1181862).
- scripts/run_oldconfig.sh: make use of scripts/dummy-tools (bcs#1181862).
- scripts/run_oldconfig.sh: use pahole from dummy-tools if available
(bsc#1198388).
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- sequence-patch: just exist if there is no config.sh
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- squashfs: add more sanity checks in id lookup (git-fixes).
- squashfs: add more sanity checks in inode lookup (git-fixes).
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1203013).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
(git-fixes).
- tracing/perf: Use strndup_user() instead of buggy open-coded version
(git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename
(git-fixes).
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: always free inline data before resetting inode fork during ifree
(bsc#1202017).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
- xprtrdma: Fix trace point use-after-free race (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3265=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3265=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3265=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3265=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Availability 12-SP5:
zypper in -t patch SUSE-SLE-HA-12-SP5-2022-3265=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
kernel-default-debuginfo-4.12.14-122.133.1
kernel-default-debugsource-4.12.14-122.133.1
kernel-default-extra-4.12.14-122.133.1
kernel-default-extra-debuginfo-4.12.14-122.133.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-4.12.14-122.133.1
kernel-obs-build-debugsource-4.12.14-122.133.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch):
kernel-docs-4.12.14-122.133.2
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-122.133.1
kernel-default-base-4.12.14-122.133.1
kernel-default-base-debuginfo-4.12.14-122.133.1
kernel-default-debuginfo-4.12.14-122.133.1
kernel-default-debugsource-4.12.14-122.133.1
kernel-default-devel-4.12.14-122.133.1
kernel-syms-4.12.14-122.133.1
- SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-4.12.14-122.133.1
kernel-macros-4.12.14-122.133.1
kernel-source-4.12.14-122.133.1
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-default-devel-debuginfo-4.12.14-122.133.1
- SUSE Linux Enterprise Server 12-SP5 (s390x):
kernel-default-man-4.12.14-122.133.1
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kernel-default-debuginfo-4.12.14-122.133.1
kernel-default-debugsource-4.12.14-122.133.1
kernel-default-kgraft-4.12.14-122.133.1
kernel-default-kgraft-devel-4.12.14-122.133.1
kgraft-patch-4_12_14-122_133-default-1-8.3.1
- SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-122.133.1
cluster-md-kmp-default-debuginfo-4.12.14-122.133.1
dlm-kmp-default-4.12.14-122.133.1
dlm-kmp-default-debuginfo-4.12.14-122.133.1
gfs2-kmp-default-4.12.14-122.133.1
gfs2-kmp-default-debuginfo-4.12.14-122.133.1
kernel-default-debuginfo-4.12.14-122.133.1
kernel-default-debugsource-4.12.14-122.133.1
ocfs2-kmp-default-4.12.14-122.133.1
ocfs2-kmp-default-debuginfo-4.12.14-122.133.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://bugzilla.suse.com/1054914
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1078216
https://bugzilla.suse.com/1093777
https://bugzilla.suse.com/1094120
https://bugzilla.suse.com/1107937
https://bugzilla.suse.com/1120716
https://bugzilla.suse.com/1141488
https://bugzilla.suse.com/1179310
https://bugzilla.suse.com/1181862
https://bugzilla.suse.com/1189904
https://bugzilla.suse.com/1190397
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1198388
https://bugzilla.suse.com/1199617
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201264
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202017
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202528
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202830
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203013
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203126
From sle-security-updates at lists.suse.com Wed Sep 14 10:39:29 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:39:29 +0200 (CEST)
Subject: SUSE-SU-2022:3267-1: important: Security update for libzapojit
Message-ID: <20220914103929.0F06AFD99@maintenance.suse.de>
SUSE Security Update: Security update for libzapojit
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3267-1
Rating: important
References: #1189844
Cross-References: CVE-2021-39360
CVSS scores:
CVE-2021-39360 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-39360 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libzapojit fixes the following issues:
- CVE-2021-39360: Fixed missing guard against invalid SSL certificates
(bsc#1189844).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3267=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3267=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3267=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libzapojit-0_0-0-0.0.3-150000.3.5.1
libzapojit-0_0-0-debuginfo-0.0.3-150000.3.5.1
libzapojit-debugsource-0.0.3-150000.3.5.1
libzapojit-devel-0.0.3-150000.3.5.1
typelib-1_0-Zpj-0_0-0.0.3-150000.3.5.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
libzapojit-0_0-0-0.0.3-150000.3.5.1
libzapojit-0_0-0-debuginfo-0.0.3-150000.3.5.1
libzapojit-debugsource-0.0.3-150000.3.5.1
typelib-1_0-Zpj-0_0-0.0.3-150000.3.5.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
libzapojit-0_0-0-0.0.3-150000.3.5.1
libzapojit-0_0-0-debuginfo-0.0.3-150000.3.5.1
libzapojit-debugsource-0.0.3-150000.3.5.1
typelib-1_0-Zpj-0_0-0.0.3-150000.3.5.1
References:
https://www.suse.com/security/cve/CVE-2021-39360.html
https://bugzilla.suse.com/1189844
From sle-security-updates at lists.suse.com Wed Sep 14 10:40:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 12:40:28 +0200 (CEST)
Subject: SUSE-SU-2022:3271-1: moderate: Security update for perl
Message-ID: <20220914104028.EF2E8FD99@maintenance.suse.de>
SUSE Security Update: Security update for perl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3271-1
Rating: moderate
References: #1047178
Cross-References: CVE-2017-6512
CVSS scores:
CVE-2017-6512 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2017-6512 (SUSE): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition
(bsc#1047178).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3271=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3271=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3271=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3271=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3271=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3271=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3271=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3271=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3271=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3271=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3271=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-core-DB_File-5.26.1-150300.17.11.1
perl-core-DB_File-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- openSUSE Leap 15.4 (noarch):
perl-doc-5.26.1-150300.17.11.1
- openSUSE Leap 15.4 (x86_64):
perl-32bit-5.26.1-150300.17.11.1
perl-32bit-debuginfo-5.26.1-150300.17.11.1
perl-base-32bit-5.26.1-150300.17.11.1
perl-base-32bit-debuginfo-5.26.1-150300.17.11.1
perl-core-DB_File-32bit-5.26.1-150300.17.11.1
perl-core-DB_File-32bit-debuginfo-5.26.1-150300.17.11.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-core-DB_File-5.26.1-150300.17.11.1
perl-core-DB_File-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- openSUSE Leap 15.3 (x86_64):
perl-32bit-5.26.1-150300.17.11.1
perl-32bit-debuginfo-5.26.1-150300.17.11.1
perl-base-32bit-5.26.1-150300.17.11.1
perl-base-32bit-debuginfo-5.26.1-150300.17.11.1
perl-core-DB_File-32bit-5.26.1-150300.17.11.1
perl-core-DB_File-32bit-debuginfo-5.26.1-150300.17.11.1
- openSUSE Leap 15.3 (noarch):
perl-doc-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64):
perl-32bit-5.26.1-150300.17.11.1
perl-32bit-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
perl-32bit-5.26.1-150300.17.11.1
perl-32bit-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
perl-doc-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
perl-doc-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-core-DB_File-5.26.1-150300.17.11.1
perl-core-DB_File-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
perl-32bit-debuginfo-5.26.1-150300.17.11.1
perl-base-32bit-5.26.1-150300.17.11.1
perl-base-32bit-debuginfo-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-core-DB_File-5.26.1-150300.17.11.1
perl-core-DB_File-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
perl-32bit-debuginfo-5.26.1-150300.17.11.1
perl-base-32bit-5.26.1-150300.17.11.1
perl-base-32bit-debuginfo-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
perl-5.26.1-150300.17.11.1
perl-base-5.26.1-150300.17.11.1
perl-base-debuginfo-5.26.1-150300.17.11.1
perl-debuginfo-5.26.1-150300.17.11.1
perl-debugsource-5.26.1-150300.17.11.1
References:
https://www.suse.com/security/cve/CVE-2017-6512.html
https://bugzilla.suse.com/1047178
From sle-security-updates at lists.suse.com Wed Sep 14 13:19:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 14 Sep 2022 15:19:22 +0200 (CEST)
Subject: SUSE-SU-2022:3274-1: important: Security update for the Linux Kernel
Message-ID: <20220914131922.D5DB3FD99@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3274-1
Rating: important
References: #1172145 #1177440 #1188944 #1191881 #1194535
#1196616 #1200598 #1200770 #1200910 #1201019
#1201420 #1201429 #1201705 #1201726 #1201940
#1201948 #1202096 #1202154 #1202346 #1202347
#1202393 #1202396 #1202672 #1202897 #1202898
#1203098
Cross-References: CVE-2020-36516 CVE-2020-36557 CVE-2020-36558
CVE-2021-4203 CVE-2022-20166 CVE-2022-20368
CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
CVE-2022-26373 CVE-2022-2639 CVE-2022-2977
CVE-2022-3028 CVE-2022-36879 CVE-2022-36946
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2020-36557 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36557 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-36558 (NVD) : 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36558 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Availability 12-SP4
SUSE Linux Enterprise High Performance Computing 12-SP4
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 11 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in
net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer
overflow in various methods of kernel base drivers (bnc#1200598).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36558: Fixed a race condition involving VT_RESIZEX could lead
to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2020-36557: Fixed a race condition between the VT_DISALLOCATE ioctl
and closing/opening of ttys that could have led to a use-after-free
(bnc#1201429).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
(bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails
(bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145
ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145
ltc#184630 bsc#1200770 ltc#198666).
- powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145
ltc#184630 bsc#1200770 ltc#198666).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3274=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3274=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3274=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3274=1
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3274=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Availability 12-SP4:
zypper in -t patch SUSE-SLE-HA-12-SP4-2022-3274=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
kernel-default-4.12.14-95.108.1
kernel-default-base-4.12.14-95.108.1
kernel-default-base-debuginfo-4.12.14-95.108.1
kernel-default-debuginfo-4.12.14-95.108.1
kernel-default-debugsource-4.12.14-95.108.1
kernel-default-devel-4.12.14-95.108.1
kernel-default-devel-debuginfo-4.12.14-95.108.1
kernel-syms-4.12.14-95.108.1
- SUSE OpenStack Cloud Crowbar 9 (noarch):
kernel-devel-4.12.14-95.108.1
kernel-macros-4.12.14-95.108.1
kernel-source-4.12.14-95.108.1
- SUSE OpenStack Cloud 9 (x86_64):
kernel-default-4.12.14-95.108.1
kernel-default-base-4.12.14-95.108.1
kernel-default-base-debuginfo-4.12.14-95.108.1
kernel-default-debuginfo-4.12.14-95.108.1
kernel-default-debugsource-4.12.14-95.108.1
kernel-default-devel-4.12.14-95.108.1
kernel-default-devel-debuginfo-4.12.14-95.108.1
kernel-syms-4.12.14-95.108.1
- SUSE OpenStack Cloud 9 (noarch):
kernel-devel-4.12.14-95.108.1
kernel-macros-4.12.14-95.108.1
kernel-source-4.12.14-95.108.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
kernel-default-4.12.14-95.108.1
kernel-default-base-4.12.14-95.108.1
kernel-default-base-debuginfo-4.12.14-95.108.1
kernel-default-debuginfo-4.12.14-95.108.1
kernel-default-debugsource-4.12.14-95.108.1
kernel-default-devel-4.12.14-95.108.1
kernel-syms-4.12.14-95.108.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.108.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (noarch):
kernel-devel-4.12.14-95.108.1
kernel-macros-4.12.14-95.108.1
kernel-source-4.12.14-95.108.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-95.108.1
kernel-default-base-4.12.14-95.108.1
kernel-default-base-debuginfo-4.12.14-95.108.1
kernel-default-debuginfo-4.12.14-95.108.1
kernel-default-debugsource-4.12.14-95.108.1
kernel-default-devel-4.12.14-95.108.1
kernel-syms-4.12.14-95.108.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64):
kernel-default-devel-debuginfo-4.12.14-95.108.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (noarch):
kernel-devel-4.12.14-95.108.1
kernel-macros-4.12.14-95.108.1
kernel-source-4.12.14-95.108.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x):
kernel-default-man-4.12.14-95.108.1
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kernel-default-kgraft-4.12.14-95.108.1
kernel-default-kgraft-devel-4.12.14-95.108.1
kgraft-patch-4_12_14-95_108-default-1-6.3.1
- SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-95.108.1
cluster-md-kmp-default-debuginfo-4.12.14-95.108.1
dlm-kmp-default-4.12.14-95.108.1
dlm-kmp-default-debuginfo-4.12.14-95.108.1
gfs2-kmp-default-4.12.14-95.108.1
gfs2-kmp-default-debuginfo-4.12.14-95.108.1
kernel-default-debuginfo-4.12.14-95.108.1
kernel-default-debugsource-4.12.14-95.108.1
ocfs2-kmp-default-4.12.14-95.108.1
ocfs2-kmp-default-debuginfo-4.12.14-95.108.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2020-36557.html
https://www.suse.com/security/cve/CVE-2020-36558.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20166.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://bugzilla.suse.com/1172145
https://bugzilla.suse.com/1177440
https://bugzilla.suse.com/1188944
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1200598
https://bugzilla.suse.com/1200770
https://bugzilla.suse.com/1200910
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201429
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201940
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203098
From sle-security-updates at lists.suse.com Thu Sep 15 07:17:48 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:17:48 +0200 (CEST)
Subject: SUSE-CU-2022:2240-1: Security update of suse/sle-micro/5.3/toolbox
Message-ID: <20220915071748.46283F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2240-1
Container Tags : suse/sle-micro/5.3/toolbox:11.1 , suse/sle-micro/5.3/toolbox:11.1-4.2.39 , suse/sle-micro/5.3/toolbox:latest
Container Release : 4.2.39
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-5.26.1-150300.17.11.1 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:20:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:20:59 +0200 (CEST)
Subject: SUSE-CU-2022:2242-1: Security update of bci/bci-minimal
Message-ID: <20220915072059.40FE7F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2242-1
Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.30.52
Container Release : 30.52
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/bci-minimal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:micro-image-15.3.0-20.24 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:22:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:22:10 +0200 (CEST)
Subject: SUSE-CU-2022:2243-1: Security update of bci/dotnet-aspnet
Message-ID: <20220915072210.3C2A6F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2243-1
Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-39.29 , bci/dotnet-aspnet:3.1.28 , bci/dotnet-aspnet:3.1.28-39.29
Container Release : 39.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:23:15 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:23:15 +0200 (CEST)
Subject: SUSE-CU-2022:2244-1: Security update of bci/dotnet-aspnet
Message-ID: <20220915072315.76A14F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2244-1
Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-25.32 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-25.32
Container Release : 25.32
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:24:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:24:20 +0200 (CEST)
Subject: SUSE-CU-2022:2245-1: Security update of bci/dotnet-aspnet
Message-ID: <20220915072420.745ABF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2245-1
Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-20.29 , bci/dotnet-aspnet:6.0.8 , bci/dotnet-aspnet:6.0.8-20.29 , bci/dotnet-aspnet:latest
Container Release : 20.29
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:25:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:25:19 +0200 (CEST)
Subject: SUSE-CU-2022:2246-1: Security update of bci/dotnet-sdk
Message-ID: <20220915072519.69BEFF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2246-1
Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-33.31 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-33.31
Container Release : 33.31
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:26:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:26:23 +0200 (CEST)
Subject: SUSE-CU-2022:2247-1: Security update of bci/dotnet-runtime
Message-ID: <20220915072623.B9845F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2247-1
Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-32.30 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-32.30
Container Release : 32.30
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:27:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:27:37 +0200 (CEST)
Subject: SUSE-CU-2022:2248-1: Security update of bci/golang
Message-ID: <20220915072737.E731AF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2248-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libatomic1-11.3.0+git1637-150000.1.11.2 updated
- libgomp1-11.3.0+git1637-150000.1.11.2 updated
- libitm1-11.3.0+git1637-150000.1.11.2 updated
- liblsan0-11.3.0+git1637-150000.1.11.2 updated
- libtsan0-11.3.0+git1637-150000.1.11.2 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:28:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:28:34 +0200 (CEST)
Subject: SUSE-CU-2022:2249-1: Security update of bci/golang
Message-ID: <20220915072834.CE371F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2249-1
Container Tags : bci/golang:1.19 , bci/golang:1.19-2.31 , bci/golang:latest
Container Release : 2.31
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:30:24 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:30:24 +0200 (CEST)
Subject: SUSE-CU-2022:2250-1: Security update of bci/openjdk
Message-ID: <20220915073024.6BA10F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2250-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-30.29 , bci/openjdk:latest
Container Release : 30.29
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:32:00 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:32:00 +0200 (CEST)
Subject: SUSE-CU-2022:2251-1: Security update of suse/pcp
Message-ID: <20220915073200.98756F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2251-1
Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-10.28 , suse/pcp:latest
Container Release : 10.28
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- perl-5.26.1-150300.17.11.1 updated
- container:bci-bci-init-15.4-15.4-22.17 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:32:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:32:47 +0200 (CEST)
Subject: SUSE-CU-2022:2252-1: Security update of bci/rust
Message-ID: <20220915073247.631B5F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2252-1
Container Tags : bci/rust:1.61 , bci/rust:1.61-6.26
Container Release : 6.26
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:33:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:33:37 +0200 (CEST)
Subject: SUSE-CU-2022:2253-1: Security update of suse/sle-micro/5.1/toolbox
Message-ID: <20220915073337.0F184F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2253-1
Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.284 , suse/sle-micro/5.1/toolbox:latest
Container Release : 2.2.284
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-5.26.1-150300.17.11.1 updated
From sle-security-updates at lists.suse.com Thu Sep 15 07:37:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 09:37:28 +0200 (CEST)
Subject: SUSE-CU-2022:2255-1: Security update of suse/sle-micro/5.2/toolbox
Message-ID: <20220915073728.7F04CF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2255-1
Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.104 , suse/sle-micro/5.2/toolbox:latest
Container Release : 6.2.104
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-5.26.1-150300.17.11.1 updated
From sle-security-updates at lists.suse.com Thu Sep 15 19:19:36 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 21:19:36 +0200 (CEST)
Subject: SUSE-SU-2022:3284-1: important: Security update for flatpak
Message-ID: <20220915191936.8D193F78E@maintenance.suse.de>
SUSE Security Update: Security update for flatpak
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3284-1
Rating: important
References: #1191507 #1194610
Cross-References: CVE-2021-21261 CVE-2021-41133 CVE-2021-43860
CVSS scores:
CVE-2021-21261 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-21261 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
CVE-2021-41133 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-41133 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE-2021-43860 (NVD) : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CVE-2021-43860 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for flatpak fixes the following issues:
- CVE-2021-41133: Fixed sandbox bypass via recent syscalls (bsc#1191507).
- CVE-2021-43860: Fixed metadata validation (bsc#1194610).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3284=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3284=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3284=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3284=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3284=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3284=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
- SUSE CaaS Platform 4.0 (x86_64):
flatpak-1.2.3-150100.4.8.1
flatpak-debuginfo-1.2.3-150100.4.8.1
flatpak-debugsource-1.2.3-150100.4.8.1
flatpak-devel-1.2.3-150100.4.8.1
flatpak-zsh-completion-1.2.3-150100.4.8.1
libflatpak0-1.2.3-150100.4.8.1
libflatpak0-debuginfo-1.2.3-150100.4.8.1
typelib-1_0-Flatpak-1_0-1.2.3-150100.4.8.1
References:
https://www.suse.com/security/cve/CVE-2021-21261.html
https://www.suse.com/security/cve/CVE-2021-41133.html
https://www.suse.com/security/cve/CVE-2021-43860.html
https://bugzilla.suse.com/1191507
https://bugzilla.suse.com/1194610
From sle-security-updates at lists.suse.com Thu Sep 15 19:20:38 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 21:20:38 +0200 (CEST)
Subject: SUSE-SU-2022:3282-1: important: Security update for the Linux Kernel
Message-ID: <20220915192038.A63E5F78E@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3282-1
Rating: important
References: #1054914 #1065729 #1120716 #1179310 #1190397
#1191881 #1194535 #1196616 #1197158 #1199617
#1199665 #1201019 #1201264 #1201420 #1201442
#1201610 #1201705 #1201726 #1201948 #1202017
#1202096 #1202154 #1202346 #1202347 #1202393
#1202396 #1202528 #1202577 #1202672 #1202830
#1202897 #1202898 #1203013 #1203098 #1203126
Cross-References: CVE-2020-36516 CVE-2021-4203 CVE-2022-20368
CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
CVE-2022-26373 CVE-2022-2639 CVE-2022-29581
CVE-2022-2977 CVE-2022-3028 CVE-2022-36879
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that solves 12 vulnerabilities and has 23 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-29581: Fixed improper update of reference count vulnerability
in net/sched that allowed a local attacker to cause privilege escalation
to root (bnc#1199665).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed possible out of bounds write due to improper input
validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
The following non-security bugs were fixed:
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- Fix releasing of old bundles in xfrm_bundle_lookup() (bsc#1201264
bsc#1190397 bsc#1199617).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set" (git-fixes).
- Revert "r8152: adjust the settings about MAC clock speed down for
RTL8153" (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- add Kirk Allan as branch maintainer
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint
(git-fixes).
- btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
- btrfs: add a trace class for dumping the current ENOSPC state
(bsc#1202528).
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- btrfs: do not do preemptive flushing if the majority is global rsv
(bsc#1202528).
- btrfs: do not include the global rsv size in the preemptive used amount
(bsc#1202528).
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- btrfs: handle preemptive delalloc flushing slightly differently
(bsc#1202528).
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- btrfs: improve preemptive background space flushing (bsc#1202528).
- btrfs: include delalloc related info in dump space info tracepoint
(bsc#1202528).
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- btrfs: make flush_space take a enum btrfs_flush_state instead of int
(bsc#1202528).
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered
(bsc#1202528).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
- btrfs: rip out may_commit_transaction (bsc#1202528).
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets
(bsc#1202528).
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- btrfs: take into account global rsv in need_preemptive_reclaim
(bsc#1202528).
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc
(bsc#1202528).
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt
(bsc#1202528).
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking
(bsc#1202528).
- btrfs: use the global rsv size in the preemptive thresh calculation
(bsc#1202528).
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- ceph: do not truncate file in atomic_open (bsc#1202830).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- check sk_peer_cred pointer before put_cred() call
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (git-fixes).
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- fuse: limit nsec (bsc#1203126).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- kabi/severities: add mlx5 internal symbols
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- md-raid: destroy the bitmap after destroying the thread (git-fixes).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mvpp2: fix panic on module removal (git-fixes).
- mvpp2: refactor the HW checksum setup (git-fixes).
- net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
- net/mlx5: Fix auto group size calculation (git-fixes).
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- net/mlx5e: Use the inner headers to determine tc/pedit offload
limitation on decap flows (git-fixes).
- net: dsa: mt7530: Change the LINK bit to reflect the link status
(git-fixes).
- net: emaclite: Simplify if-else statements (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls
(git-fixes).
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
(git-fixes).
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- net: ll_temac: Fix support for little-endian platforms (git-fixes).
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- net: usb: lan78xx: Connect PHY before registering MAC (git-fixes).
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop
profiles (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- pNFS: Do not keep retrying if the server replied
NFS4ERR_LAYOUTUNAVAILABLE (git-fixes).
- phy: tegra: fix device-tree node lookups (git-fixes).
- powerpc/perf: Add privileged access check for thread_imc (bsc#1054914,
git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
(bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914,
git-fixes).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: Use darn instruction for get_random_seed() on Power9
(bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914,
git-fixes).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- squashfs: add more sanity checks in id lookup (git-fixes).
- squashfs: add more sanity checks in inode lookup (git-fixes).
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1203013).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
(git-fixes).
- tracing/perf: Use strndup_user() instead of buggy open-coded version
(git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename
(git-fixes).
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: always free inline data before resetting inode fork during ifree
(bsc#1202017).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: fix NULL pointer dereference in xfs_getbmap() (git-fixes).
- xprtrdma: Fix trace point use-after-free race (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3282=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (noarch):
kernel-devel-azure-4.12.14-16.109.1
kernel-source-azure-4.12.14-16.109.1
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
kernel-azure-4.12.14-16.109.1
kernel-azure-base-4.12.14-16.109.1
kernel-azure-base-debuginfo-4.12.14-16.109.1
kernel-azure-debuginfo-4.12.14-16.109.1
kernel-azure-debugsource-4.12.14-16.109.1
kernel-azure-devel-4.12.14-16.109.1
kernel-syms-azure-4.12.14-16.109.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://bugzilla.suse.com/1054914
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1120716
https://bugzilla.suse.com/1179310
https://bugzilla.suse.com/1190397
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1199617
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201264
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202017
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202528
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202830
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203013
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203126
From sle-security-updates at lists.suse.com Thu Sep 15 19:24:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 21:24:27 +0200 (CEST)
Subject: SUSE-SU-2022:3281-1: important: Security update for MozillaThunderbird
Message-ID: <20220915192427.38F89F78E@maintenance.suse.de>
SUSE Security Update: Security update for MozillaThunderbird
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3281-1
Rating: important
References: #1200793 #1201758 #1202645 #1203007
Cross-References: CVE-2022-2200 CVE-2022-2226 CVE-2022-2505
CVE-2022-3032 CVE-2022-3033 CVE-2022-3034
CVE-2022-31744 CVE-2022-34468 CVE-2022-34470
CVE-2022-34472 CVE-2022-34478 CVE-2022-34479
CVE-2022-34481 CVE-2022-34484 CVE-2022-36059
CVE-2022-36314 CVE-2022-36318 CVE-2022-36319
CVE-2022-38472 CVE-2022-38473 CVE-2022-38476
CVE-2022-38477 CVE-2022-38478
CVSS scores:
CVE-2022-2505 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3032 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-3033 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-3034 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36059 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36314 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 23 vulnerabilities is now available.
Description:
This update for MozillaThunderbird fixes the following issues:
Updated to Mozilla Thunderbird 102.2.2:
- CVE-2022-3033: Fixed leaking of sensitive information when composing a
response to an HTML email with a META refresh tag (bsc#1203007).
- CVE-2022-3032: Fixed missing blocking of remote content specified in an
HTML document that was nested inside an iframe's srcdoc attribute
(bsc#1203007).
- CVE-2022-3034: Fixed issue where iframe element in an HTML email could
trigger a network request (bsc#1203007).
- CVE-2022-36059: Fixed DoS in Matrix SDK bundled with Thunderbird service
attack (bsc#1203007).
- CVE-2022-38472: Fixed Address bar spoofing via XSLT error handling
(bsc#1202645).
- CVE-2022-38473: Fixed cross-origin XSLT Documents inheriting the
parent's permissions (bsc#1202645).
- CVE-2022-38476: Fixed data race and potential use-after-free in
PK11_ChangePW (bsc#1202645).
- CVE-2022-38477: Fixed memory safety bugs (bsc#1202645).
- CVE-2022-38478: Fixed memory safety bugs (bsc#1202645).
- CVE-2022-36319: Fixed mouse position spoofing with CSS transforms
(bsc#1201758).
- CVE-2022-36318: Fixed directory indexes for bundled resources reflected
URL parameters (bsc#1201758).
- CVE-2022-36314: Fixed unexpected network loads when opening local .lnk
files (bsc#1201758).
- CVE-2022-2505: Fixed memory safety bugs (bsc#1201758).
- CVE-2022-34479: Fixed vulnerability which could overlay the address bar
with web content (bsc#1200793).
- CVE-2022-34470: Fixed use-after-free in nsSHistory (bsc#1200793).
- CVE-2022-34468: Fixed CSP sandbox header without `allow-scripts` bypass
via retargeted javascript (bsc#1200793).
- CVE-2022-2226: Fixed emails with a mismatching OpenPGP signature date
incorrectly accepted as valid (bsc#1200793).
- CVE-2022-34481: Fixed integer overflow in ReplaceElementsAt
(bsc#1200793).
- CVE-2022-31744: Fixed CSP bypass enabling stylesheet injection
(bsc#1200793).
- CVE-2022-34472: Fixed unavailable PAC file resulting in OCSP requests
being blocked (bsc#1200793).
- CVE-2022-34478: Fixed Microsoft protocols attacks if a user accepts a
prompt (bsc#1200793).
- CVE-2022-2200: Fixed vulnerability where undesired attributes could be
set as part of prototype pollution (bsc#1200793).
- CVE-2022-34484: Fixed memory safety bugs (bsc#1200793).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3281=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3281=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3281=1
- SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-3281=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-3281=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3281=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.2.2-150200.8.82.1
MozillaThunderbird-debuginfo-102.2.2-150200.8.82.1
MozillaThunderbird-debugsource-102.2.2-150200.8.82.1
MozillaThunderbird-translations-common-102.2.2-150200.8.82.1
MozillaThunderbird-translations-other-102.2.2-150200.8.82.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaThunderbird-102.2.2-150200.8.82.1
MozillaThunderbird-debuginfo-102.2.2-150200.8.82.1
MozillaThunderbird-debugsource-102.2.2-150200.8.82.1
MozillaThunderbird-translations-common-102.2.2-150200.8.82.1
MozillaThunderbird-translations-other-102.2.2-150200.8.82.1
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
MozillaThunderbird-102.2.2-150200.8.82.1
MozillaThunderbird-debuginfo-102.2.2-150200.8.82.1
MozillaThunderbird-debugsource-102.2.2-150200.8.82.1
MozillaThunderbird-translations-common-102.2.2-150200.8.82.1
MozillaThunderbird-translations-other-102.2.2-150200.8.82.1
- SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
MozillaThunderbird-102.2.2-150200.8.82.1
MozillaThunderbird-debuginfo-102.2.2-150200.8.82.1
MozillaThunderbird-debugsource-102.2.2-150200.8.82.1
MozillaThunderbird-translations-common-102.2.2-150200.8.82.1
MozillaThunderbird-translations-other-102.2.2-150200.8.82.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x):
MozillaThunderbird-102.2.2-150200.8.82.1
MozillaThunderbird-debuginfo-102.2.2-150200.8.82.1
MozillaThunderbird-debugsource-102.2.2-150200.8.82.1
MozillaThunderbird-translations-common-102.2.2-150200.8.82.1
MozillaThunderbird-translations-other-102.2.2-150200.8.82.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x):
MozillaThunderbird-102.2.2-150200.8.82.1
MozillaThunderbird-debuginfo-102.2.2-150200.8.82.1
MozillaThunderbird-debugsource-102.2.2-150200.8.82.1
MozillaThunderbird-translations-common-102.2.2-150200.8.82.1
MozillaThunderbird-translations-other-102.2.2-150200.8.82.1
References:
https://www.suse.com/security/cve/CVE-2022-2200.html
https://www.suse.com/security/cve/CVE-2022-2226.html
https://www.suse.com/security/cve/CVE-2022-2505.html
https://www.suse.com/security/cve/CVE-2022-3032.html
https://www.suse.com/security/cve/CVE-2022-3033.html
https://www.suse.com/security/cve/CVE-2022-3034.html
https://www.suse.com/security/cve/CVE-2022-31744.html
https://www.suse.com/security/cve/CVE-2022-34468.html
https://www.suse.com/security/cve/CVE-2022-34470.html
https://www.suse.com/security/cve/CVE-2022-34472.html
https://www.suse.com/security/cve/CVE-2022-34478.html
https://www.suse.com/security/cve/CVE-2022-34479.html
https://www.suse.com/security/cve/CVE-2022-34481.html
https://www.suse.com/security/cve/CVE-2022-34484.html
https://www.suse.com/security/cve/CVE-2022-36059.html
https://www.suse.com/security/cve/CVE-2022-36314.html
https://www.suse.com/security/cve/CVE-2022-36318.html
https://www.suse.com/security/cve/CVE-2022-36319.html
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38476.html
https://www.suse.com/security/cve/CVE-2022-38477.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://bugzilla.suse.com/1200793
https://bugzilla.suse.com/1201758
https://bugzilla.suse.com/1202645
https://bugzilla.suse.com/1203007
From sle-security-updates at lists.suse.com Thu Sep 15 19:25:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 15 Sep 2022 21:25:30 +0200 (CEST)
Subject: SUSE-SU-2022:3283-1: important: Security update for libgit2
Message-ID: <20220915192530.C2507F78E@maintenance.suse.de>
SUSE Security Update: Security update for libgit2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3283-1
Rating: important
References: #1198234 #1201431
Cross-References: CVE-2022-24765 CVE-2022-29187
CVSS scores:
CVE-2022-24765 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29187 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29187 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for libgit2 fixes the following issues:
- CVE-2022-24765: Fixed potential command injection via git worktree
(bsc#1198234).
- CVE-2022-29187: Fixed incomplete fix for CVE-2022-24765 (bsc#1201431).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3283=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3283=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libgit2-1_3-1.3.0-150400.3.3.1
libgit2-1_3-debuginfo-1.3.0-150400.3.3.1
libgit2-debugsource-1.3.0-150400.3.3.1
libgit2-devel-1.3.0-150400.3.3.1
- openSUSE Leap 15.4 (x86_64):
libgit2-1_3-32bit-1.3.0-150400.3.3.1
libgit2-1_3-32bit-debuginfo-1.3.0-150400.3.3.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
libgit2-1_3-1.3.0-150400.3.3.1
libgit2-1_3-debuginfo-1.3.0-150400.3.3.1
libgit2-debugsource-1.3.0-150400.3.3.1
libgit2-devel-1.3.0-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2022-24765.html
https://www.suse.com/security/cve/CVE-2022-29187.html
https://bugzilla.suse.com/1198234
https://bugzilla.suse.com/1201431
From sle-security-updates at lists.suse.com Fri Sep 16 07:22:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:22:08 +0200 (CEST)
Subject: SUSE-CU-2022:2256-1: Security update of bci/python
Message-ID: <20220916072208.3184AF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2256-1
Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.111
Container Release : 18.111
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
The following package changes have been done:
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-17.20.38 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:23:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:23:16 +0200 (CEST)
Subject: SUSE-CU-2022:2257-1: Security update of suse/sle15
Message-ID: <20220916072316.58C3BF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2257-1
Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.23 , suse/sle15:15.4 , suse/sle15:15.4.27.11.23
Container Release : 27.11.23
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:23:29 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:23:29 +0200 (CEST)
Subject: SUSE-CU-2022:2258-1: Security update of suse/sles/15.4/cdi-apiserver
Message-ID: <20220916072329.DC600F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-apiserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2258-1
Container Tags : suse/sles/15.4/cdi-apiserver:1.43.0 , suse/sles/15.4/cdi-apiserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-apiserver:1.43.0.16.25
Container Release : 16.25
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-apiserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:23:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:23:45 +0200 (CEST)
Subject: SUSE-CU-2022:2260-1: Security update of suse/sles/15.4/cdi-cloner
Message-ID: <20220916072345.525FCF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-cloner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2260-1
Container Tags : suse/sles/15.4/cdi-cloner:1.43.0 , suse/sles/15.4/cdi-cloner:1.43.0-150400.2.4 , suse/sles/15.4/cdi-cloner:1.43.0.16.25
Container Release : 16.25
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-cloner was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:23:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:23:59 +0200 (CEST)
Subject: SUSE-CU-2022:2262-1: Security update of suse/sles/15.4/cdi-controller
Message-ID: <20220916072359.D4376F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2262-1
Container Tags : suse/sles/15.4/cdi-controller:1.43.0 , suse/sles/15.4/cdi-controller:1.43.0-150400.2.4 , suse/sles/15.4/cdi-controller:1.43.0.16.26
Container Release : 16.26
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-controller was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:24:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:24:17 +0200 (CEST)
Subject: SUSE-CU-2022:2264-1: Security update of suse/sles/15.4/cdi-importer
Message-ID: <20220916072417.DFBCCF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-importer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2264-1
Container Tags : suse/sles/15.4/cdi-importer:1.43.0 , suse/sles/15.4/cdi-importer:1.43.0-150400.2.4 , suse/sles/15.4/cdi-importer:1.43.0.16.27
Container Release : 16.27
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202011 1202175 1202310 1202593
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-importer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3217-1
Released: Thu Sep 8 21:14:58 2022
Summary: Recommended update for nbdkit
Type: recommended
Severity: important
References:
This update for nbdkit fixes the following issues:
- Update to version 1.30.7 (jsc#ECO-3633)
* configure: Use printf to print $ISOPROG
* configure: Print the version of curl, libnbd and libssh
* configure: Make the 'feature' function print the dots
* tests/test-protect.c: Fix typo in previous commit
* tests/test-protect.c: Skip test if 'disk' was not created
* common/include: Rename BUILD_BUG_ON_ZERO to something more meaningful
* common/include/test-array-size.c: Avoid Clang warning
* vddk: Demote another 'phone home' error message to debug
* Use ARRAY_SIZE macro in various places in nbdkit
* common/include: Add ARRAY_SIZE macro
* tests/test-parallel-sh.sh: Skip test under valgrind + debuginfod
* tests/test-parallel-sh.sh: Small cleanups
* server: Work around incorrect include in gnutls/socket.h
* server: Display kTLS setting in debug output
* exitwhen: Check nbdkit doesn't exit before the pipe is closed
* valgrind: Update comment about valgrind bug affecting OCaml
* ocaml: Add further valgrind suppression
* ocaml: Add valgrind suppression for OCaml 4.14 bug
* perl: Move GCC diagnostic ignored earlier
* docs/nbdkit-protocol.pod: block size support was added in 1.30
- Enable linuxdisk plugin
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libhogweed6-3.8.1-150500.1.4 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- nbdkit-server-1.30.7-150400.3.3.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- nbdkit-xz-filter-1.30.7-150400.3.3.1 updated
- nbdkit-vddk-plugin-1.30.7-150400.3.3.1 updated
- nbdkit-gzip-filter-1.30.7-150400.3.3.1 updated
- nbdkit-curl-plugin-1.30.7-150400.3.3.1 updated
- nbdkit-basic-plugins-1.30.7-150400.3.3.1 updated
- nbdkit-basic-filters-1.30.7-150400.3.3.1 updated
- nbdkit-1.30.7-150400.3.3.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:24:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:24:34 +0200 (CEST)
Subject: SUSE-CU-2022:2266-1: Security update of suse/sles/15.4/cdi-operator
Message-ID: <20220916072434.BA02AF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2266-1
Container Tags : suse/sles/15.4/cdi-operator:1.43.0 , suse/sles/15.4/cdi-operator:1.43.0-150400.2.4 , suse/sles/15.4/cdi-operator:1.43.0.16.25
Container Release : 16.25
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:24:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:24:50 +0200 (CEST)
Subject: SUSE-CU-2022:2268-1: Security update of suse/sles/15.4/cdi-uploadproxy
Message-ID: <20220916072450.B1A79F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2268-1
Container Tags : suse/sles/15.4/cdi-uploadproxy:1.43.0 , suse/sles/15.4/cdi-uploadproxy:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadproxy:1.43.0.16.25
Container Release : 16.25
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-uploadproxy was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:25:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:25:08 +0200 (CEST)
Subject: SUSE-CU-2022:2270-1: Security update of
suse/sles/15.4/cdi-uploadserver
Message-ID: <20220916072508.60E7EF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2270-1
Container Tags : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadserver:1.43.0.16.26
Container Release : 16.26
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202011 1202175 1202310 1202593
CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-uploadserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libhogweed6-3.8.1-150500.1.4 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:25:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:25:25 +0200 (CEST)
Subject: SUSE-CU-2022:2272-1: Security update of suse/sles/15.4/virt-api
Message-ID: <20220916072525.836FDF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2272-1
Container Tags : suse/sles/15.4/virt-api:0.49.0 , suse/sles/15.4/virt-api:0.49.0-150400.1.37 , suse/sles/15.4/virt-api:0.49.0.16.25
Container Release : 16.25
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/virt-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:25:41 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:25:41 +0200 (CEST)
Subject: SUSE-CU-2022:2274-1: Security update of suse/sles/15.4/virt-controller
Message-ID: <20220916072541.DD617F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2274-1
Container Tags : suse/sles/15.4/virt-controller:0.49.0 , suse/sles/15.4/virt-controller:0.49.0-150400.1.37 , suse/sles/15.4/virt-controller:0.49.0.16.26
Container Release : 16.26
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:26:00 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:26:00 +0200 (CEST)
Subject: SUSE-CU-2022:2276-1: Security update of suse/sles/15.4/virt-handler
Message-ID: <20220916072600.17887F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2276-1
Container Tags : suse/sles/15.4/virt-handler:0.49.0 , suse/sles/15.4/virt-handler:0.49.0-150400.1.37 , suse/sles/15.4/virt-handler:0.49.0.17.27
Container Release : 17.27
Severity : important
Type : security
References : 1197178 1198405 1198731 1198752 1199724 1200800 1202011 1202175
1202310 1202593 CVE-2022-24795 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/virt-handler was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3206-1
Released: Thu Sep 8 11:16:02 2022
Summary: Recommended update for bash-completion
Type: recommended
Severity: low
References: 1199724
This update for bash-completion fixes the following issues:
- Enable upstream commit to list ko.zst modules as well. (bsc#1199724)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- curl-7.79.1-150400.5.6.1 updated
- bash-completion-2.7-150000.4.9.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libhogweed6-3.8.1-150500.1.4 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:26:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:26:22 +0200 (CEST)
Subject: SUSE-CU-2022:2278-1: Security update of suse/sles/15.4/virt-launcher
Message-ID: <20220916072622.9B8A2F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2278-1
Container Tags : suse/sles/15.4/virt-launcher:0.49.0 , suse/sles/15.4/virt-launcher:0.49.0-150400.1.37 , suse/sles/15.4/virt-launcher:0.49.0.18.29
Container Release : 18.29
Severity : important
Type : security
References : 1187365 1197178 1198405 1198731 1198752 1198925 1199724 1200270
1200570 1200697 1200698 1200700 1200701 1200732 1200800 1200884
1200902 1200903 1200904 1201132 1201133 1201134 1201135 1201136
1201150 1201151 1201152 1201153 1201154 1201155 1201249 1201356
1201359 1201363 1201551 1201620 1201863 1202011 1202046 1202049
1202050 1202051 1202175 1202310 1202414 1202420 1202421 1202511
1202512 1202515 1202552 1202593 1202599 1202687 1202689 1202862
CVE-2021-3593 CVE-2022-1720 CVE-2022-1968 CVE-2022-2124 CVE-2022-2125
CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
CVE-2022-24795 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580 CVE-2022-2581
CVE-2022-2598 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2923
CVE-2022-2946 CVE-2022-3016 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/virt-launcher was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2941-1
Released: Tue Aug 30 10:51:09 2022
Summary: Security update for libslirp
Type: security
Severity: moderate
References: 1187365,1201551,CVE-2021-3593
This update for libslirp fixes the following issues:
- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).
Non-security fixes:
- Fix the version header (bsc#1201551)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3206-1
Released: Thu Sep 8 11:16:02 2022
Summary: Recommended update for bash-completion
Type: recommended
Severity: low
References: 1199724
This update for bash-completion fixes the following issues:
- Enable upstream commit to list ko.zst modules as well. (bsc#1199724)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3209-1
Released: Thu Sep 8 13:10:13 2022
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1200570
This update for open-iscsi fixes the following issues:
- Set the systemd unit files as non executable. (bsc#1200570)
- For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to
vendor-specific `/usr/etc/logrotate.d`
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- bash-completion-2.7-150000.4.9.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libslirp0-4.3.1-150300.11.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- liblvm2cmd2_03-2.03.05-150400.175.1 updated
- libdevmapper-event1_03-1.02.163-150400.17.3.1 updated
- libhogweed6-3.8.1-150500.1.4 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- libopeniscsiusr0_2_0-2.1.7-150400.39.8.1 updated
- device-mapper-1.02.163-150400.17.3.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- open-iscsi-2.1.7-150400.39.8.1 updated
- lvm2-2.03.05-150400.175.1 updated
- qemu-ovmf-x86_64-202205-150500.1.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:26:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:26:46 +0200 (CEST)
Subject: SUSE-CU-2022:2280-1: Security update of
suse/sles/15.4/libguestfs-tools
Message-ID: <20220916072646.DD7F3F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2280-1
Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.26
Container Release : 16.26
Severity : important
Type : security
References : 1181475 1185882 1187365 1194557 1197178 1198405 1198709 1198731
1198752 1198925 1199093 1199895 1200800 1200993 1201092 1201551
1201576 1201638 1201975 1202011 1202175 1202310 1202593 CVE-2021-3593
CVE-2022-24795 CVE-2022-35252 CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2941-1
Released: Tue Aug 30 10:51:09 2022
Summary: Security update for libslirp
Type: security
Severity: moderate
References: 1187365,1201551,CVE-2021-3593
This update for libslirp fixes the following issues:
- CVE-2021-3593: Fixed invalid pointer initialization may lead to information disclosure (udp6) (bsc#1187365).
Non-security fixes:
- Fix the version header (bsc#1201551)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2973-1
Released: Thu Sep 1 11:37:02 2022
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1198709,1201975
This update for dracut fixes the following issues:
- Include fixes to make network-manager module work properly with dracut (bsc#1201975)
- Add auto timeout to wicked DHCP test (bsc#1198709)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3220-1
Released: Fri Sep 9 04:30:52 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- procps-3.3.15-150000.7.25.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libzypp-17.31.0-150400.3.6.1 updated
- zypper-1.14.55-150400.3.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- curl-7.79.1-150400.5.6.1 updated
- btrfsprogs-udev-rules-5.14-150500.8.2 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libnettle8-3.8.1-150500.1.4 updated
- libslirp0-4.3.1-150300.11.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libxcb1-1.13-150000.3.9.1 updated
- libhogweed6-3.8.1-150500.1.4 updated
- btrfsprogs-5.14-150500.8.2 updated
- libmpath0-0.9.1+52+suse.be8809e-150500.1.1 updated
- libblkid-devel-2.37.2-150400.8.3.1 updated
- zlib-devel-1.2.11-150000.3.33.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-fips-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- libmount-devel-2.37.2-150400.8.3.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 07:27:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 09:27:03 +0200 (CEST)
Subject: SUSE-CU-2022:2282-1: Security update of suse/sles/15.4/virt-operator
Message-ID: <20220916072703.ADA3EF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2282-1
Container Tags : suse/sles/15.4/virt-operator:0.49.0 , suse/sles/15.4/virt-operator:0.49.0-150400.1.37 , suse/sles/15.4/virt-operator:0.49.0.16.25
Container Release : 16.25
Severity : important
Type : security
References : 1197178 1198731 1198752 1200800 1202175 1202310 1202593 CVE-2022-35252
CVE-2022-37434
-----------------------------------------------------------------
The container suse/sles/15.4/virt-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- sles-release-15.5-150500.10.2 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- timezone-2022a-150000.75.10.1 updated
- container:sles15-image-15.0.0-31.13 updated
From sle-security-updates at lists.suse.com Fri Sep 16 10:20:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 12:20:17 +0200 (CEST)
Subject: SUSE-SU-2022:3286-1: moderate: Security update for 389-ds
Message-ID: <20220916102017.27408F7C9@maintenance.suse.de>
SUSE Security Update: Security update for 389-ds
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3286-1
Rating: moderate
References: #1197998 #1202470
Cross-References: CVE-2022-2850
CVSS scores:
CVE-2022-2850 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl
client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 2.0.16~git20.219f047ae:
* Fix missing 'not' in description
* CI - makes replication/acceptance_test.py::test_modify_entry more
robust
* fix repl keep alive event interval
* Sync_repl may crash while managing invalid cookie
* Hostname when set to localhost causing failures in other tests
* lib389 - do not set backend name to lowercase
* keep alive update event starts too soon
* Fix various memory leaks
* UI - LDAP Editor is not updated when we switch instances
* Supplier should do periodic updates
- Update sudoers schema to support UTF-8 (bsc#1197998)
- Update to version 2.0.16~git9.e2a858a86:
* UI - Various fixes and RFE's for UI
* Remove problematic language from source code
* CI - disable TLS hostname checking
* Update npm and cargo packages
* Support ECDSA private keys for TLS
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3286=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3286=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
389-ds-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-debuginfo-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-debugsource-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-snmp-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-snmp-debuginfo-2.0.16~git20.219f047ae-150400.3.10.1
lib389-2.0.16~git20.219f047ae-150400.3.10.1
libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1
libsvrcore0-debuginfo-2.0.16~git20.219f047ae-150400.3.10.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
389-ds-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-debuginfo-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-debugsource-2.0.16~git20.219f047ae-150400.3.10.1
389-ds-devel-2.0.16~git20.219f047ae-150400.3.10.1
lib389-2.0.16~git20.219f047ae-150400.3.10.1
libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1
libsvrcore0-debuginfo-2.0.16~git20.219f047ae-150400.3.10.1
References:
https://www.suse.com/security/cve/CVE-2022-2850.html
https://bugzilla.suse.com/1197998
https://bugzilla.suse.com/1202470
From sle-security-updates at lists.suse.com Fri Sep 16 13:19:49 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 15:19:49 +0200 (CEST)
Subject: SUSE-SU-2022:3287-1: important: Security update for python-rsa
Message-ID: <20220916131949.F3000F78E@maintenance.suse.de>
SUSE Security Update: Security update for python-rsa
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3287-1
Rating: important
References: #1172389
Cross-References: CVE-2020-13757
CVSS scores:
CVE-2020-13757 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-13757 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
HPE Helion Openstack 8
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python-rsa fixes the following issues:
- CVE-2020-13757: Fixed an issue where leading null bytes in a ciphertext
would be ignored during decryption, leading to a potential information
leak (bsc#1172389).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3287=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2022-3287=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2022-3287=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (noarch):
python-rsa-3.4.2-3.3.1
- SUSE OpenStack Cloud 8 (noarch):
python-rsa-3.4.2-3.3.1
- HPE Helion Openstack 8 (noarch):
python-rsa-3.4.2-3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-13757.html
https://bugzilla.suse.com/1172389
From sle-security-updates at lists.suse.com Fri Sep 16 13:21:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 15:21:06 +0200 (CEST)
Subject: SUSE-SU-2022:3288-1: important: Security update for the Linux Kernel
Message-ID: <20220916132106.1F210F78E@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3288-1
Rating: important
References: #1023051 #1032323 #1065729 #1156395 #1189999
#1190497 #1192968 #1194592 #1194869 #1194904
#1195480 #1195917 #1196616 #1197158 #1197391
#1197755 #1197756 #1197757 #1197763 #1198410
#1198577 #1198702 #1198971 #1199356 #1199515
#1200301 #1200313 #1200431 #1200544 #1200845
#1200868 #1200869 #1200870 #1200871 #1200872
#1200873 #1201019 #1201308 #1201361 #1201442
#1201455 #1201489 #1201610 #1201726 #1201768
#1201865 #1201940 #1201948 #1201956 #1202094
#1202096 #1202097 #1202113 #1202131 #1202154
#1202262 #1202265 #1202346 #1202347 #1202385
#1202393 #1202447 #1202471 #1202558 #1202564
#1202623 #1202636 #1202672 #1202681 #1202710
#1202711 #1202712 #1202713 #1202715 #1202716
#1202757 #1202758 #1202759 #1202761 #1202762
#1202763 #1202764 #1202765 #1202766 #1202767
#1202768 #1202769 #1202770 #1202771 #1202773
#1202774 #1202775 #1202776 #1202778 #1202779
#1202780 #1202781 #1202782 #1202783 #1202822
#1202823 #1202824 #1202860 #1202867 #1202872
#1202898 #1202989 #1203036 #1203041 #1203063
#1203098 #1203107 #1203117 #1203138 #1203139
#1203159 SLE-19359 SLE-23766 SLE-24572 SLE-24682
Cross-References: CVE-2016-3695 CVE-2020-36516 CVE-2021-33135
CVE-2021-4037 CVE-2022-1184 CVE-2022-20368
CVE-2022-20369 CVE-2022-2585 CVE-2022-2588
CVE-2022-26373 CVE-2022-2639 CVE-2022-2663
CVE-2022-28356 CVE-2022-28693 CVE-2022-2873
CVE-2022-2905 CVE-2022-2938 CVE-2022-2959
CVE-2022-2977 CVE-2022-3028 CVE-2022-3078
CVE-2022-36879 CVE-2022-36946 CVE-2022-39188
CVE-2022-39190
CVSS scores:
CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-33135 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2022-1184 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-1184 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2585 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-28356 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2873 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2938 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2938 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2959 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2959 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3078 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3078 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Public Cloud 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 25 vulnerabilities, contains four
features and has 91 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP4 Azure kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in
net/netfilter/nf_tables_api.c and could cause a denial of service upon
binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in
net/netfilter/nfnetlink_queue.c (bnc#1201940).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of
free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c
(bnc#1203041).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-2959: Fixed a race condition that was found inside the watch
queue due to a missing lock in pipe_resize_ring() (bnc#1202681).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall
Information implementation that could have been used to allow an
attacker to crash the system or have other memory-corruption side
effects (bnc#1202623).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found
in iSMT SMBus host controller driver (bnc#1202558).
- CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA
(bsc#1201455).
- CVE-2022-28356: Fixed a refcount leak bug that was found in
net/llc/af_llc.c (bnc#1197391).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors that may have allowed
information disclosure via local access (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-2585: Fixed missing cleanup of CPU timers before freeing them
during exec (bsc#1202094).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-1184: Fixed an use-after-free flaw in
fs/ext4/namei.c:dx_insert_block() in the filesystem sub-component
(bnc#1198577).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local
users to create files for the XFS file-system with an unintended group
ownership and with group execution and SGID permission bits set
(bnc#1198702).
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R)
SGX that may have allowed an authenticated user to potentially enable
denial of service via local access (bnc#1199515).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
(git-fixes).
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
(git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: VIOT: Fix ACS setup (git-fixes).
- ACPI: processor/idle: Annotate more functions to live in cpuidle section
(git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
(git-fixes).
- ACPI: thermal: drop an always true check (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
(git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name
only (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
(git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
(git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Add endianness annotations (git-fixes).
- ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
- ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
(git-fixes).
- ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
- ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
- ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
- ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
- ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
- ARM: dts: ast2500-evb: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb: fix board compatible (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time
(git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges
(git-fixes).
- ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time
(git-fixes).
- ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges
(git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
- ARM: dts: imx6ul: add missing properties for sram (git-fixes).
- ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
- ARM: dts: imx6ul: fix csi node compatible (git-fixes).
- ARM: dts: imx6ul: fix keypad compatible (git-fixes).
- ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
- ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
- ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
- ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
- ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
- ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
- ARM: findbit: fix overflowing offset (git-fixes).
- ARM: shmobile: rcar-gen2: Increase refcount for new reference
(git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
(git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
(git-fixes).
- ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
- ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
- ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
- ASoC: imx-audmux: Silence a clang warning (git-fixes).
- ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
- ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
- ASoC: mchp-spdifrx: disable end of block interrupt on failures
(git-fixes).
- ASoC: mt6359: Fix refcount leak bug (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
(git-fixes).
- ASoC: qcom: Fix missing of_node_put() in
asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl()
(git-fixes).
- ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
- ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global
to static variables (git-fixes).
- ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
- ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header
(git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
- ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
- ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
(git-fixes).
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
- Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
- Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- Documentation: ACPI: EINJ: Fix obsolete example (git-fixes).
- Documentation: PM: Drop pme_interrupt reference (git-fixes).
- Documentation: dm writecache: Render status list as list (git-fixes).
- Documentation: fix sctp_wmem in ip-sysctl.rst (git-fixes).
- Documentation: siphash: Fix typo in the name of offsetofend macro
(git-fixes).
- EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
- HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
- HID: add Lenovo Yoga C630 battery quirk (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: amd_sfh: Add NULL check for hid device (git-fixes).
- HID: amd_sfh: Handle condition of "no sensors" (git-fixes).
- HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- HID: hid-input: add Surface Go battery quirk (git-fixes).
- HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
- HID: multitouch: new device class fix Lenovo X12 trackpad sticky
(git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
(git-fies).
- HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: exc3000 - fix return value check of wait_for_completion_timeout
(git-fixes).
- Input: gscps2 - check return value of ioremap() in gscps2_probe()
(git-fixes).
- Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - add additional TUXEDO devices to i8042 quirk tables
(git-fies).
- Input: i8042 - merge quirk tables (git-fies).
- Input: i8042 - move __initconst to fix code styling warning (git-fies).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
- KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
- KVM: MMU: shadow nested paging does not have PKU (git-fixes).
- KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
(bsc#1194869).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations
(bsc#1194869).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
(bsc#1156395).
- KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator
(bsc#1194869).
- KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt
(bsc#1194869).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant
(bsc#1156395).
- KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0
(git-fixes).
- KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
- KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"
(git-fixes).
- KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
- KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
- KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled
(git-fixes).
- KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
- KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
- KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF
(git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4
(git-fixes).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
(git-fixes).
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
(git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
(git-fixes).
- KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required
(git-fixes).
- KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested
state load (git-fixes).
- KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host
(git-fixes).
- KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root()
(git-fixes).
- KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
(git-fixes).
- KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
- KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (git-fixes).
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
(git-fixes).
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG
case (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb()
(git-fixes).
- KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
- KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
- KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
(git-fixes).
- NFSD: Fix ia_size underflow (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI/AER: Iterate over error counters instead of error strings
(git-fixes).
- PCI/portdrv: Do not disable AER reporting in
get_port_device_capability() (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: aardvark: Fix reporting Slot capabilities on emulated bridge
(git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
(git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU
(git-fixes).
- PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI: endpoint: Do not stop controller when unbinding endpoint function
(git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
(git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
- PM: hibernate: defer device probing when resuming from hibernation
(git-fixes).
- Revert "clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops"
(git-fixes).
- Revert "drivers/video/backlight/platform_lcd.c: add support for device
tree based probe" (git-fixes).
- Revert "drm/i915: Hold reference to intel_context over life of
i915_request" (git-fixes).
- Revert "drm/udl: Kill pending URBs at suspend and disconnect"
(bsc#1195917).
- Revert "ipv6: Honor all IPv6 PIO Valid Lifetime values" (bsc#1202989).
- Revert "net: usb: ax88179_178a needs FLAG_SEND_ZLP" (git-fixes).
- Revert "scripts/mod/modpost.c: permit '.cranges' secton for sh64
architecture." (git-fixes).
- Revert "usb: gadget: udc-xilinx: replace memcpy with memcpy_toio"
(git-fixes).
- Revert "x86/sev: Expose sev_es_ghcb_hv_call() for use by HyperV"
(bsc#1190497).
- SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now
useless comments (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless
comments (git-fixes).
- USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- apparmor: Fix failed mount permission check error message (git-fixes).
- apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
- apparmor: fix aa_label_asxprint return check (git-fixes).
- apparmor: fix absroot causing audited secids to begin with = (git-fixes).
- apparmor: fix overlapping attachment computation (git-fixes).
- apparmor: fix quiet_denied for file rules (git-fixes).
- apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
- apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
- arm64: Do not forget syscall when starting a new thread (git-fixes).
- arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(git-fixes).
- arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
- arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
- arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
- arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
- arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
(git-fixes).
- arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
- arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
- arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
(git-fixes).
- arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
- arm64: fix oops in concurrently setting insn_emulation sysctls
(git-fixes).
- arm64: fix rodata=full (git-fixes).
- arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"
(git-fixes).
- arm64: set UXN on swapper page tables (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
- arm64: tegra: Fixup SYSRAM references (git-fixes).
- arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ath11k: Fix incorrect debug_mask mappings (git-fixes).
- ath11k: fix netdev open race (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- audit: fix potential double free on error path from
fsnotify_add_inode_mark (git-fixes).
- ax25: Fix ax25 session cleanup problems (git-fixes).
- block: Fix fsync always failed if once failed (bsc#1202779).
- block: Fix wrong offset in bio_truncate() (bsc#1202780).
- block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
- block: only mark bio as tracked if it really is tracked (bsc#1202782).
- bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
- bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
- btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA
(git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE
with netdev_warn_once() (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
(git-fixes).
- can: mcp251x: Fix race condition on receive interrupt (git-fixes).
- can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
- can: netlink: allow configuring of fixed bit rates without need for
do_set_bittiming callback (git-fixes).
- can: netlink: allow configuring of fixed data bit rates without need for
do_set_data_bittiming callback (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
- ceph: do not truncate file in atomic_open (bsc#1202824).
- ceph: use correct index when encoding client supported features
(bsc#1202822).
- cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: mediatek: reset: Fix written reset bit offset (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init
level (git-fixes).
- clk: qcom: camcc-sm8250: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
(git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not
enabled (git-fixes).
- clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register
(git-fixes).
- clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC
(git-fixes).
- clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src
(git-fixes).
- clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address
(git-fixes).
- clk: qcom: gcc-msm8939: Fix weird field spacing in
ftbl_gcc_camss_cci_clk (git-fixes).
- clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock
(git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
- cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
- crypto: ccp - During shutdown, check SEV data pointer before using
(git-fixes).
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel
memory leak (git-fixes).
- crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in
softirq (git-fixes).
- crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during
softirq (git-fixes).
- crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
- crypto: hisilicon/sec - fix auth key size error (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- crypto: sun8i-ss - do not allocate memory when handling hash requests
(git-fixes).
- crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
- crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
- dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
- dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics
(git-fixes).
- dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t)
(git-fixes).
- dmaengine: sf-pdma: Add multithread support for a DMA channel
(git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
(git-fixes).
- dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler()
(git-fixes).
- docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
- docs: zh_CN: fix a broken reference (git-fixes).
- dpaa2-eth: fix ethtool statistics (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral
(git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/iio: Remove all strcpy() uses (git-fixes).
- drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
- drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
- drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
- drm/amd/display: Avoid MPC infinite loop (git-fixes).
- drm/amd/display: Check correct bounds for stream encoder instances for
DCN303 (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled
(git-fixes).
- drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
- drm/amd/display: Fix pixel clock programming (git-fixes).
- drm/amd/display: Fix surface optimization regression on Carrizo
(git-fixes).
- drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (git-fixes).
- drm/amd/display: Reset DMCUB before HW init (git-fixes).
- drm/amd/display: Revert "drm/amd/display: turn DPMS off on connector
unplug" (git-fixes).
- drm/amd/display: avoid doing vm_init multiple time (git-fixes).
- drm/amd/display: clear optc underflow before turn off odm clock
(git-fixes).
- drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
(git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
- drm/amdgpu: Remove one duplicated ef removal (git-fixes).
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
- drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated
function (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated
function (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()
failed (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations()
error (git-fixes).
- drm/i915/display: avoid warnings when registering dual panel backlight
(git-fixes).
- drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
(git-fixes).
- drm/i915: fix null pointer dereference (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
(git-fixes).
- drm/mediatek: Allow commands to be sent during video mode (git-fixes).
- drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
- drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
- drm/mediatek: Separate poweron/poweroff from enable/disable and define
new funcs (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
(git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/dpu: Fix for non-visible planes (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
- drm/msm: Fix dirtyfb refcounting (git-fixes).
- drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from
pm_runtime (git-fixes).
- drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
- drm/nouveau: Do not pm_runtime_put_sync(), only
pm_runtime_put_autosuspend() (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/nouveau: recognise GA103 (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state()
(git-fixes).
- drm/shmem-helper: Add missing vunmap on error (git-fixes).
- drm/simpledrm: Fix return type of
simpledrm_simple_display_pipe_mode_valid() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
- drm/udl: Add parameter to set number of URBs (bsc#1195917).
- drm/udl: Add reset_resume (bsc#1195917)
- drm/udl: Do not re-initialize stuff at retrying the URB list allocation
(bsc#1195917).
- drm/udl: Drop unneeded alignment (bsc#1195917).
- drm/udl: Enable damage clipping (bsc#1195917).
- drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list()
(bsc#1195917).
- drm/udl: Fix potential URB leaks (bsc#1195917).
- drm/udl: Increase the default URB list size to 20 (bsc#1195917).
- drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
- drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
- drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
- drm/udl: Restore display mode on resume (bsc#1195917)
- drm/udl: Suppress error print for -EPROTO at URB completion
(bsc#1195917).
- drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
- drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
- drm/vc4: change vc4_dma_range_matches from a global to static
(git-fixes).
- drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component
(git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
- drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
(git-fixes).
- drm/vc4: hdmi: Disable audio if dmas property is present but empty
(git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges
(git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
- dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
- dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
(git-fixes).
- dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
- dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
- dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional
(git-fixes).
- dtb: Do not include sources in src.rpm - refer to kernel-source Same as
other kernel binary packages there is no need to carry duplicate sources
in dtb packages.
- eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
(git-fixes).
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
(git-fies).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fast commit may miss tracking unwritten range during ftruncate
(bsc#1202759).
- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
(bsc#1202771).
- ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling in ext4_fc_record_modified_inode()
(bsc#1202767).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix fallocate to use file_modified to update permissions
consistently (bsc#1202769).
- ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
(bsc#1202757).
- ext4: fix fs corruption when tring to remove a non-empty directory with
IO error (bsc#1202768).
- ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
(bsc#1202764).
- ext4: fix overhead calculation to account for the reserved gdt blocks
(bsc#1200869).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix super block checksum incorrect after mount (bsc#1202773).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no
sense (bsc#1200870).
- ext4: initialize err_blk before calling __ext4_get_inode_loc
(bsc#1202763).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: make sure to reset inode lockdep class when quota enabling fails
(bsc#1202761).
- ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
- ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
- ext4: prevent used blocks from being allocated during fast commit replay
(bsc#1202765).
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- ext4: use ext4_ext_remove_space() for fast commit replay delete range
(bsc#1202758).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
- filemap: Handle sibling entries in filemap_get_read_batch()
(bsc#1202774).
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
(git-fixes).
- firmware: tegra: Fix error check return value of debugfs_create_file()
(git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- fix race between exit_itimers() and /proc/pid/timers (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped
pages (bsc#1200873).
- ftrace/x86: Add back ftrace_expected assignment (git-fixes).
- fuse: ioctl: translate ENOSYS (bsc#1203139).
- fuse: limit nsec (bsc#1203138).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- grub: Fix symbol `grub_disk_get_size' not found (bsc#1201361
bsc#1192968).
- habanalabs/gaudi: fix shift out of bounds (git-fixes).
- habanalabs/gaudi: mask constant value before cast (git-fixes).
- hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist
(git-fixes).
- hwmon: (drivetemp) Add module alias (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- hwmon: (sht15) Fix wrong assumptions in device remove callback
(git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- i2c: mxs: Silence a clang warning (git-fixes).
- i2c: npcm: Capitalize the one-line comment (git-fixes).
- i2c: npcm: Correct slave role behavior (git-fixes).
- i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
- ice: fix 'scheduling while atomic' on aux critical err interrupt
(git-fixes).
- ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
- ieee80211: change HE nominal packet padding value defines (bsc#1202131).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
- iio: accel: bma400: Reordering of header files (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
- iio: ad7292: Prevent regulator double disable (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: common: ssp: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large
(git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: fix iio_format_avail_range() printing for none IIO_VAL_INT
(git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
- iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- interconnect: imx: fix max_node_id (git-fixes).
- io_uring: add a schedule point in io_add_buffers() (git-fixes).
- io_uring: terminate manual loop iterator loop correctly for non-vecs
(git-fixes).
- iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
- iommu/amd: Enable swiotlb in all cases (git-fixes).
- iommu/amd: Fix I/O page table memory leak (git-fixes).
- iommu/amd: Recover from event log overflow (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
(git-fixes).
- iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
- iommu/arm-smmu-v3: Fix size calculation in
arm_smmu_mm_invalidate_range() (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
(git-fixes).
- iommu/dart: Add missing module owner to ops structure (git-fixes).
- iommu/dart: check return value after calling platform_get_resource()
(git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
- iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
- iommu/mediatek: Fix NULL pointer dereference when printing dev_name
(git-fixes).
- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
(git-fixes).
- iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Drop stop marker messages (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
- iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
- iommu/vt-d: Remove global g_iommus array (bsc#1200301).
- iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
- iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
- iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- iommu: Fix potential use-after-free during probe (git-fixes).
- ipmi: fix initialization when workqueue allocation fails (git-fixes).
- irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
- iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
- iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
- iwlwifi: Add support for more BZ HWs (bsc#1202131).
- iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
- iwlwifi: BZ Family SW reset support (bsc#1202131).
- iwlwifi: Configure FW debug preset via module param (bsc#1202131).
- iwlwifi: Fix FW name for gl (bsc#1202131).
- iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
- iwlwifi: Fix syntax errors in comments (bsc#1202131).
- iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
- iwlwifi: Read the correct addresses when getting the crf id
(bsc#1202131).
- iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
- iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
- iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
- iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
- iwlwifi: add new Qu-Hr device (bsc#1202131).
- iwlwifi: add new ax1650 killer device (bsc#1202131).
- iwlwifi: add new device id 7F70 (bsc#1202131).
- iwlwifi: add new pci SoF with JF (bsc#1202131).
- iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
- iwlwifi: add support for BNJ HW (bsc#1202131).
- iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
- iwlwifi: add support for Bz-Z HW (bsc#1202131).
- iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
- iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
- iwlwifi: allow rate-limited error messages (bsc#1202131).
- iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
- iwlwifi: api: remove ttl field from TX command (bsc#1202131).
- iwlwifi: api: remove unused RX status bits (bsc#1202131).
- iwlwifi: avoid variable shadowing (bsc#1202131).
- iwlwifi: avoid void pointer arithmetic (bsc#1202131).
- iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
- iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
- iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
- iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
- iwlwifi: dbg: check trigger data before access (bsc#1202131).
- iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
- iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
- iwlwifi: dbg: treat dbgc allocation failure when tlv is missing
(bsc#1202131).
- iwlwifi: dbg: treat non active regions as unsupported regions
(bsc#1202131).
- iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write
(bsc#1202131).
- iwlwifi: de-const properly where needed (bsc#1202131).
- iwlwifi: debugfs: remove useless double condition (bsc#1202131).
- iwlwifi: do not dump_stack() when we get an unexpected interrupt
(bsc#1202131).
- iwlwifi: do not use __unused as variable name (bsc#1202131).
- iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
- iwlwifi: dump CSR scratch from outer function (bsc#1202131).
- iwlwifi: dump RCM error tables (bsc#1202131).
- iwlwifi: dump both TCM error tables if present (bsc#1202131).
- iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
- iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: eeprom: clean up macros (bsc#1202131).
- iwlwifi: fix LED dependencies (bsc#1202131).
- iwlwifi: fix debug TLV parsing (bsc#1202131).
- iwlwifi: fix fw/img.c license statement (bsc#1202131).
- iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
- iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
- iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
- iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
- iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
- iwlwifi: fw: api: add link to PHY context command struct v1
(bsc#1202131).
- iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
- iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
- iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
- iwlwifi: fw: make dump_start callback void (bsc#1202131).
- iwlwifi: fw: remove dead error log code (bsc#1202131).
- iwlwifi: implement reset flow for Bz devices (bsc#1202131).
- iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
- iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
- iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
- iwlwifi: make some functions friendly to sparse (bsc#1202131).
- iwlwifi: move symbols into a separate namespace (bsc#1202131).
- iwlwifi: mvm/api: define system control command (bsc#1202131).
- iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
- iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
- iwlwifi: mvm: Add support for a new version of scan request command
(bsc#1202131).
- iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
- iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
- iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
- iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
- iwlwifi: mvm: Fix wrong documentation for scan request command
(bsc#1202131).
- iwlwifi: mvm: Passively scan non PSC channels only when requested so
(bsc#1202131).
- iwlwifi: mvm: Read acpi dsm to get channel activation bitmap
(bsc#1202131).
- iwlwifi: mvm: Remove antenna c references (bsc#1202131).
- iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions
(bsc#1202131).
- iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and
RX_NO_DATA_NOTIF (bsc#1202131).
- iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
- iwlwifi: mvm: Support new version of ranging response notification
(bsc#1202131).
- iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
- iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
- iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
- iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed
(bsc#1202131).
- iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
- iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
- iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
- iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
- iwlwifi: mvm: add some missing command strings (bsc#1202131).
- iwlwifi: mvm: add support for 160Mhz in ranging measurements
(bsc#1202131).
- iwlwifi: mvm: add support for CT-KILL notification version 2
(bsc#1202131).
- iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
- iwlwifi: mvm: add support for OCE scan (bsc#1202131).
- iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
- iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
- iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting
(bsc#1202131).
- iwlwifi: mvm: always remove the session protection after association
(bsc#1202131).
- iwlwifi: mvm: always store the PPAG table as the latest version
(bsc#1202131).
- iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
- iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
- iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif()
(bsc#1202131).
- iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
- iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
- iwlwifi: mvm: correctly set channel flags (bsc#1202131).
- iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
- iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
- iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
- iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
- iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
- iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a
pointer (bsc#1202131).
- iwlwifi: mvm: do not send BAID removal to the FW during hw_restart
(bsc#1202131).
- iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
- iwlwifi: mvm: drop too short packets silently (bsc#1202131).
- iwlwifi: mvm: extend session protection on association (bsc#1202131).
- iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc()
(bsc#1202131).
- iwlwifi: mvm: fix a stray tab (bsc#1202131).
- iwlwifi: mvm: fix condition which checks the version of rate_n_flags
(bsc#1202131).
- iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
- iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
- iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs()
(bsc#1202131).
- iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
- iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
- iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
- iwlwifi: mvm: isolate offload assist (checksum) calculation
(bsc#1202131).
- iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
- iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
- iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
- iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
- iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
- iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW
(bsc#1202131).
- iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
- iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
- iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD
(bsc#1202131).
- iwlwifi: mvm: remove card state notification code (bsc#1202131).
- iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
- iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211()
(bsc#1202131).
- iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
- iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
- iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
- iwlwifi: mvm: remove session protection upon station removal
(bsc#1202131).
- iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
- iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
- iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy
(bsc#1202131).
- iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
- iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS
(bsc#1202131).
- iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
- iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions
(bsc#1202131).
- iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
- iwlwifi: mvm: support RLC configuration command (bsc#1202131).
- iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
- iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
- iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
- iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
- iwlwifi: mvm: update RFI TLV (bsc#1202131).
- iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
- iwlwifi: mvm: update rate scale in moving back to assoc state
(bsc#1202131).
- iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
- iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
- iwlwifi: nvm: Correct HE capability (bsc#1202131).
- iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
- iwlwifi: parse error tables from debug TLVs (bsc#1202131).
- iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
- iwlwifi: pcie: add jacket bit to device configuration parsing
(bsc#1202131).
- iwlwifi: pcie: add support for MS devices (bsc#1202131).
- iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
- iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
- iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
- iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
- iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
- iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow
(bsc#1202131).
- iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
- iwlwifi: pcie: remove duplicate entry (bsc#1202131).
- iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
- iwlwifi: pcie: retake ownership after reset (bsc#1202131).
- iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
- iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
- iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
- iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
- iwlwifi: pnvm: print out the version properly (bsc#1202131).
- iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
- iwlwifi: propagate (const) type qualifier (bsc#1202131).
- iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
- iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
- iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
- iwlwifi: remove contact information (bsc#1202131).
- iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
- iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
- iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
- iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
- iwlwifi: remove unused macros (bsc#1202131).
- iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF
(bsc#1202131).
- iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD
(bsc#1202131).
- iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
- iwlwifi: scan: Modify return value of a function (bsc#1202131).
- iwlwifi: support 4-bits in MAC step value (bsc#1202131).
- iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
- iwlwifi: support new queue allocation command (bsc#1202131).
- iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
- iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC
configuration (bsc#1202131).
- iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
- iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
- iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
- iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
- iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
- iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
- iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
- iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
- iwlwifi: yoyo: fw debug config from context info and preset
(bsc#1202131).
- iwlwifi: yoyo: send hcmd to fw after dump collection completes
(bsc#1202131).
- iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
- iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
- iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
- iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
- kabi/severities: add Qlogic qed symbols
- kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
- kabi/severities: add hisilicon hns3 symbols
- kabi/severities: add microchip dsa drivers
- kabi/severities: ignore kABI changes in mwifiex drivers Those symbols
are used only locally in mwifiex (sub-)modules.
- kabi/severities: octeontx2 driver (jsc#SLE-24682)
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kbuild: fix the modules order between drivers and libs (git-fixes).
- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd
attempt) (git-fixes).
- kcm: fix strp_init() order and cleanup (git-fies).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kernel-source: include the kernel signature file We assume that the
upstream tarball is used for released kernels. Then we can also include
the signature file and keyring in the kernel-source src.rpm. Because of
mkspec code limitation exclude the signature and keyring from binary
packages always - mkspec does not parse spec conditionals.
- kfifo: fix kfifo_to_user() return type (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lib/smp_processor_id: fix imbalanced instrumentation_end() call
(git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1190497).
- locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
- loop: Check for overflow while configuring loop (git-fies).
- mac80211: fix a memory leak where sta_info is not freed (git-fixes).
- mac80211: introduce channel switch disconnect function (bsc#1202131).
- marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md/raid0: Ignore RAID0 layout if the second zone has only one device
(git-fixes).
- md/raid1: fix missing bitmap update w/o WriteMostly devices
(bsc#1203036).
- media: [PATCH] pci: atomisp_cmd: fix three missing checks on list
iterator (git-fixes).
- media: atmel: atmel-sama7g5-isc: fix warning in configs without OF
(git-fixes).
- media: cedrus: h265: Fix flag name (git-fixes).
- media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
- media: driver/nxp/imx-jpeg: fix a unexpected return value problem
(git-fixes).
- media: hantro: postproc: Fix motion vector space size (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: hevc: Embedded indexes in RPS (git-fixes).
- media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
- media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
- media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
- media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set
(git-fixes).
- mediatek: mt76: eeprom: fix missing of_node_put() in
mt76_find_power_limits_node() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
(git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with
@SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes). kABI: Fix kABI after "mm/rmap: Fix anon_vma->degree
ambiguity leading to double-reuse" (git-fixes).
- mm/rmap: Fix anon_vma-degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- mmc: block: Add single read for 4k sector cards (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
- mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
(git-fixes).
- mmc: mxcmmc: Silence a clang warning (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
(git-fixes).
- mmc: tmio: avoid glitches when resetting (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
(git-fixes).
- mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
- mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
- mtd: dataflash: Add SPI ID table (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
(git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase
times (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
(git-fixes).
- mtd: spi-nor: fix spi_nor_spimem_setup_op() call in
spi_nor_erase_{sector,chip}() (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
(git-fixes).
- musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
- n_gsm: remove unused parameters from gsm_error() (git-fixes).
- net: asix: fix "can't send until first packet is send" issue (git-fixes).
- net: bcmgenet: Use stronger register read/writes to assure ordering
(git-fixes).
- net: dsa: b53: Add SPI ID table (git-fixes).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
(git-fixes).
- net: dsa: felix: purge skb from TX timestamping queue if it cannot be
sent (git-fies).
- net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
- net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
- net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports
(git-fixes).
- net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
- net: dsa: microchip: implement multi-bridge support (git-fixes).
- net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family
(git-fixes).
- net: dsa: mv88e6xxx: Drop unnecessary check in
mv88e6393x_serdes_erratum_4_6() (git-fixes).
- net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
- net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X
(git-fixes).
- net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family
(git-fixes).
- net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed
(git-fixes).
- net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and
receiver (git-fixes).
- net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down()
(git-fixes).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
- net: dsa: mv88e6xxx: error handling for serdes_power functions
(git-fixes).
- net: dsa: mv88e6xxx: fix "do not use PHY_DETECT on internal PHY's"
(git-fixes).
- net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
- net: dsa: qca8k: fix MTU calculation (git-fixes).
- net: dsa: seville: register the mdiobus under devres (git-fixes).
- net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch
lib (git-fies).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: hns3: clean residual vf config after disable sriov (git-fixes).
- net: macsec: fix potential resource leak in macsec_add_rxsa() and
macsec_add_txsa() (git-fixes).
- net: marvell: prestera: fix incorrect structure access (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in
ethtool (git-fixes).
- net: mscc: ocelot: create a function that replaces an existing VCAP
filter (git-fixes).
- net: mscc: ocelot: do not dereference NULL pointers with shared tc
filters (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: mscc: ocelot: fix incorrect balancing with down LAG ports
(git-fixes).
- net: mscc: ocelot: set up traps for PTP packets (git-fixes).
- net: openvswitch: do not send internal clone attribute to the userspace
(git-fixes).
- net: openvswitch: fix leak of nested actions (git-fixes).
- net: openvswitch: fix misuse of the cached connection on tuple changes
(git-fixes).
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
- net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume()
(git-fixes).
- net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
- net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode
(git-fixes).
- net: ptp: add a definition for the UDP port for IEEE 1588 general
messages (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmmac: clean up impossible condition (git-fixes).
- net: stmmac: disable Split Header (SPH) for Intel platforms
(bsc#1194904).
- net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
- net: stmmac: fix off-by-one error in sanity check (git-fixes).
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- net:enetc: allocate CBD ring data memory using DMA coherent methods
(git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
(git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nmi: Extend NMI watchdog's timer during LPM (bsc#1202872 ltc#197920).
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
(bnc#1189999 (Scheduler functional and performance backports)).
- nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
- nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: fix RCU hole that allowed for endless looping in multipath round
robin (bsc#1202636).
- nvmet: Expose max queues to configfs (bsc#1201865).
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
- ocfs2: fix a deadlock when commit trans (bsc#1202776).
- octeontx2-af: Add KPU changes to parse NGIO as separate layer
(jsc#SLE-24682).
- octeontx2-af: Add PTP device id for CN10K and 95O silcons
(jsc#SLE-24682).
- octeontx2-af: Add SDP interface support (jsc#SLE-24682).
- octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
- octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
- octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
- octeontx2-af: Add mbox to retrieve bandwidth profile free count
(jsc#SLE-24682).
- octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
- octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
- octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
- octeontx2-af: Allow to configure flow tag LSB byte as RSS adder
(jsc#SLE-24682).
- octeontx2-af: Change the order of queue work and interrupt disable
(jsc#SLE-24682).
- octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
- octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
- octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
- octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
- octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
- octeontx2-af: Fix spelling mistake "Makesure" -> "Make sure"
(jsc#SLE-24682).
- octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
- octeontx2-af: Flow control resource management (jsc#SLE-24682).
- octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
- octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
- octeontx2-af: Increase link credit restore polling timeout
(jsc#SLE-24682).
- octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
- octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
- octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
- octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
- octeontx2-af: Optimize KPU1 processing for variable-length headers
(jsc#SLE-24682).
- octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
- octeontx2-af: Priority flow control configuration support
(jsc#SLE-24682).
- octeontx2-af: Remove channel verification while installing MCAM rules
(jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable blkaddr
(jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable pin
(jsc#SLE-24682).
- octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
- octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
- octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc
(jsc#SLE-24682).
- octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
- octeontx2-af: Use ptp input clock info from firmware data
(jsc#SLE-24682).
- octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
- octeontx2-af: add proper return codes for AF mailbox handlers
(jsc#SLE-24682).
- octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
- octeontx2-af: cn10K: support for sched lmtst and other features
(jsc#SLE-24682).
- octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: RPM hardware timestamp configuration
(jsc#SLE-24682).
- octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
- octeontx2-af: cn10k: Use appropriate register for LMAC enable
(jsc#SLE-24682).
- octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
- octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
- octeontx2-af: configure npc for cn10k to allow packets from cpt
(jsc#SLE-24682).
- octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
- octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
- octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
- octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
- octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
- octeontx2-af: fix array bound error (jsc#SLE-24682).
- octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
- octeontx2-af: initialize action variable (jsc#SLE-24682).
- octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
- octeontx2-af: remove redudant second error check on variable err
(jsc#SLE-24682).
- octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
- octeontx2-af: verify CQ context updates (jsc#SLE-24682).
- octeontx2-nic: fix mixed module build (jsc#SLE-24682).
- octeontx2-nicvf: Add PTP hardware clock support to NIX VF
(jsc#SLE-24682).
- octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
- octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
- octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
- octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
- octeontx2-pf: Add support for adaptive interrupt coalescing
(jsc#SLE-24682).
- octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
- octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
- octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
- octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
- octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
- octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
- octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
- octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq()
(jsc#SLE-24682).
- octeontx2-pf: Simplify the receive buffer size calculation
(jsc#SLE-24682).
- octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
- octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
- octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
- octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
- octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
- octeontx2-pf: cn10k: Ensure valid pointers are freed to aura
(jsc#SLE-24682).
- octeontx2-pf: cn10k: add support for new ptp timestamp format
(jsc#SLE-24682).
- octeontx2-pf: devlink params support to set mcam entry count
(jsc#SLE-24682).
- octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate
(jsc#SLE-24682).
- octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- octeontx2-vf: Add support for adaptive interrupt coalescing
(jsc#SLE-24682).
- octeontx2: Move devlink registration to be last devlink command
(jsc#SLE-24682).
- openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
- openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
- pci: Add support for ACPI RST reset method (jsc#SLE-19359 jsc#SLE-24572).
- perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
- phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks
(git-fixes).
- phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
- pinctrl: amd: Do not save/restore interrupt status and wake status bits
(git-fixes).
- pinctrl: intel: Check against matching data instead of ACPI companion
(git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
(git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/chrome: cros_ec: Always expose last resume result (git-fixes).
- platform/chrome: cros_ec_proto: do not show MKBP version if unsupported
(git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- platform/x86: pmc_atom: Match all Lex BayTrail boards with
critclk_systems DMI table (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for
PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- proc: fix a dentry lock race between release_task and lookup (git-fixes).
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net
(git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
- pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data()
(git-fixes).
- pwm: lpc18xx: Fix period handling (git-fixes).
- qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
- r8152: fix the RX FIFO settings when suspending (git-fixes).
- r8152: fix the units of some registers for RTL8156A (git-fixes).
- random: remove useless header comment (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
(git-fixes).
- regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
- regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
- remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init
(git-fixes).
- remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
(git-fixes).
- remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
- remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
- rose: check NULL rose_loopback_neigh->loopback (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
We do the move only on 15.5+.
- rpm/kernel-binary.spec.in: simplify find for usrmerged The type test and
print line are the same for both cases. The usrmerged case only ignores
more, so refactor it to make it more obvious.
- rpm/kernel-source.spec.in: simplify finding of broken symlinks "find
-xtype l" will report them, so use that to make the search a bit faster
(without using shell).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
- rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
- s390/cpumf: Handle events cycles and instructions identical (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied
(git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
(git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- s390/kexec: handle R_390_PLT32DBL rela in
arch_kexec_apply_relocations_add() (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE
(git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
- s390/stp: clock_delta should be signed (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler
functional and performance backports)).
- sched/core: Do not requeue task on CPU excluded from cpus_mask
(bnc#1199356).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999
(Scheduler functional and performance backports)).
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git
fixes (sched/fair)).
- sched/fair: Remove redundant word " *" (bnc#1189999 (Scheduler
functional and performance backports)).
- sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
- sched: Allow newidle balancing to bail out of load_balance (bnc#1189999
(Scheduler functional and performance backports)).
- sched: Fix the check of nr_running at queue wakelist (bnc#1189999
(Scheduler functional and performance backports)).
- sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is
idle (bnc#1189999 (Scheduler functional and performance backports)).
Refresh
- sched: Remove unused function group_first_cpu() (bnc#1189999).
- scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
- scsi: hisi_sas: Keep controller active between ISR of phyup and the
event being processed (bsc#1202471).
- scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
- scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization
(bsc#1198410).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
GFT_ID (bsc#1203063).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
(bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
(bsc#1201956).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT
discovery (bsc#1203063).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
(bsc#1201956).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
(git-fixes).
- scsi: sg: Allow waiting for commands to complete on removed device
(git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: ufs: core: Fix another task management completion race (git-fixes).
- scsi: ufs: core: Fix task management completion timeout race (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports
(git-fixes).
- selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
- selftests: kvm: set rax before vmcall (git-fixes).
- selftests: timers: clocksource-switch: fix passing errors from child
(git-fixes).
- selftests: timers: valid-adjtimex: build fix for newer toolchains
(git-fixes).
- selinux: Add boundary check in put_entry() (git-fixes).
- selinux: access superblock_security_struct in LSM blob way (git-fixes).
- selinux: check return value of sel_make_avc_files (git-fixes).
- selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
- selinux: fix double free of cond_list on error paths (git-fixes).
- selinux: fix memleak in security_read_state_kernel() (git-fixes).
- selinux: fix misuse of mutex_is_locked() (git-fixes).
- selinux: use correct type for context length (git-fixes).
- serial: 8250: Add proper clock handling for OxSemi PCIe devices
(git-fixes).
- serial: 8250: Export ICR access helpers for internal use (git-fixes).
- serial: 8250: Fold EndRun device support into OxSemi Tornado code
(git-fixes).
- serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
- serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
- serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
- soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
- soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
- soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
(git-fixes).
- soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
- soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
(git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- soundwire: qcom: Check device status before reading devid (git-fixes).
- soundwire: qcom: fix device status array range (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: Fix simplification of devm_spi_register_controller (git-fixes).
- spi: dt-bindings: cadence: add missing 'required' (git-fixes).
- spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
- spi: meson-spicc: add local pow2 clock ops to preserve rate between
messages (git-fixes).
- spi: spi-altera-dfl: Fix an error handling path (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- supported.conf: added
drivers/net/ethernet/marvell/octeontx2/nic/otx2_ptp and changed all
octeontx2 modules as supported (jsc#SLE-24682)
- supported.conf: mark lib/objagg supported as dependency of mlxsw
- supported.conf: mark mlxsw modules supported (jsc#SLE-23766)
- thermal/int340x_thermal: handle data_vault when the value is
ZERO_SIZE_PTR (bsc#1201308).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
(git-fixes).
- trace/osnoise: Add migrate-disabled field to the osnoise header
(git-fixes).
- trace/timerlat: Add migrate-disabled field to the timerlat header
(git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/kprobes: Check whether get_kretprobe() returns NULL in
kretprobe_dispatcher() (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
- tracing: Have filter accept "common_cpu" to be consistent (git-fixes).
- tracing: Use a struct alignof to determine trace event field alignment
(git-fixes).
- tty: 8250: Add support for Brainboxes PX cards (git-fixes).
- tty: n_gsm: Modify CR,PF bit printk info when config requester
(git-fixes).
- tty: n_gsm: Modify cr bit value when config requester (git-fixes).
- tty: n_gsm: Modify gsmtty driver register method when config requester
(git-fixes).
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
(git-fixes).
- tty: n_gsm: avoid call of sleeping functions from atomic context
(git-fixes).
- tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
- tty: n_gsm: clean up implicit CR bit encoding in address field
(git-fixes).
- tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
- tty: n_gsm: fix DM command (git-fixes).
- tty: n_gsm: fix broken virtual tty handling (git-fixes).
- tty: n_gsm: fix deadlock and link starvation in outgoing data path
(git-fixes).
- tty: n_gsm: fix flow control handling in tx path (git-fixes).
- tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
- tty: n_gsm: fix missing mux reset on config change at responder
(git-fixes).
- tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
- tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
- tty: n_gsm: fix packet re-transmission without open control channel
(git-fixes).
- tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
- tty: n_gsm: fix resource allocation order in gsm_activate_mux()
(git-fixes).
- tty: n_gsm: fix tty registration before control channel open (git-fixes).
- tty: n_gsm: fix user open not possible at responder until initiator open
(git-fixes).
- tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
(git-fixes).
- tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
- tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: fsl_lpuart: correct the count of break characters
(git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit
engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
(git-fixes).
- usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
- usb: cdns3: Do not use priv_dev uninitialized in
cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: change place of 'priv_ep' assignment in
cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer
(git-fixes).
- usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
- usb: cdns3: fix random warning message when driver load (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch
(git-fixes).
- usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
- usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup
(git-fixes).
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core (git-fixes).
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
- usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
(git-fixes).
- usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
- usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
- usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
(git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
- usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- usb: gadget: tegra-xudc: Fix error check in
tegra_xudc_powerdomain_init() (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP
receptacles (git-fixes).
- usb: typec: tcpm: Return ENOTSUPP for power supply prop writes
(git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
(git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Avoid link settings race on interrupt reception
(git-fixes).
- usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling
(git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
- venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- vfio: Clear the caps->buf to NULL after free (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
(git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
(git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
armada_37xx_wdt_probe() (git-fixes).
- watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
(git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
(git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- wifi: rtlwifi: remove always-true condition pointed out by GCC 12
(git-fies).
- wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
- wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
- x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM
(bsc#1190497).
- x86/olpc: fix 'logical not is only applied to the left hand side'
(git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
- x86/sev: Define the Linux-specific guest termination reasons
(bsc#1190497).
- x86/sev: Save the negotiated GHCB version (bsc#1190497).
- xen/gntdev: fix unmap notification order (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors
(git-fixes).
- xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
- xfs: fix soft lockup via spinning in filestream ag selection loop
(git-fixes).
- xfs: fix use-after-free in xattr node block inactivation (git-fixes).
- xfs: fold perag loop iteration logic into helper function (git-fixes).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: only bother with sync_filesystem during readonly remount
(git-fixes).
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
- xfs: rename the next_agno perag iteration variable (git-fixes).
- xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
- xfs: revert "xfs: actually bump warning counts when we send warnings"
(git-fixes).
- xfs: terminate perag iteration reliably on agcount (git-fixes).
- xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xfs: use setattr_copy to set vfs inode attributes (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3288=1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-3288=1
Package List:
- openSUSE Leap 15.4 (aarch64 x86_64):
cluster-md-kmp-azure-5.14.21-150400.14.13.1
cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.13.1
dlm-kmp-azure-5.14.21-150400.14.13.1
dlm-kmp-azure-debuginfo-5.14.21-150400.14.13.1
gfs2-kmp-azure-5.14.21-150400.14.13.1
gfs2-kmp-azure-debuginfo-5.14.21-150400.14.13.1
kernel-azure-5.14.21-150400.14.13.1
kernel-azure-debuginfo-5.14.21-150400.14.13.1
kernel-azure-debugsource-5.14.21-150400.14.13.1
kernel-azure-devel-5.14.21-150400.14.13.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.13.1
kernel-azure-extra-5.14.21-150400.14.13.1
kernel-azure-extra-debuginfo-5.14.21-150400.14.13.1
kernel-azure-livepatch-devel-5.14.21-150400.14.13.1
kernel-azure-optional-5.14.21-150400.14.13.1
kernel-azure-optional-debuginfo-5.14.21-150400.14.13.1
kernel-syms-azure-5.14.21-150400.14.13.1
kselftests-kmp-azure-5.14.21-150400.14.13.1
kselftests-kmp-azure-debuginfo-5.14.21-150400.14.13.1
ocfs2-kmp-azure-5.14.21-150400.14.13.1
ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.13.1
reiserfs-kmp-azure-5.14.21-150400.14.13.1
reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.13.1
- openSUSE Leap 15.4 (noarch):
kernel-devel-azure-5.14.21-150400.14.13.1
kernel-source-azure-5.14.21-150400.14.13.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64):
kernel-azure-5.14.21-150400.14.13.1
kernel-azure-debuginfo-5.14.21-150400.14.13.1
kernel-azure-debugsource-5.14.21-150400.14.13.1
kernel-azure-devel-5.14.21-150400.14.13.1
kernel-azure-devel-debuginfo-5.14.21-150400.14.13.1
kernel-syms-azure-5.14.21-150400.14.13.1
- SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch):
kernel-devel-azure-5.14.21-150400.14.13.1
kernel-source-azure-5.14.21-150400.14.13.1
References:
https://www.suse.com/security/cve/CVE-2016-3695.html
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-33135.html
https://www.suse.com/security/cve/CVE-2021-4037.html
https://www.suse.com/security/cve/CVE-2022-1184.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-2585.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-28356.html
https://www.suse.com/security/cve/CVE-2022-28693.html
https://www.suse.com/security/cve/CVE-2022-2873.html
https://www.suse.com/security/cve/CVE-2022-2905.html
https://www.suse.com/security/cve/CVE-2022-2938.html
https://www.suse.com/security/cve/CVE-2022-2959.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-3078.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://www.suse.com/security/cve/CVE-2022-39190.html
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1032323
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1189999
https://bugzilla.suse.com/1190497
https://bugzilla.suse.com/1192968
https://bugzilla.suse.com/1194592
https://bugzilla.suse.com/1194869
https://bugzilla.suse.com/1194904
https://bugzilla.suse.com/1195480
https://bugzilla.suse.com/1195917
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1197391
https://bugzilla.suse.com/1197755
https://bugzilla.suse.com/1197756
https://bugzilla.suse.com/1197757
https://bugzilla.suse.com/1197763
https://bugzilla.suse.com/1198410
https://bugzilla.suse.com/1198577
https://bugzilla.suse.com/1198702
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1199356
https://bugzilla.suse.com/1199515
https://bugzilla.suse.com/1200301
https://bugzilla.suse.com/1200313
https://bugzilla.suse.com/1200431
https://bugzilla.suse.com/1200544
https://bugzilla.suse.com/1200845
https://bugzilla.suse.com/1200868
https://bugzilla.suse.com/1200869
https://bugzilla.suse.com/1200870
https://bugzilla.suse.com/1200871
https://bugzilla.suse.com/1200872
https://bugzilla.suse.com/1200873
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201308
https://bugzilla.suse.com/1201361
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201455
https://bugzilla.suse.com/1201489
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201768
https://bugzilla.suse.com/1201865
https://bugzilla.suse.com/1201940
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1201956
https://bugzilla.suse.com/1202094
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202113
https://bugzilla.suse.com/1202131
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202262
https://bugzilla.suse.com/1202265
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202385
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202447
https://bugzilla.suse.com/1202471
https://bugzilla.suse.com/1202558
https://bugzilla.suse.com/1202564
https://bugzilla.suse.com/1202623
https://bugzilla.suse.com/1202636
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202681
https://bugzilla.suse.com/1202710
https://bugzilla.suse.com/1202711
https://bugzilla.suse.com/1202712
https://bugzilla.suse.com/1202713
https://bugzilla.suse.com/1202715
https://bugzilla.suse.com/1202716
https://bugzilla.suse.com/1202757
https://bugzilla.suse.com/1202758
https://bugzilla.suse.com/1202759
https://bugzilla.suse.com/1202761
https://bugzilla.suse.com/1202762
https://bugzilla.suse.com/1202763
https://bugzilla.suse.com/1202764
https://bugzilla.suse.com/1202765
https://bugzilla.suse.com/1202766
https://bugzilla.suse.com/1202767
https://bugzilla.suse.com/1202768
https://bugzilla.suse.com/1202769
https://bugzilla.suse.com/1202770
https://bugzilla.suse.com/1202771
https://bugzilla.suse.com/1202773
https://bugzilla.suse.com/1202774
https://bugzilla.suse.com/1202775
https://bugzilla.suse.com/1202776
https://bugzilla.suse.com/1202778
https://bugzilla.suse.com/1202779
https://bugzilla.suse.com/1202780
https://bugzilla.suse.com/1202781
https://bugzilla.suse.com/1202782
https://bugzilla.suse.com/1202783
https://bugzilla.suse.com/1202822
https://bugzilla.suse.com/1202823
https://bugzilla.suse.com/1202824
https://bugzilla.suse.com/1202860
https://bugzilla.suse.com/1202867
https://bugzilla.suse.com/1202872
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1202989
https://bugzilla.suse.com/1203036
https://bugzilla.suse.com/1203041
https://bugzilla.suse.com/1203063
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203117
https://bugzilla.suse.com/1203138
https://bugzilla.suse.com/1203139
https://bugzilla.suse.com/1203159
From sle-security-updates at lists.suse.com Fri Sep 16 19:20:09 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 21:20:09 +0200 (CEST)
Subject: SUSE-SU-2022:3291-1: important: Security update for the Linux Kernel
Message-ID: <20220916192009.2D42EF78E@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3291-1
Rating: important
References: #1169514 #1177440 #1188944 #1191881 #1194535
#1196616 #1201019 #1201420 #1201705 #1201726
#1201948 #1202096 #1202097 #1202154 #1202346
#1202347 #1202393 #1202396 #1202672 #1202897
#1202898 #1203098 #1203107
Cross-References: CVE-2020-36516 CVE-2021-4203 CVE-2022-20368
CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
CVE-2022-26373 CVE-2022-2639 CVE-2022-2663
CVE-2022-2977 CVE-2022-3028 CVE-2022-36879
CVE-2022-39188
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________
An update that solves 13 vulnerabilities and has 10 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 LTSS kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed possible out of bounds write due to improper input
validation in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
The following non-security bugs were fixed:
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
(bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails
(bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add relocation check for alternative sections (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Clean instruction state before each function validation
(bsc#1169514).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Fix switch table detection in .text.unlikely (bsc#1202396).
- objtool: Ignore empty alternatives (bsc#1169514).
- objtool: Make BP scratch register warning more robust (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3291=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3291=1
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3291=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3291=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3291=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-3291=1
Package List:
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
kernel-default-4.12.14-150000.150.101.1
kernel-default-base-4.12.14-150000.150.101.1
kernel-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debugsource-4.12.14-150000.150.101.1
kernel-default-devel-4.12.14-150000.150.101.1
kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
kernel-obs-build-4.12.14-150000.150.101.1
kernel-obs-build-debugsource-4.12.14-150000.150.101.1
kernel-syms-4.12.14-150000.150.101.1
kernel-vanilla-base-4.12.14-150000.150.101.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debugsource-4.12.14-150000.150.101.1
reiserfs-kmp-default-4.12.14-150000.150.101.1
reiserfs-kmp-default-debuginfo-4.12.14-150000.150.101.1
- SUSE Linux Enterprise Server for SAP 15 (noarch):
kernel-devel-4.12.14-150000.150.101.1
kernel-docs-4.12.14-150000.150.101.1
kernel-macros-4.12.14-150000.150.101.1
kernel-source-4.12.14-150000.150.101.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
kernel-default-4.12.14-150000.150.101.1
kernel-default-base-4.12.14-150000.150.101.1
kernel-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debugsource-4.12.14-150000.150.101.1
kernel-default-devel-4.12.14-150000.150.101.1
kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
kernel-obs-build-4.12.14-150000.150.101.1
kernel-obs-build-debugsource-4.12.14-150000.150.101.1
kernel-syms-4.12.14-150000.150.101.1
kernel-vanilla-base-4.12.14-150000.150.101.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debugsource-4.12.14-150000.150.101.1
reiserfs-kmp-default-4.12.14-150000.150.101.1
reiserfs-kmp-default-debuginfo-4.12.14-150000.150.101.1
- SUSE Linux Enterprise Server 15-LTSS (noarch):
kernel-devel-4.12.14-150000.150.101.1
kernel-docs-4.12.14-150000.150.101.1
kernel-macros-4.12.14-150000.150.101.1
kernel-source-4.12.14-150000.150.101.1
- SUSE Linux Enterprise Server 15-LTSS (s390x):
kernel-default-man-4.12.14-150000.150.101.1
kernel-zfcpdump-debuginfo-4.12.14-150000.150.101.1
kernel-zfcpdump-debugsource-4.12.14-150000.150.101.1
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debugsource-4.12.14-150000.150.101.1
kernel-default-livepatch-4.12.14-150000.150.101.1
kernel-livepatch-4_12_14-150000_150_101-default-1-150000.1.3.1
kernel-livepatch-4_12_14-150000_150_101-default-debuginfo-1-150000.1.3.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150000.150.101.1
kernel-default-base-4.12.14-150000.150.101.1
kernel-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debugsource-4.12.14-150000.150.101.1
kernel-default-devel-4.12.14-150000.150.101.1
kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
kernel-obs-build-4.12.14-150000.150.101.1
kernel-obs-build-debugsource-4.12.14-150000.150.101.1
kernel-syms-4.12.14-150000.150.101.1
kernel-vanilla-base-4.12.14-150000.150.101.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debugsource-4.12.14-150000.150.101.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
kernel-devel-4.12.14-150000.150.101.1
kernel-docs-4.12.14-150000.150.101.1
kernel-macros-4.12.14-150000.150.101.1
kernel-source-4.12.14-150000.150.101.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150000.150.101.1
kernel-default-base-4.12.14-150000.150.101.1
kernel-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debugsource-4.12.14-150000.150.101.1
kernel-default-devel-4.12.14-150000.150.101.1
kernel-default-devel-debuginfo-4.12.14-150000.150.101.1
kernel-obs-build-4.12.14-150000.150.101.1
kernel-obs-build-debugsource-4.12.14-150000.150.101.1
kernel-syms-4.12.14-150000.150.101.1
kernel-vanilla-base-4.12.14-150000.150.101.1
kernel-vanilla-base-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debuginfo-4.12.14-150000.150.101.1
kernel-vanilla-debugsource-4.12.14-150000.150.101.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
kernel-devel-4.12.14-150000.150.101.1
kernel-docs-4.12.14-150000.150.101.1
kernel-macros-4.12.14-150000.150.101.1
kernel-source-4.12.14-150000.150.101.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150000.150.101.1
cluster-md-kmp-default-debuginfo-4.12.14-150000.150.101.1
dlm-kmp-default-4.12.14-150000.150.101.1
dlm-kmp-default-debuginfo-4.12.14-150000.150.101.1
gfs2-kmp-default-4.12.14-150000.150.101.1
gfs2-kmp-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debuginfo-4.12.14-150000.150.101.1
kernel-default-debugsource-4.12.14-150000.150.101.1
ocfs2-kmp-default-4.12.14-150000.150.101.1
ocfs2-kmp-default-debuginfo-4.12.14-150000.150.101.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1169514
https://bugzilla.suse.com/1177440
https://bugzilla.suse.com/1188944
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
From sle-security-updates at lists.suse.com Fri Sep 16 19:22:52 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 21:22:52 +0200 (CEST)
Subject: SUSE-SU-2022:3292-1: moderate: Security update for ruby2.5
Message-ID: <20220916192252.759C0F78E@maintenance.suse.de>
SUSE Security Update: Security update for ruby2.5
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3292-1
Rating: moderate
References: #1193081
Cross-References: CVE-2021-41819
CVSS scores:
CVE-2021-41819 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-41819 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for ruby2.5 fixes the following issues:
- CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse
(bsc#1193081).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3292=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3292=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3292=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3292=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libruby2_5-2_5-2.5.9-150000.4.26.1
libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-2.5.9-150000.4.26.1
ruby2.5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-debugsource-2.5.9-150000.4.26.1
ruby2.5-devel-2.5.9-150000.4.26.1
ruby2.5-devel-extra-2.5.9-150000.4.26.1
ruby2.5-doc-2.5.9-150000.4.26.1
ruby2.5-stdlib-2.5.9-150000.4.26.1
ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1
- openSUSE Leap 15.4 (noarch):
ruby2.5-doc-ri-2.5.9-150000.4.26.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libruby2_5-2_5-2.5.9-150000.4.26.1
libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-2.5.9-150000.4.26.1
ruby2.5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-debugsource-2.5.9-150000.4.26.1
ruby2.5-devel-2.5.9-150000.4.26.1
ruby2.5-devel-extra-2.5.9-150000.4.26.1
ruby2.5-doc-2.5.9-150000.4.26.1
ruby2.5-stdlib-2.5.9-150000.4.26.1
ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1
- openSUSE Leap 15.3 (noarch):
ruby2.5-doc-ri-2.5.9-150000.4.26.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libruby2_5-2_5-2.5.9-150000.4.26.1
libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-2.5.9-150000.4.26.1
ruby2.5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-debugsource-2.5.9-150000.4.26.1
ruby2.5-devel-2.5.9-150000.4.26.1
ruby2.5-devel-extra-2.5.9-150000.4.26.1
ruby2.5-stdlib-2.5.9-150000.4.26.1
ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libruby2_5-2_5-2.5.9-150000.4.26.1
libruby2_5-2_5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-2.5.9-150000.4.26.1
ruby2.5-debuginfo-2.5.9-150000.4.26.1
ruby2.5-debugsource-2.5.9-150000.4.26.1
ruby2.5-devel-2.5.9-150000.4.26.1
ruby2.5-devel-extra-2.5.9-150000.4.26.1
ruby2.5-stdlib-2.5.9-150000.4.26.1
ruby2.5-stdlib-debuginfo-2.5.9-150000.4.26.1
References:
https://www.suse.com/security/cve/CVE-2021-41819.html
https://bugzilla.suse.com/1193081
From sle-security-updates at lists.suse.com Fri Sep 16 19:25:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 16 Sep 2022 21:25:22 +0200 (CEST)
Subject: SUSE-SU-2022:3293-1: important: Security update for the Linux Kernel
Message-ID: <20220916192522.8895EF78E@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3293-1
Rating: important
References: #1023051 #1032323 #1065729 #1156395 #1190497
#1194592 #1194869 #1194904 #1195480 #1195917
#1196616 #1197158 #1197391 #1197755 #1197756
#1197757 #1197763 #1198410 #1198971 #1199086
#1199364 #1199670 #1200313 #1200431 #1200465
#1200544 #1200845 #1200868 #1200869 #1200870
#1200871 #1200872 #1200873 #1201019 #1201308
#1201427 #1201442 #1201455 #1201489 #1201610
#1201675 #1201725 #1201768 #1201940 #1201956
#1201958 #1202096 #1202097 #1202113 #1202131
#1202154 #1202262 #1202265 #1202312 #1202346
#1202347 #1202385 #1202393 #1202447 #1202471
#1202558 #1202564 #1202623 #1202636 #1202672
#1202681 #1202710 #1202711 #1202712 #1202713
#1202715 #1202716 #1202757 #1202758 #1202759
#1202761 #1202762 #1202763 #1202764 #1202765
#1202766 #1202767 #1202768 #1202769 #1202770
#1202771 #1202773 #1202774 #1202775 #1202776
#1202778 #1202779 #1202780 #1202781 #1202782
#1202783 #1202822 #1202823 #1202824 #1202860
#1202867 #1202874 #1202898 #1203036 #1203041
#1203063 #1203107 #1203117 #1203138 #1203139
#1203159 SLE-18130 SLE-19359 SLE-20183 SLE-23766
SLE-24572
Cross-References: CVE-2016-3695 CVE-2020-36516 CVE-2021-33135
CVE-2021-4037 CVE-2022-20368 CVE-2022-20369
CVE-2022-2588 CVE-2022-2639 CVE-2022-2663
CVE-2022-28356 CVE-2022-28693 CVE-2022-2873
CVE-2022-2905 CVE-2022-2938 CVE-2022-2959
CVE-2022-2977 CVE-2022-3028 CVE-2022-3078
CVE-2022-32250 CVE-2022-36879 CVE-2022-36946
CVE-2022-39188 CVE-2022-39190
CVSS scores:
CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-33135 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-33135 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4037 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-4037 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-28356 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28693 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2873 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2873 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2938 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2938 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2959 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2959 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3078 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-3078 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36946 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39190 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for Legacy Software 15-SP4
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Workstation Extension 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 23 vulnerabilities, contains 5
features and has 88 fixes is now available.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in
net/netfilter/nf_tables_api.c and could cause a denial of service upon
binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of
free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c
(bnc#1203041).
- CVE-2022-28356: Fixed a refcount leak bug that was found in
net/llc/af_llc.c (bnc#1197391).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall
Information implementation that could have been used to allow an
attacker to crash the system or have other memory-corruption side
effects (bnc#1202623).
- CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA
(bsc#1201455).
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R)
SGX that may have allowed an authenticated user to potentially enable
denial of service via local access (bnc#1199515).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-2959: Fixed a race condition that was found inside the watch
queue due to a missing lock in pipe_resize_ring() (bnc#1202681
bnc#1202685).
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in
net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312
bnc#1202874).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local
users to create files for the XFS file-system with an unintended group
ownership and with group execution and SGID permission bits set
(bnc#1198702).
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found
in iSMT SMBus host controller driver (bnc#1202558).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in
net/netfilter/nf_tables_api.c that allowed a local user to became root
(bnc#1200015).
The following non-security bugs were fixed:
- 9p: Fix refcounting during full path walks for fid lookups (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old error logs
(git-fixes).
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks
(git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: VIOT: Fix ACS setup (git-fixes).
- ACPI: processor/idle: Annotate more functions to live in cpuidle section
(git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool
(git-fixes).
- ACPI: thermal: drop an always true check (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices
(git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name
only (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model
(git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED
(git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298
(git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array
(git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Add endianness annotations (git-fixes).
- ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
- ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II
(git-fixes).
- ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
- ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
- ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
- ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
- ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
- ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
- ARM: dts: ast2500-evb: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb: fix board compatible (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time
(git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges
(git-fixes).
- ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time
(git-fixes).
- ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges
(git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
- ARM: dts: imx6ul: add missing properties for sram (git-fixes).
- ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
- ARM: dts: imx6ul: fix csi node compatible (git-fixes).
- ARM: dts: imx6ul: fix keypad compatible (git-fixes).
- ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
- ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
- ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
- ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
- ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
- ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
- ARM: findbit: fix overflowing offset (git-fixes).
- ARM: shmobile: rcar-gen2: Increase refcount for new reference
(git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf()
(git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV
(git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe
(git-fixes).
- ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
- ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
- ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
- ASoC: imx-audmux: Silence a clang warning (git-fixes).
- ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
- ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
- ASoC: mchp-spdifrx: disable end of block interrupt on failures
(git-fixes).
- ASoC: mt6359: Fix refcount leak bug (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe
(git-fixes).
- ASoC: qcom: Fix missing of_node_put() in
asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl()
(git-fixes).
- ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
- ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global
to static variables (git-fixes).
- ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
- ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header
(git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
- ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
- ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
- Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
- Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
- Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
(git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg
(git-fixes).
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586
(git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587
(git-fixes).
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
- Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
- Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
- HID: add Lenovo Yoga C630 battery quirk (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: amd_sfh: Add NULL check for hid device (git-fixes).
- HID: amd_sfh: Handle condition of "no sensors" (git-fixes).
- HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- HID: hid-input: add Surface Go battery quirk (git-fixes).
- HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
- HID: multitouch: new device class fix Lenovo X12 trackpad sticky
(git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
(git-fies).
- HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: exc3000 - fix return value check of wait_for_completion_timeout
(git-fixes).
- Input: gscps2 - check return value of ioremap() in gscps2_probe()
(git-fixes).
- Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - add additional TUXEDO devices to i8042 quirk tables
(git-fies).
- Input: i8042 - merge quirk tables (git-fies).
- Input: i8042 - move __initconst to fix code styling warning (git-fies).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
(git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
- KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
- KVM: MMU: shadow nested paging does not have PKU (git-fixes).
- KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init
(bsc#1194869).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB
(bsc#1156395).
- KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations
(bsc#1194869).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr()
(bsc#1156395).
- KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator
(bsc#1194869).
- KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt
(bsc#1194869).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant
(bsc#1156395).
- KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0
(git-fixes).
- KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
- KVM: SVM: Unwind "speculative" RIP advancement if INTn injection "fails"
(git-fixes).
- KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
- KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
- KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled
(git-fixes).
- KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
- KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
- KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF
(git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Defer APICv updates while L2 is active until L1 is active
(git-fixes).
- KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4
(git-fixes).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value
(git-fixes).
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case
(git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case
(git-fixes).
- KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required
(git-fixes).
- KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested
state load (git-fixes).
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit
RLIMIT_NOFILE (git-fixes).
- KVM: selftests: Silence compiler warning in the kvm_page_table_test
(git-fixes).
- KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host
(git-fixes).
- KVM: x86/mmu: Move "invalid" check out of kvm_tdp_mmu_get_root()
(git-fixes).
- KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU
(git-fixes).
- KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
- KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
- KVM: x86: Avoid theoretical NULL pointer dereference in
kvm_irq_delivery_to_apic_fast() (git-fixes).
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq
(git-fixes).
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't
activated (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG
case (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb()
(git-fixes).
- KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
- KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
- KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes
(git-fixes).
- NFSD: Fix ia_size underflow (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI/AER: Iterate over error counters instead of error strings
(git-fixes).
- PCI/portdrv: Do not disable AER reporting in
get_port_device_capability() (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: aardvark: Fix reporting Slot capabilities on emulated bridge
(git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu()
(git-fixes).
- PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists
(git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU
(git-fixes).
- PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address
(git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization
(git-fixes).
- PCI: endpoint: Do not stop controller when unbinding endpoint function
(git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains()
(git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep()
(git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
- PM: hibernate: defer device probing when resuming from hibernation
(git-fixes).
- SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now
useless comments (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless
comments (git-fixes).
- USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- XArray: Update the LRU list in xas_split() (git-fixes).
- apparmor: Fix failed mount permission check error message (git-fixes).
- apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
- apparmor: fix aa_label_asxprint return check (git-fixes).
- apparmor: fix absroot causing audited secids to begin with = (git-fixes).
- apparmor: fix overlapping attachment computation (git-fixes).
- apparmor: fix quiet_denied for file rules (git-fixes).
- apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
- apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
- arm64: Do not forget syscall when starting a new thread (git-fixes).
- arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1
(git-fixes).
- arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
- arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
- arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
- arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
- arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node
(git-fixes).
- arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
- arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
- arm64: dts: renesas: Fix thermal-sensors on single-zone sensors
(git-fixes).
- arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
- arm64: fix oops in concurrently setting insn_emulation sysctls
(git-fixes).
- arm64: fix rodata=full (git-fixes).
- arm64: kasan: Revert "arm64: mte: reset the page tag in page->flags"
(git-fixes).
- arm64: set UXN on swapper page tables (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
- arm64: tegra: Fixup SYSRAM references (git-fixes).
- arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
- arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes).
- arm_pmu: Validate single/group leader events (git-fixes).
- asm-generic: remove a broken and needless ifdef conditional (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ath11k: Fix incorrect debug_mask mappings (git-fixes).
- ath11k: fix netdev open race (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- audit: fix potential double free on error path from
fsnotify_add_inode_mark (git-fixes).
- ax25: Fix ax25 session cleanup problems (git-fixes).
- bitfield.h: Fix "type of reg too small for mask" test (git-fixes).
- block: Fix fsync always failed if once failed (bsc#1202779).
- block: Fix wrong offset in bio_truncate() (bsc#1202780).
- block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
- block: only mark bio as tracked if it really is tracked (bsc#1202782).
- bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
- bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
- btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA
(git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in
hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames
(git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE
with netdev_warn_once() (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off
(git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off
(git-fixes).
- can: mcp251x: Fix race condition on receive interrupt (git-fixes).
- can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
- can: netlink: allow configuring of fixed bit rates without need for
do_set_bittiming callback (git-fixes).
- can: netlink: allow configuring of fixed data bit rates without need for
do_set_data_bittiming callback (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it
(git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
- ceph: do not truncate file in atomic_open (bsc#1202824).
- ceph: use correct index when encoding client supported features
(bsc#1202822).
- cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- cifs: fix reconnect on smb3 mount types (bsc#1201427).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: mediatek: reset: Fix written reset bit offset (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init
level (git-fixes).
- clk: qcom: camcc-sm8250: Fix topology around titan_top power domain
(git-fixes).
- clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description
(git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not
enabled (git-fixes).
- clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register
(git-fixes).
- clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC
(git-fixes).
- clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src
(git-fixes).
- clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address
(git-fixes).
- clk: qcom: gcc-msm8939: Fix weird field spacing in
ftbl_gcc_camss_cci_clk (git-fixes).
- clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock
(git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks
(git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
- cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
- crypto: ccp - During shutdown, check SEV data pointer before using
(git-fixes).
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel
memory leak (git-fixes).
- crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in
softirq (git-fixes).
- crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during
softirq (git-fixes).
- crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
- crypto: hisilicon/sec - fix auth key size error (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- crypto: sun8i-ss - do not allocate memory when handling hash requests
(git-fixes).
- crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
- crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
- device property: Check fwnode->secondary when finding properties
(git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC
(git-fixes).
- dma-debug: make things less spammy under memory pressure (git-fixes).
- dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
- dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
- dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics
(git-fixes).
- dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t)
(git-fixes).
- dmaengine: sf-pdma: Add multithread support for a DMA channel
(git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed
(git-fixes).
- dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler()
(git-fixes).
- docs/kernel-parameters: Update descriptions for "mitigations=" param
with retbleed (git-fixes).
- docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
- docs: zh_CN: fix a broken reference (git-fixes).
- dpaa2-eth: fix ethtool statistics (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral
(git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/iio: Remove all strcpy() uses (git-fixes).
- drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
- drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
- drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
- drm/amd/display: Avoid MPC infinite loop (git-fixes).
- drm/amd/display: Check correct bounds for stream encoder instances for
DCN303 (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled
(git-fixes).
- drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
- drm/amd/display: Fix pixel clock programming (git-fixes).
- drm/amd/display: Fix surface optimization regression on Carrizo
(git-fixes).
- drm/amd/display: For stereo keep "FLIP_ANY_FRAME" (git-fixes).
- drm/amd/display: Ignore First MST Sideband Message Return Error
(git-fixes).
- drm/amd/display: Optimize bandwidth on following fast update (git-fixes).
- drm/amd/display: Reset DMCUB before HW init (git-fixes).
- drm/amd/display: Revert "drm/amd/display: turn DPMS off on connector
unplug" (git-fixes).
- drm/amd/display: avoid doing vm_init multiple time (git-fixes).
- drm/amd/display: clear optc underflow before turn off odm clock
(git-fixes).
- drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
(git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its
preferred_domains (git-fixes).
- drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
- drm/amdgpu: Remove one duplicated ef removal (git-fixes).
- drm/amdgpu: remove useless condition in
amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
- drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated
function (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated
function (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent()
failed (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations()
error (git-fixes).
- drm/i915/display: avoid warnings when registering dual panel backlight
(git-fixes).
- drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
- drm/i915/reg: Fix spelling mistake "Unsupport" -> "Unsupported"
(git-fixes).
- drm/i915: fix null pointer dereference (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function
(git-fixes).
- drm/mediatek: Allow commands to be sent during video mode (git-fixes).
- drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
- drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
- drm/mediatek: Separate poweron/poweroff from enable/disable and define
new funcs (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled
(git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors()
(git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes).
- drm/msm/dpu: Fix for non-visible planes (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform
(git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
- drm/msm: Fix dirtyfb refcounting (git-fixes).
- drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from
pm_runtime (git-fixes).
- drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
- drm/nouveau: Do not pm_runtime_put_sync(), only
pm_runtime_put_autosuspend() (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/nouveau: recognise GA103 (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in
ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state()
(git-fixes).
- drm/shmem-helper: Add missing vunmap on error (git-fixes).
- drm/simpledrm: Fix return type of
simpledrm_simple_display_pipe_mode_valid() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes
(git-fixes).
- drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
- drm/udl: Add parameter to set number of URBs (bsc#1195917).
- drm/udl: Add reset_resume (bsc#1195917)
- drm/udl: Do not re-initialize stuff at retrying the URB list allocation
(bsc#1195917).
- drm/udl: Drop unneeded alignment (bsc#1195917).
- drm/udl: Enable damage clipping (bsc#1195917).
- drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list()
(bsc#1195917).
- drm/udl: Fix potential URB leaks (bsc#1195917).
- drm/udl: Increase the default URB list size to 20 (bsc#1195917).
- drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
- drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
- drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
- drm/udl: Restore display mode on resume (bsc#1195917)
- drm/udl: Suppress error print for -EPROTO at URB completion
(bsc#1195917).
- drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
- drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
- drm/vc4: change vc4_dma_range_matches from a global to static
(git-fixes).
- drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component
(git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable
iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
- drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes
(git-fixes).
- drm/vc4: hdmi: Disable audio if dmas property is present but empty
(git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges
(git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it
(git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
- dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
- dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources
(git-fixes).
- dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
- dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
- dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional
(git-fixes).
- eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write()
(git-fixes).
- erofs: fix deadlock when shrink erofs slab (git-fixes).
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler
(git-fies).
- exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
- exfat: Downgrade ENAMETOOLONG error message to debug messages
(bsc#1201725).
- exfat: Drop superfluous new line for error messages (bsc#1201725).
- exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
- exfat: Return ENAMETOOLONG consistently for oversized paths
(bsc#1201725).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix referencing wrong parent directory information after renaming
(git-fixes).
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I()
(git-fixes).
- exfat: use updated exfat_chain directly during renaming (git-fixes).
- export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fast commit may miss tracking unwritten range during ftruncate
(bsc#1202759).
- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state
(bsc#1202771).
- ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling in ext4_fc_record_modified_inode()
(bsc#1202767).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix fallocate to use file_modified to update permissions
consistently (bsc#1202769).
- ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE
(bsc#1202757).
- ext4: fix fs corruption when tring to remove a non-empty directory with
IO error (bsc#1202768).
- ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits'
(bsc#1202764).
- ext4: fix overhead calculation to account for the reserved gdt blocks
(bsc#1200869).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix super block checksum incorrect after mount (bsc#1202773).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no
sense (bsc#1200870).
- ext4: initialize err_blk before calling __ext4_get_inode_loc
(bsc#1202763).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: make sure to reset inode lockdep class when quota enabling fails
(bsc#1202761).
- ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
- ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
- ext4: prevent used blocks from being allocated during fast commit replay
(bsc#1202765).
- ext4: recover csum seed of tmp_inode after migrating to extents
(bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- ext4: use ext4_ext_remove_space() for fast commit replay delete range
(bsc#1202758).
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
- filemap: Handle sibling entries in filemap_get_read_batch()
(bsc#1202774).
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
(git-fixes).
- firmware: tegra: Fix error check return value of debugfs_create_file()
(git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area
(git-fixes).
- fix race between exit_itimers() and /proc/pid/timers (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero
(git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped
pages (bsc#1200873).
- ftrace/x86: Add back ftrace_expected assignment (git-fixes).
- fuse: ioctl: translate ENOSYS (bsc#1203139).
- fuse: limit nsec (bsc#1203138).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data()
(git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- habanalabs/gaudi: fix shift out of bounds (git-fixes).
- habanalabs/gaudi: mask constant value before cast (git-fixes).
- hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist
(git-fixes).
- hwmon: (drivetemp) Add module alias (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- hwmon: (sht15) Fix wrong assumptions in device remove callback
(git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- i2c: mxs: Silence a clang warning (git-fixes).
- i2c: npcm: Capitalize the one-line comment (git-fixes).
- i2c: npcm: Correct slave role behavior (git-fixes).
- i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
- ice: fix 'scheduling while atomic' on aux critical err interrupt
(git-fixes).
- ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
- ieee80211: change HE nominal packet padding value defines (bsc#1202131).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
- iio: accel: bma400: Reordering of header files (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
- iio: ad7292: Prevent regulator double disable (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: common: ssp: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large
(git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: fix iio_format_avail_range() printing for none IIO_VAL_INT
(git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
- iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
- inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- interconnect: imx: fix max_node_id (git-fixes).
- io_uring: add a schedule point in io_add_buffers() (git-fixes).
- io_uring: terminate manual loop iterator loop correctly for non-vecs
(git-fixes).
- iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
- iommu/amd: Enable swiotlb in all cases (git-fixes).
- iommu/amd: Fix I/O page table memory leak (git-fixes).
- iommu/amd: Recover from event log overflow (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement
(git-fixes).
- iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
- iommu/arm-smmu-v3: Fix size calculation in
arm_smmu_mm_invalidate_range() (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop
(git-fixes).
- iommu/dart: Add missing module owner to ops structure (git-fixes).
- iommu/dart: check return value after calling platform_get_resource()
(git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly
(git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
- iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
- iommu/mediatek: Fix NULL pointer dereference when printing dev_name
(git-fixes).
- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference
(git-fixes).
- iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find
(git-fixes).
- iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Drop stop marker messages (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
- iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
- iommu/vt-d: Remove global g_iommus array (bsc#1200301).
- iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
- iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
- iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- iommu: Fix potential use-after-free during probe (git-fixes).
- iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
- iov_iter: fix build issue due to possible type mis-match (git-fixes).
- ipmi: fix initialization when workqueue allocation fails (git-fixes).
- irqchip/sifive-plic: Add missing thead,c900-plic match string
(git-fixes).
- irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
- iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
- iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
- iwlwifi: Add support for more BZ HWs (bsc#1202131).
- iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
- iwlwifi: BZ Family SW reset support (bsc#1202131).
- iwlwifi: Configure FW debug preset via module param (bsc#1202131).
- iwlwifi: Fix FW name for gl (bsc#1202131).
- iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
- iwlwifi: Fix syntax errors in comments (bsc#1202131).
- iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
- iwlwifi: Read the correct addresses when getting the crf id
(bsc#1202131).
- iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
- iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
- iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
- iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
- iwlwifi: add new Qu-Hr device (bsc#1202131).
- iwlwifi: add new ax1650 killer device (bsc#1202131).
- iwlwifi: add new device id 7F70 (bsc#1202131).
- iwlwifi: add new pci SoF with JF (bsc#1202131).
- iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
- iwlwifi: add support for BNJ HW (bsc#1202131).
- iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
- iwlwifi: add support for Bz-Z HW (bsc#1202131).
- iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
- iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
- iwlwifi: allow rate-limited error messages (bsc#1202131).
- iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
- iwlwifi: api: remove ttl field from TX command (bsc#1202131).
- iwlwifi: api: remove unused RX status bits (bsc#1202131).
- iwlwifi: avoid variable shadowing (bsc#1202131).
- iwlwifi: avoid void pointer arithmetic (bsc#1202131).
- iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
- iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
- iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
- iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
- iwlwifi: dbg: check trigger data before access (bsc#1202131).
- iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
- iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
- iwlwifi: dbg: treat dbgc allocation failure when tlv is missing
(bsc#1202131).
- iwlwifi: dbg: treat non active regions as unsupported regions
(bsc#1202131).
- iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write
(bsc#1202131).
- iwlwifi: de-const properly where needed (bsc#1202131).
- iwlwifi: debugfs: remove useless double condition (bsc#1202131).
- iwlwifi: do not dump_stack() when we get an unexpected interrupt
(bsc#1202131).
- iwlwifi: do not use __unused as variable name (bsc#1202131).
- iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
- iwlwifi: dump CSR scratch from outer function (bsc#1202131).
- iwlwifi: dump RCM error tables (bsc#1202131).
- iwlwifi: dump both TCM error tables if present (bsc#1202131).
- iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
- iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: eeprom: clean up macros (bsc#1202131).
- iwlwifi: fix LED dependencies (bsc#1202131).
- iwlwifi: fix debug TLV parsing (bsc#1202131).
- iwlwifi: fix fw/img.c license statement (bsc#1202131).
- iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
- iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
- iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
- iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
- iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
- iwlwifi: fw: api: add link to PHY context command struct v1
(bsc#1202131).
- iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
- iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
- iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
- iwlwifi: fw: make dump_start callback void (bsc#1202131).
- iwlwifi: fw: remove dead error log code (bsc#1202131).
- iwlwifi: implement reset flow for Bz devices (bsc#1202131).
- iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
- iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
- iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
- iwlwifi: make some functions friendly to sparse (bsc#1202131).
- iwlwifi: move symbols into a separate namespace (bsc#1202131).
- iwlwifi: mvm/api: define system control command (bsc#1202131).
- iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
- iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
- iwlwifi: mvm: Add support for a new version of scan request command
(bsc#1202131).
- iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
- iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
- iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
- iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
- iwlwifi: mvm: Fix wrong documentation for scan request command
(bsc#1202131).
- iwlwifi: mvm: Passively scan non PSC channels only when requested so
(bsc#1202131).
- iwlwifi: mvm: Read acpi dsm to get channel activation bitmap
(bsc#1202131).
- iwlwifi: mvm: Remove antenna c references (bsc#1202131).
- iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions
(bsc#1202131).
- iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and
RX_NO_DATA_NOTIF (bsc#1202131).
- iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
- iwlwifi: mvm: Support new version of ranging response notification
(bsc#1202131).
- iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
- iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
- iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
- iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed
(bsc#1202131).
- iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
- iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
- iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
- iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
- iwlwifi: mvm: add some missing command strings (bsc#1202131).
- iwlwifi: mvm: add support for 160Mhz in ranging measurements
(bsc#1202131).
- iwlwifi: mvm: add support for CT-KILL notification version 2
(bsc#1202131).
- iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
- iwlwifi: mvm: add support for OCE scan (bsc#1202131).
- iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
- iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
- iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting
(bsc#1202131).
- iwlwifi: mvm: always remove the session protection after association
(bsc#1202131).
- iwlwifi: mvm: always store the PPAG table as the latest version
(bsc#1202131).
- iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
- iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
- iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif()
(bsc#1202131).
- iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
- iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
- iwlwifi: mvm: correctly set channel flags (bsc#1202131).
- iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
- iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
- iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
- iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
- iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
- iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a
pointer (bsc#1202131).
- iwlwifi: mvm: do not send BAID removal to the FW during hw_restart
(bsc#1202131).
- iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
- iwlwifi: mvm: drop too short packets silently (bsc#1202131).
- iwlwifi: mvm: extend session protection on association (bsc#1202131).
- iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc()
(bsc#1202131).
- iwlwifi: mvm: fix a stray tab (bsc#1202131).
- iwlwifi: mvm: fix condition which checks the version of rate_n_flags
(bsc#1202131).
- iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
- iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
- iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs()
(bsc#1202131).
- iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
- iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
- iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
- iwlwifi: mvm: isolate offload assist (checksum) calculation
(bsc#1202131).
- iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
- iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
- iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
- iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
- iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
- iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW
(bsc#1202131).
- iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
- iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
- iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD
(bsc#1202131).
- iwlwifi: mvm: remove card state notification code (bsc#1202131).
- iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
- iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211()
(bsc#1202131).
- iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
- iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
- iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
- iwlwifi: mvm: remove session protection upon station removal
(bsc#1202131).
- iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
- iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
- iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy
(bsc#1202131).
- iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
- iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS
(bsc#1202131).
- iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
- iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions
(bsc#1202131).
- iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
- iwlwifi: mvm: support RLC configuration command (bsc#1202131).
- iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
- iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
- iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
- iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
- iwlwifi: mvm: update RFI TLV (bsc#1202131).
- iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
- iwlwifi: mvm: update rate scale in moving back to assoc state
(bsc#1202131).
- iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
- iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
- iwlwifi: nvm: Correct HE capability (bsc#1202131).
- iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
- iwlwifi: parse error tables from debug TLVs (bsc#1202131).
- iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
- iwlwifi: pcie: add jacket bit to device configuration parsing
(bsc#1202131).
- iwlwifi: pcie: add support for MS devices (bsc#1202131).
- iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
- iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
- iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
- iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
- iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
- iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow
(bsc#1202131).
- iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
- iwlwifi: pcie: remove duplicate entry (bsc#1202131).
- iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
- iwlwifi: pcie: retake ownership after reset (bsc#1202131).
- iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
- iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
- iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
- iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
- iwlwifi: pnvm: print out the version properly (bsc#1202131).
- iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
- iwlwifi: propagate (const) type qualifier (bsc#1202131).
- iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
- iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
- iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
- iwlwifi: remove contact information (bsc#1202131).
- iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
- iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
- iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
- iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
- iwlwifi: remove unused macros (bsc#1202131).
- iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF
(bsc#1202131).
- iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD
(bsc#1202131).
- iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
- iwlwifi: scan: Modify return value of a function (bsc#1202131).
- iwlwifi: support 4-bits in MAC step value (bsc#1202131).
- iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
- iwlwifi: support new queue allocation command (bsc#1202131).
- iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
- iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC
configuration (bsc#1202131).
- iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
- iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
- iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
- iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
- iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
- iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
- iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
- iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
- iwlwifi: yoyo: fw debug config from context info and preset
(bsc#1202131).
- iwlwifi: yoyo: send hcmd to fw after dump collection completes
(bsc#1202131).
- iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
- iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
- iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
- iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal
aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in
jbd2_journal_commit_transaction() (bsc#1202715).
- kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
- kabi/severities: Exclude ppc kvm
- kabi/severities: add Qlogic qed symbols
- kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
- kabi/severities: add hisilicon hns3 symbols
- kabi/severities: add microchip dsa drivers
- kabi/severities: ignore kABI changes in mwifiex drivers Those symbols
are used only locally in mwifiex (sub-)modules.
- kabi/severities: octeontx2 driver (jsc#SLE-24682)
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kbuild: fix the modules order between drivers and libs (git-fixes).
- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd
attempt) (git-fixes).
- kcm: fix strp_init() order and cleanup (git-fies).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
- kselftest/vm: fix tests build with old libc (git-fixes).
- kselftest: Fix vdso_test_abi return status (git-fixes).
- kselftest: signal all child processes (git-fixes).
- kvm: selftests: do not use bitfields larger than 32-bits for PTEs
(git-fixes).
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using
netdev_master_upper_dev_get_rcu (git-fixes).
- landlock: Add clang-format exceptions (git-fixes).
- landlock: Change landlock_add_rule(2) argument check ordering
(git-fixes).
- landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
- landlock: Create find_rule() from unmask_layers() (git-fixes).
- landlock: Define access_mask_t to enforce a consistent access mask size
(git-fixes).
- landlock: Fix landlock_add_rule(2) documentation (git-fixes).
- landlock: Fix same-layer rule unions (git-fixes).
- landlock: Format with clang-format (git-fixes).
- landlock: Reduce the maximum number of layers to 16 (git-fixes).
- landlock: Use square brackets around "landlock-ruleset" (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lib/smp_processor_id: fix imbalanced instrumentation_end() call
(git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1190497).
- lockdep: Correct lock_classes index mapping (git-fixes).
- locking/lockdep: Avoid potential access of invalid memory in lock_class
(git-fixes).
- locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
- locking/lockdep: Iterate lock_classes directly when reading lockdep
files (git-fixes).
- loop: Check for overflow while configuring loop (git-fies).
- loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- mac80211: fix a memory leak where sta_info is not freed (git-fixes).
- mac80211: introduce channel switch disconnect function (bsc#1202131).
- macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
- macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
- macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
- macsec: limit replay window size with XPN (git-fixes).
- marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md/raid0: Ignore RAID0 layout if the second zone has only one device
(git-fixes).
- md/raid1: fix missing bitmap update w/o WriteMostly devices
(bsc#1203036).
- media: [PATCH] pci: atomisp_cmd: fix three missing checks on list
iterator (git-fixes).
- media: atmel: atmel-sama7g5-isc: fix warning in configs without OF
(git-fixes).
- media: cedrus: h265: Fix flag name (git-fixes).
- media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
- media: driver/nxp/imx-jpeg: fix a unexpected return value problem
(git-fixes).
- media: hantro: postproc: Fix motion vector space size (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: hevc: Embedded indexes in RPS (git-fixes).
- media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
- media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
- media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
- media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set
(git-fixes).
- mediatek: mt76: eeprom: fix missing of_node_put() in
mt76_find_power_limits_node() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init()
(git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- minix: fix bug when opening a file with O_DIRECT (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with
@SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- mmc: block: Add single read for 4k sector cards (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop
(git-fixes).
- mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
- mmc: meson-gx: Fix an error handling path in meson_mmc_probe()
(git-fixes).
- mmc: mxcmmc: Silence a clang warning (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe()
(git-fixes).
- mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch
(git-fixes).
- mmc: tmio: avoid glitches when resetting (git-fixes).
- msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- mt76: mt7615: do not update pm stats in case of error (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg
(git-fixes).
- mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
- mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
- mtd: dataflash: Add SPI ID table (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset
(git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
- mtd: rawnand: arasan: Update NAND bus clock instead of system clock
(git-fixes).
- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase
times (git-fixes).
- mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release
(git-fixes).
- mtd: spi-nor: fix spi_nor_spimem_setup_op() call in
spi_nor_erase_{sector,chip}() (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path
(git-fixes).
- musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
- n_gsm: remove unused parameters from gsm_error() (git-fixes).
- net: asix: fix "can't send until first packet is send" issue (git-fixes).
- net: bcmgenet: Use stronger register read/writes to assure ordering
(git-fixes).
- net: dsa: b53: Add SPI ID table (git-fixes).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering
(git-fixes).
- net: dsa: felix: purge skb from TX timestamping queue if it cannot be
sent (git-fies).
- net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
- net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
- net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports
(git-fixes).
- net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
- net: dsa: microchip: implement multi-bridge support (git-fixes).
- net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family
(git-fixes).
- net: dsa: mv88e6xxx: Drop unnecessary check in
mv88e6393x_serdes_erratum_4_6() (git-fixes).
- net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
- net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X
(git-fixes).
- net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family
(git-fixes).
- net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed
(git-fixes).
- net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and
receiver (git-fixes).
- net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down()
(git-fixes).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
- net: dsa: mv88e6xxx: error handling for serdes_power functions
(git-fixes).
- net: dsa: mv88e6xxx: fix "do not use PHY_DETECT on internal PHY's"
(git-fixes).
- net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
- net: dsa: qca8k: fix MTU calculation (git-fixes).
- net: dsa: seville: register the mdiobus under devres (git-fixes).
- net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch
lib (git-fies).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: hns3: clean residual vf config after disable sriov (git-fixes).
- net: macsec: fix potential resource leak in macsec_add_rxsa() and
macsec_add_txsa() (git-fixes).
- net: marvell: prestera: fix incorrect structure access (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in
ethtool (git-fixes).
- net: mscc: ocelot: create a function that replaces an existing VCAP
filter (git-fixes).
- net: mscc: ocelot: do not dereference NULL pointers with shared tc
filters (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in
SIOCSHWTSTAMP (git-fixes).
- net: mscc: ocelot: fix incorrect balancing with down LAG ports
(git-fixes).
- net: mscc: ocelot: set up traps for PTP packets (git-fixes).
- net: openvswitch: do not send internal clone attribute to the userspace
(git-fixes).
- net: openvswitch: fix leak of nested actions (git-fixes).
- net: openvswitch: fix misuse of the cached connection on tuple changes
(git-fixes).
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
- net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume()
(git-fixes).
- net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
- net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode
(git-fixes).
- net: ptp: add a definition for the UDP port for IEEE 1588 general
messages (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmmac: clean up impossible condition (git-fixes).
- net: stmmac: disable Split Header (SPH) for Intel platforms
(bsc#1194904).
- net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
- net: stmmac: fix off-by-one error in sanity check (git-fixes).
- net: usb: Correct PHY handling of smsc95xx (git-fixes).
- net: usb: Correct reset handling of smsc95xx (git-fixes).
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in
vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in
vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c
(bsc#1200431).
- net:enetc: allocate CBD ring data memory using DMA coherent methods
(git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout
(git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nilfs2: fix incorrect masking of permission flags for symlinks
(git-fixes).
- nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
- nilfs2: fix lockdep warnings in page operations for btree nodes
(git-fixes).
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt()
(bnc#1189999 (Scheduler functional and performance backports)).
- nouveau/svm: Fix to migrate all requested pages (git-fixes).
- nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
- nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
- nvme-auth: retry command if DNR bit is not set (bsc#1201675).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- nvme: fix RCU hole that allowed for endless looping in multipath round
robin (bsc#1202636).
- nvme: implement In-Band authentication (jsc#SLE-20183).
- nvme: kabi fixes for in-band authentication (bsc#1199086).
- nvmet-auth: expire authentication sessions (jsc#SLE-20183).
- nvmet: Expose max queues to configfs (bsc#1201865).
- nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
- ocfs2: fix a deadlock when commit trans (bsc#1202776).
- octeontx2-af: Add KPU changes to parse NGIO as separate layer
(jsc#SLE-24682).
- octeontx2-af: Add PTP device id for CN10K and 95O silcons
(jsc#SLE-24682).
- octeontx2-af: Add SDP interface support (jsc#SLE-24682).
- octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
- octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
- octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
- octeontx2-af: Add mbox to retrieve bandwidth profile free count
(jsc#SLE-24682).
- octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
- octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
- octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
- octeontx2-af: Allow to configure flow tag LSB byte as RSS adder
(jsc#SLE-24682).
- octeontx2-af: Change the order of queue work and interrupt disable
(jsc#SLE-24682).
- octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
- octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
- octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
- octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
- octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
- octeontx2-af: Fix spelling mistake "Makesure" -> "Make sure"
(jsc#SLE-24682).
- octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
- octeontx2-af: Flow control resource management (jsc#SLE-24682).
- octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
- octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
- octeontx2-af: Increase link credit restore polling timeout
(jsc#SLE-24682).
- octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
- octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
- octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
- octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
- octeontx2-af: Optimize KPU1 processing for variable-length headers
(jsc#SLE-24682).
- octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
- octeontx2-af: Priority flow control configuration support
(jsc#SLE-24682).
- octeontx2-af: Remove channel verification while installing MCAM rules
(jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable blkaddr
(jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable pin
(jsc#SLE-24682).
- octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
- octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
- octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc
(jsc#SLE-24682).
- octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
- octeontx2-af: Use ptp input clock info from firmware data
(jsc#SLE-24682).
- octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
- octeontx2-af: add proper return codes for AF mailbox handlers
(jsc#SLE-24682).
- octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
- octeontx2-af: cn10K: support for sched lmtst and other features
(jsc#SLE-24682).
- octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: RPM hardware timestamp configuration
(jsc#SLE-24682).
- octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
- octeontx2-af: cn10k: Use appropriate register for LMAC enable
(jsc#SLE-24682).
- octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
- octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
- octeontx2-af: configure npc for cn10k to allow packets from cpt
(jsc#SLE-24682).
- octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
- octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
- octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
- octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
- octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
- octeontx2-af: fix array bound error (jsc#SLE-24682).
- octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
- octeontx2-af: initialize action variable (jsc#SLE-24682).
- octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
- octeontx2-af: remove redudant second error check on variable err
(jsc#SLE-24682).
- octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
- octeontx2-af: verify CQ context updates (jsc#SLE-24682).
- octeontx2-nic: fix mixed module build (jsc#SLE-24682).
- octeontx2-nicvf: Add PTP hardware clock support to NIX VF
(jsc#SLE-24682).
- octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
- octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
- octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
- octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
- octeontx2-pf: Add support for adaptive interrupt coalescing
(jsc#SLE-24682).
- octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
- octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
- octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
- octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
- octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
- octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
- octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
- octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq()
(jsc#SLE-24682).
- octeontx2-pf: Simplify the receive buffer size calculation
(jsc#SLE-24682).
- octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
- octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
- octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
- octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
- octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
- octeontx2-pf: cn10k: Ensure valid pointers are freed to aura
(jsc#SLE-24682).
- octeontx2-pf: cn10k: add support for new ptp timestamp format
(jsc#SLE-24682).
- octeontx2-pf: devlink params support to set mcam entry count
(jsc#SLE-24682).
- octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate
(jsc#SLE-24682).
- octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- octeontx2-vf: Add support for adaptive interrupt coalescing
(jsc#SLE-24682).
- octeontx2: Move devlink registration to be last devlink command
(jsc#SLE-24682).
- openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
- openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
- openvswitch: always update flow key after nat (git-fixes).
- optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
- perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
- phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks
(git-fixes).
- phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
- pinctrl: amd: Do not save/restore interrupt status and wake status bits
(git-fixes).
- pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
- pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource()
(git-fixes).
- pinctrl: armada-37xx: Use temporary variable for struct device
(git-fixes).
- pinctrl: intel: Check against matching data instead of ACPI companion
(git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
(git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/chrome: cros_ec: Always expose last resume result (git-fixes).
- platform/chrome: cros_ec_proto: do not show MKBP version if unsupported
(git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- platform/x86: pmc_atom: Match all Lex BayTrail boards with
critclk_systems DMI table (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for
PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot
(bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_
(bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes
(bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465
ltc#197256 jsc#SLE-18130).
- powerpc/pseries: rename min_common_depth to primary_domain_index
(bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- proc: fix a dentry lock race between release_task and lookup (git-fixes).
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net
(git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
- pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data()
(git-fixes).
- pwm: lpc18xx: Fix period handling (git-fixes).
- qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
- r8152: fix the RX FIFO settings when suspending (git-fixes).
- r8152: fix the units of some registers for RTL8156A (git-fixes).
- random: remove useless header comment (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints()
(git-fixes).
- regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
- regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
- remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init
(git-fixes).
- remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init
(git-fixes).
- remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
- remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config
(git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
- rose: check NULL rose_loopback_neigh->loopback (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
- rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
- rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
- s390/cpumf: Handle events cycles and instructions identical (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space
(git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied
(git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages
(git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- s390/kexec: handle R_390_PLT32DBL rela in
arch_kexec_apply_relocations_add() (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE
(git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest
(git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
- s390/stp: clock_delta should be signed (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- samples/landlock: Add clang-format exceptions (git-fixes).
- samples/landlock: Fix path_list memory leak (git-fixes).
- samples/landlock: Format with clang-format (git-fixes).
- sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler
functional and performance backports)).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999
(Scheduler functional and performance backports)).
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git
fixes (sched/fair)).
- sched/fair: Remove redundant word " *" (bnc#1189999 (Scheduler
functional and performance backports)).
- sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
- sched: Allow newidle balancing to bail out of load_balance (bnc#1189999
(Scheduler functional and performance backports)).
- sched: Fix the check of nr_running at queue wakelist (bnc#1189999
(Scheduler functional and performance backports)).
- sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is
idle (bnc#1189999 (Scheduler functional and performance backports)).
Refresh
- sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler
functional and performance backports)).
- scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
- scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
- scripts/gdb: change kernel config dumping method (git-fixes).
- scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
- scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
- scsi: hisi_sas: Keep controller active between ISR of phyup and the
event being processed (bsc#1202471).
- scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
- scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization
(bsc#1198410).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE
(bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable
(bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test
(bsc#1201956).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for
GFT_ID (bsc#1203063).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE
(bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb()
(bsc#1201956).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT
discovery (bsc#1203063).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed
user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into
lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after
VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration
(bsc#1201956).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb
(bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown
(git-fixes).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid()
(bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets
(bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: sg: Allow waiting for commands to complete on removed device
(git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: ufs: core: Fix another task management completion race (git-fixes).
- scsi: ufs: core: Fix task management completion timeout race (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports
(git-fixes).
- seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
- selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465
ltc#197256 jsc#SLE-18130).
- selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
- selftest/vm: verify mmap addr in mremap_test (git-fixes).
- selftest/vm: verify remap destination address in mremap_test (git-fixes).
- selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
- selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
- selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
- selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT
(git-fixes).
- selftests/ftrace: make kprobe profile testcase description unique
(git-fixes).
- selftests/landlock: Add clang-format exceptions (git-fixes).
- selftests/landlock: Add tests for O_PATH (git-fixes).
- selftests/landlock: Add tests for unknown access rights (git-fixes).
- selftests/landlock: Extend access right tests to directories (git-fixes).
- selftests/landlock: Extend tests for minimal valid attribute size
(git-fixes).
- selftests/landlock: Format with clang-format (git-fixes).
- selftests/landlock: Fully test file rename with "remove" access
(git-fixes).
- selftests/landlock: Make tests build with old libc (git-fixes).
- selftests/landlock: Normalize array assignment (git-fixes).
- selftests/landlock: Test landlock_create_ruleset(2) argument check
ordering (git-fixes).
- selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
- selftests/memfd: remove unused variable (git-fixes).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test
(git-fixes).
- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit
systems (git-fixes).
- selftests/net: so_txtime: usage(): fix documentation of default clock
(git-fixes).
- selftests/net: timestamping: Fix bind_phc check (git-fixes).
- selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
- selftests/powerpc/spectre_v2: Return skip code when miss_percent is high
(git-fixes).
- selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
- selftests/resctrl: Fix null pointer dereference on open failed
(git-fixes).
- selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
- selftests/rseq: Fix ppc32 missing instruction selection "u" and "x" for
load/store (git-fixes).
- selftests/rseq: Fix ppc32 offsets by using long rather than off_t
(git-fixes).
- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big
endian (git-fixes).
- selftests/rseq: Fix warnings about #if checks of undefined tokens
(git-fixes).
- selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
- selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
- selftests/rseq: Introduce thread pointer getters (git-fixes).
- selftests/rseq: Remove arm/mips asm goto compiler work-around
(git-fixes).
- selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
- selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35
(git-fixes).
- selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
- selftests/rseq: remove ARRAY_SIZE define from individual tests
(git-fixes).
- selftests/rseq: x86-32: use %gs segment selector for accessing rseq
thread area (git-fixes).
- selftests/rseq: x86-64: use %fs segment selector for accessing rseq
thread area (git-fixes).
- selftests/seccomp: Do not call read() on TTY from background pgrp
(git-fixes).
- selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
- selftests/seccomp: Fix seccomp failure by adding missing headers
(git-fixes).
- selftests/sgx: Treat CC as one argument (git-fixes).
- selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup
setting (git-fixes).
- selftests/x86: Add validity check and allow field splitting (git-fixes).
- selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
- selftests/zram: Adapt the situation that /dev/zram0 is being used
(git-fixes).
- selftests/zram: Skip max_comp_streams interface on newer kernel
(git-fixes).
- selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
- selftests: Fix IPv6 address bind tests (git-fixes).
- selftests: Fix raw socket bind tests with VRF (git-fixes).
- selftests: add ping test with ping_group_range tuned (git-fixes).
- selftests: cgroup: Make cg_create() use 0755 for permission instead of
0644 (git-fixes).
- selftests: cgroup: Test open-time cgroup namespace usage for migration
checks (git-fixes).
- selftests: cgroup: Test open-time credential usage for migration checks
(git-fixes).
- selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
- selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
- selftests: forwarding: fix error message in learning_test (git-fixes).
- selftests: forwarding: fix flood_unicast_test when h2 supports
IFF_UNICAST_FLT (git-fixes).
- selftests: forwarding: fix learning_test when h1 supports
IFF_UNICAST_FLT (git-fixes).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- selftests: gpio: fix gpio compiling error (git-fixes).
- selftests: harness: avoid false negatives if test has no ASSERTs
(git-fixes).
- selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
- selftests: kvm: set rax before vmcall (git-fixes).
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is
operational (git-fixes).
- selftests: mlxsw: resource_scale: Fix return value (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
- selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets
(git-fixes).
- selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
- selftests: mptcp: fix diag instability (git-fixes).
- selftests: mptcp: fix ipv6 routing setup (git-fixes).
- selftests: mptcp: more stable diag tests (git-fixes).
- selftests: net: Correct case name (git-fixes).
- selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
- selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
- selftests: net: tls: remove unused variable and code (git-fixes).
- selftests: net: udpgro_fwd.sh: explicitly checking the available ping
feature (git-fixes).
- selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
- selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh
(git-fixes).
- selftests: netfilter: disable rp_filter on router (git-fixes).
- selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
- selftests: nft_concat_range: add test for reload with no element add/del
(git-fixes).
- selftests: ocelot: tc_flower_chains: specify conform-exceed action for
policer (git-fixes).
- selftests: openat2: Add missing dependency in Makefile (git-fixes).
- selftests: openat2: Print also errno in failure messages (git-fixes).
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
- selftests: pmtu.sh: Kill nettest processes launched in subshell
(git-fixes).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell
(git-fixes).
- selftests: rtc: Increase test timeout so that all tests run (git-fixes).
- selftests: skip mincore.check_file_mmap when fs lacks needed support
(git-fixes).
- selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
- selftests: timers: clocksource-switch: fix passing errors from child
(git-fixes).
- selftests: timers: valid-adjtimex: build fix for newer toolchains
(git-fixes).
- selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
- selftests: vm: fix clang build error multiple output files (git-fixes).
- selftests: x86: fix [-Wstringop-overread] warn in
test_process_vm_readv() (git-fixes).
- selinux: Add boundary check in put_entry() (git-fixes).
- selinux: access superblock_security_struct in LSM blob way (git-fixes).
- selinux: check return value of sel_make_avc_files (git-fixes).
- selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
- selinux: fix double free of cond_list on error paths (git-fixes).
- selinux: fix memleak in security_read_state_kernel() (git-fixes).
- selinux: fix misuse of mutex_is_locked() (git-fixes).
- selinux: use correct type for context length (git-fixes).
- serial: 8250: Add proper clock handling for OxSemi PCIe devices
(git-fixes).
- serial: 8250: Export ICR access helpers for internal use (git-fixes).
- serial: 8250: Fold EndRun device support into OxSemi Tornado code
(git-fixes).
- serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in
dw8250_tx_wait_empty() (git-fixes).
- serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
- serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
- serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
- soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
(git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
- soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
- soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
- soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register
(git-fixes).
- soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
- soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values
(git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- soundwire: qcom: Check device status before reading devid (git-fixes).
- soundwire: qcom: fix device status array range (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: Fix simplification of devm_spi_register_controller (git-fixes).
- spi: dt-bindings: cadence: add missing 'required' (git-fixes).
- spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
- spi: meson-spicc: add local pow2 clock ops to preserve rate between
messages (git-fixes).
- spi: spi-altera-dfl: Fix an error handling path (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in
dm_fsync_timer_callback (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: do not check memref size on return from Secure World
(git-fixes).
- tee: tee_get_drvdata(): fix description of return value (git-fixes).
- testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu
set (git-fixes).
- testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
- testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
- tests: fix idmapped mount_setattr test (git-fixes).
- thermal/int340x_thermal: handle data_vault when the value is
ZERO_SIZE_PTR (bsc#1201308).
- thermal/tools/tmon: Include pthread and time headers in tmon.h
(git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path
(git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools include UAPI: Sync sound/asound.h copy with the kernel sources
(git-fixes).
- tools/nolibc: fix incorrect truncation of exit code (git-fixes).
- tools/nolibc: i386: fix initial stack alignment (git-fixes).
- tools/nolibc: x86-64: Fix startup code bug (git-fixes).
- tools/testing/scatterlist: add missing defines (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH
(git-fixes).
- trace/osnoise: Add migrate-disabled field to the osnoise header
(git-fixes).
- trace/timerlat: Add migrate-disabled field to the timerlat header
(git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/kprobes: Check whether get_kretprobe() returns NULL in
kretprobe_dispatcher() (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
- tracing: Have filter accept "common_cpu" to be consistent (git-fixes).
- tracing: Use a struct alignof to determine trace event field alignment
(git-fixes).
- tty: 8250: Add support for Brainboxes PX cards (git-fixes).
- tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes).
- tty: n_gsm: Delete gsmtty open SABM frame when config requester
(git-fixes).
- tty: n_gsm: Modify CR,PF bit printk info when config requester
(git-fixes).
- tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
- tty: n_gsm: Modify cr bit value when config requester (git-fixes).
- tty: n_gsm: Modify gsmtty driver register method when config requester
(git-fixes).
- tty: n_gsm: Save dlci address open status when config requester
(git-fixes).
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf()
(git-fixes).
- tty: n_gsm: avoid call of sleeping functions from atomic context
(git-fixes).
- tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
- tty: n_gsm: clean up implicit CR bit encoding in address field
(git-fixes).
- tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
- tty: n_gsm: fix DM command (git-fixes).
- tty: n_gsm: fix broken virtual tty handling (git-fixes).
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
- tty: n_gsm: fix deadlock and link starvation in outgoing data path
(git-fixes).
- tty: n_gsm: fix decoupled mux resource (git-fixes).
- tty: n_gsm: fix encoding of command/response bit (git-fixes).
- tty: n_gsm: fix flow control handling in tx path (git-fixes).
- tty: n_gsm: fix frame reception handling (git-fixes).
- tty: n_gsm: fix incorrect UA handling (git-fixes).
- tty: n_gsm: fix insufficient txframe size (git-fixes).
- tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
- tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
- tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
- tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
- tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
- tty: n_gsm: fix missing mux reset on config change at responder
(git-fixes).
- tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2
(git-fixes).
- tty: n_gsm: fix missing update of modem controls after DLCI open
(git-fixes).
- tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
- tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
- tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
- tty: n_gsm: fix packet re-transmission without open control channel
(git-fixes).
- tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
- tty: n_gsm: fix reset fifo race condition (git-fixes).
- tty: n_gsm: fix resource allocation order in gsm_activate_mux()
(git-fixes).
- tty: n_gsm: fix restart handling via CLD command (git-fixes).
- tty: n_gsm: fix software flow control handling (git-fixes).
- tty: n_gsm: fix sometimes uninitialized warning in
gsm_dlci_modem_output() (git-fixes).
- tty: n_gsm: fix tty registration before control channel open (git-fixes).
- tty: n_gsm: fix user open not possible at responder until initiator open
(git-fixes).
- tty: n_gsm: fix wrong DLCI release order (git-fixes).
- tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
- tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
- tty: n_gsm: fix wrong command retry handling (git-fixes).
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()
(git-fixes).
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2
(git-fixes).
- tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
- tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
- tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: fsl_lpuart: correct the count of break characters
(git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit
engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tun: avoid double free in tun_free_netdev (git-fixes).
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu()
(git-fixes).
- tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
- uaccess: fix type mismatch warnings from access_ok() (git-fixes).
- ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
- ucounts: Fix rlimit max values check (git-fixes).
- ucounts: Fix systemd LimitNPROC with private users regression
(git-fixes).
- ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
- ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
- udmabuf: add back sanity check (git-fixes).
- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc()
(git-fixes).
- usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
- usb: cdns3: Do not use priv_dev uninitialized in
cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: change place of 'priv_ep' assignment in
cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer
(git-fixes).
- usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
- usb: cdns3: fix random warning message when driver load (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch
(git-fixes).
- usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
- usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup
(git-fixes).
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in
dwc3_qcom_acpi_register_core (git-fixes).
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
- usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop
(git-fixes).
- usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
- usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
- usb: dwc3: qcom: Add helper functions to enable,disable wake irqs
(git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
- usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS
(git-fixes).
- usb: gadget: tegra-xudc: Fix error check in
tegra_xudc_powerdomain_init() (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of
uvcg_info (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP
receptacles (git-fixes).
- usb: typec: tcpm: Return ENOTSUPP for power supply prop writes
(git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion
(git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Run unregister_netdev() before unbind() again (git-fixes).
- usbnet: smsc95xx: Avoid link settings race on interrupt reception
(git-fixes).
- usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling
(git-fixes).
- userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
- venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- vfio: Clear the caps->buf to NULL after free (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock()
(git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io()
(git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io()
(git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support
(bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
- vsock/virtio: read the negotiated features before using VQs (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in
vsock_connect_timeout() (git-fixes).
- vsock: remove vsock from connected table when connect is interrupted by
a signal (git-fixes).
- watch-queue: remove spurious double semicolon (git-fixes).
- watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
- watch_queue: Fix missing rcu annotation (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in
armada_37xx_wdt_probe() (git-fixes).
- watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource
(git-fixes).
- watchqueue: make sure to serialize 'wqueue->defunct' properly
(git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read()
(git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in
il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue
(git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is
disconnected (git-fixes).
- wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c()
(git-fixes).
- wifi: rtlwifi: remove always-true condition pointed out by GCC 12
(git-fies).
- wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
- wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()
(git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in
`wil_write_file_wmi()` (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst()
(git-fixes).
- wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
- x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM
(bsc#1190497).
- x86/olpc: fix 'logical not is only applied to the left hand side'
(git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
- x86/sev: Define the Linux-specific guest termination reasons
(bsc#1190497).
- x86/sev: Save the negotiated GHCB version (bsc#1190497).
- xen/gntdev: fix unmap notification order (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors
(git-fixes).
- xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
- xfs: fix soft lockup via spinning in filestream ag selection loop
(git-fixes).
- xfs: fix use-after-free in xattr node block inactivation (git-fixes).
- xfs: fold perag loop iteration logic into helper function (git-fixes).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: only bother with sync_filesystem during readonly remount
(git-fixes).
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
- xfs: rename the next_agno perag iteration variable (git-fixes).
- xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
- xfs: revert "xfs: actually bump warning counts when we send warnings"
(git-fixes).
- xfs: terminate perag iteration reliably on agcount (git-fixes).
- xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xfs: use setattr_copy to set vfs inode attributes (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
- xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
- xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
- xhci: dbc: refactor xhci_dbc_init() (git-fixes).
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
(git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
- zonefs: Clear inode information flags on inode creation (git-fixes).
- zonefs: Fix management of open zones (git-fixes).
- zonefs: add MODULE_ALIAS_FS (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3293=1
- SUSE Linux Enterprise Workstation Extension 15-SP4:
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-3293=1
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3293=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise Module for Legacy Software 15-SP4:
zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2022-3293=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3293=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3293=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3293=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.14.21-150400.24.21.2
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.21.2
dlm-kmp-default-5.14.21-150400.24.21.2
dlm-kmp-default-debuginfo-5.14.21-150400.24.21.2
gfs2-kmp-default-5.14.21-150400.24.21.2
gfs2-kmp-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-5.14.21-150400.24.21.2
kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2
kernel-default-base-rebuild-5.14.21-150400.24.21.2.150400.24.7.2
kernel-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debugsource-5.14.21-150400.24.21.2
kernel-default-devel-5.14.21-150400.24.21.2
kernel-default-devel-debuginfo-5.14.21-150400.24.21.2
kernel-default-extra-5.14.21-150400.24.21.2
kernel-default-extra-debuginfo-5.14.21-150400.24.21.2
kernel-default-livepatch-5.14.21-150400.24.21.2
kernel-default-livepatch-devel-5.14.21-150400.24.21.2
kernel-default-optional-5.14.21-150400.24.21.2
kernel-default-optional-debuginfo-5.14.21-150400.24.21.2
kernel-obs-build-5.14.21-150400.24.21.2
kernel-obs-build-debugsource-5.14.21-150400.24.21.2
kernel-obs-qa-5.14.21-150400.24.21.1
kernel-syms-5.14.21-150400.24.21.1
kselftests-kmp-default-5.14.21-150400.24.21.2
kselftests-kmp-default-debuginfo-5.14.21-150400.24.21.2
ocfs2-kmp-default-5.14.21-150400.24.21.2
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.21.2
reiserfs-kmp-default-5.14.21-150400.24.21.2
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.21.2
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
kernel-kvmsmall-5.14.21-150400.24.21.2
kernel-kvmsmall-debuginfo-5.14.21-150400.24.21.2
kernel-kvmsmall-debugsource-5.14.21-150400.24.21.2
kernel-kvmsmall-devel-5.14.21-150400.24.21.2
kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.21.2
kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.21.2
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-5.14.21-150400.24.21.2
kernel-debug-debuginfo-5.14.21-150400.24.21.2
kernel-debug-debugsource-5.14.21-150400.24.21.2
kernel-debug-devel-5.14.21-150400.24.21.2
kernel-debug-devel-debuginfo-5.14.21-150400.24.21.2
kernel-debug-livepatch-devel-5.14.21-150400.24.21.2
- openSUSE Leap 15.4 (aarch64):
cluster-md-kmp-64kb-5.14.21-150400.24.21.2
cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.21.2
dlm-kmp-64kb-5.14.21-150400.24.21.2
dlm-kmp-64kb-debuginfo-5.14.21-150400.24.21.2
dtb-allwinner-5.14.21-150400.24.21.1
dtb-altera-5.14.21-150400.24.21.1
dtb-amazon-5.14.21-150400.24.21.1
dtb-amd-5.14.21-150400.24.21.1
dtb-amlogic-5.14.21-150400.24.21.1
dtb-apm-5.14.21-150400.24.21.1
dtb-apple-5.14.21-150400.24.21.1
dtb-arm-5.14.21-150400.24.21.1
dtb-broadcom-5.14.21-150400.24.21.1
dtb-cavium-5.14.21-150400.24.21.1
dtb-exynos-5.14.21-150400.24.21.1
dtb-freescale-5.14.21-150400.24.21.1
dtb-hisilicon-5.14.21-150400.24.21.1
dtb-lg-5.14.21-150400.24.21.1
dtb-marvell-5.14.21-150400.24.21.1
dtb-mediatek-5.14.21-150400.24.21.1
dtb-nvidia-5.14.21-150400.24.21.1
dtb-qcom-5.14.21-150400.24.21.1
dtb-renesas-5.14.21-150400.24.21.1
dtb-rockchip-5.14.21-150400.24.21.1
dtb-socionext-5.14.21-150400.24.21.1
dtb-sprd-5.14.21-150400.24.21.1
dtb-xilinx-5.14.21-150400.24.21.1
gfs2-kmp-64kb-5.14.21-150400.24.21.2
gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.21.2
kernel-64kb-5.14.21-150400.24.21.2
kernel-64kb-debuginfo-5.14.21-150400.24.21.2
kernel-64kb-debugsource-5.14.21-150400.24.21.2
kernel-64kb-devel-5.14.21-150400.24.21.2
kernel-64kb-devel-debuginfo-5.14.21-150400.24.21.2
kernel-64kb-extra-5.14.21-150400.24.21.2
kernel-64kb-extra-debuginfo-5.14.21-150400.24.21.2
kernel-64kb-livepatch-devel-5.14.21-150400.24.21.2
kernel-64kb-optional-5.14.21-150400.24.21.2
kernel-64kb-optional-debuginfo-5.14.21-150400.24.21.2
kselftests-kmp-64kb-5.14.21-150400.24.21.2
kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.21.2
ocfs2-kmp-64kb-5.14.21-150400.24.21.2
ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.21.2
reiserfs-kmp-64kb-5.14.21-150400.24.21.2
reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.21.2
- openSUSE Leap 15.4 (noarch):
kernel-devel-5.14.21-150400.24.21.2
kernel-docs-5.14.21-150400.24.21.3
kernel-docs-html-5.14.21-150400.24.21.3
kernel-macros-5.14.21-150400.24.21.2
kernel-source-5.14.21-150400.24.21.2
kernel-source-vanilla-5.14.21-150400.24.21.2
- openSUSE Leap 15.4 (s390x):
kernel-zfcpdump-5.14.21-150400.24.21.2
kernel-zfcpdump-debuginfo-5.14.21-150400.24.21.2
kernel-zfcpdump-debugsource-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64):
kernel-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debugsource-5.14.21-150400.24.21.2
kernel-default-extra-5.14.21-150400.24.21.2
kernel-default-extra-debuginfo-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debugsource-5.14.21-150400.24.21.2
kernel-default-livepatch-5.14.21-150400.24.21.2
kernel-default-livepatch-devel-5.14.21-150400.24.21.2
kernel-livepatch-5_14_21-150400_24_21-default-1-150400.9.3.2
kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-1-150400.9.3.2
kernel-livepatch-SLE15-SP4_Update_3-debugsource-1-150400.9.3.2
- SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64):
kernel-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debugsource-5.14.21-150400.24.21.2
reiserfs-kmp-default-5.14.21-150400.24.21.2
reiserfs-kmp-default-debuginfo-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
kernel-obs-build-5.14.21-150400.24.21.2
kernel-obs-build-debugsource-5.14.21-150400.24.21.2
kernel-syms-5.14.21-150400.24.21.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
kernel-docs-5.14.21-150400.24.21.3
kernel-source-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
kernel-default-5.14.21-150400.24.21.2
kernel-default-base-5.14.21-150400.24.21.2.150400.24.7.2
kernel-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debugsource-5.14.21-150400.24.21.2
kernel-default-devel-5.14.21-150400.24.21.2
kernel-default-devel-debuginfo-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64):
kernel-64kb-5.14.21-150400.24.21.2
kernel-64kb-debuginfo-5.14.21-150400.24.21.2
kernel-64kb-debugsource-5.14.21-150400.24.21.2
kernel-64kb-devel-5.14.21-150400.24.21.2
kernel-64kb-devel-debuginfo-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
kernel-devel-5.14.21-150400.24.21.2
kernel-macros-5.14.21-150400.24.21.2
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x):
kernel-zfcpdump-5.14.21-150400.24.21.2
kernel-zfcpdump-debuginfo-5.14.21-150400.24.21.2
kernel-zfcpdump-debugsource-5.14.21-150400.24.21.2
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.14.21-150400.24.21.2
cluster-md-kmp-default-debuginfo-5.14.21-150400.24.21.2
dlm-kmp-default-5.14.21-150400.24.21.2
dlm-kmp-default-debuginfo-5.14.21-150400.24.21.2
gfs2-kmp-default-5.14.21-150400.24.21.2
gfs2-kmp-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debuginfo-5.14.21-150400.24.21.2
kernel-default-debugsource-5.14.21-150400.24.21.2
ocfs2-kmp-default-5.14.21-150400.24.21.2
ocfs2-kmp-default-debuginfo-5.14.21-150400.24.21.2
References:
https://www.suse.com/security/cve/CVE-2016-3695.html
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-33135.html
https://www.suse.com/security/cve/CVE-2021-4037.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-28356.html
https://www.suse.com/security/cve/CVE-2022-28693.html
https://www.suse.com/security/cve/CVE-2022-2873.html
https://www.suse.com/security/cve/CVE-2022-2905.html
https://www.suse.com/security/cve/CVE-2022-2938.html
https://www.suse.com/security/cve/CVE-2022-2959.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-3078.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-36946.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://www.suse.com/security/cve/CVE-2022-39190.html
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1032323
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1156395
https://bugzilla.suse.com/1190497
https://bugzilla.suse.com/1194592
https://bugzilla.suse.com/1194869
https://bugzilla.suse.com/1194904
https://bugzilla.suse.com/1195480
https://bugzilla.suse.com/1195917
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1197391
https://bugzilla.suse.com/1197755
https://bugzilla.suse.com/1197756
https://bugzilla.suse.com/1197757
https://bugzilla.suse.com/1197763
https://bugzilla.suse.com/1198410
https://bugzilla.suse.com/1198971
https://bugzilla.suse.com/1199086
https://bugzilla.suse.com/1199364
https://bugzilla.suse.com/1199670
https://bugzilla.suse.com/1200313
https://bugzilla.suse.com/1200431
https://bugzilla.suse.com/1200465
https://bugzilla.suse.com/1200544
https://bugzilla.suse.com/1200845
https://bugzilla.suse.com/1200868
https://bugzilla.suse.com/1200869
https://bugzilla.suse.com/1200870
https://bugzilla.suse.com/1200871
https://bugzilla.suse.com/1200872
https://bugzilla.suse.com/1200873
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201308
https://bugzilla.suse.com/1201427
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201455
https://bugzilla.suse.com/1201489
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201675
https://bugzilla.suse.com/1201725
https://bugzilla.suse.com/1201768
https://bugzilla.suse.com/1201940
https://bugzilla.suse.com/1201956
https://bugzilla.suse.com/1201958
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202113
https://bugzilla.suse.com/1202131
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202262
https://bugzilla.suse.com/1202265
https://bugzilla.suse.com/1202312
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202385
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202447
https://bugzilla.suse.com/1202471
https://bugzilla.suse.com/1202558
https://bugzilla.suse.com/1202564
https://bugzilla.suse.com/1202623
https://bugzilla.suse.com/1202636
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202681
https://bugzilla.suse.com/1202710
https://bugzilla.suse.com/1202711
https://bugzilla.suse.com/1202712
https://bugzilla.suse.com/1202713
https://bugzilla.suse.com/1202715
https://bugzilla.suse.com/1202716
https://bugzilla.suse.com/1202757
https://bugzilla.suse.com/1202758
https://bugzilla.suse.com/1202759
https://bugzilla.suse.com/1202761
https://bugzilla.suse.com/1202762
https://bugzilla.suse.com/1202763
https://bugzilla.suse.com/1202764
https://bugzilla.suse.com/1202765
https://bugzilla.suse.com/1202766
https://bugzilla.suse.com/1202767
https://bugzilla.suse.com/1202768
https://bugzilla.suse.com/1202769
https://bugzilla.suse.com/1202770
https://bugzilla.suse.com/1202771
https://bugzilla.suse.com/1202773
https://bugzilla.suse.com/1202774
https://bugzilla.suse.com/1202775
https://bugzilla.suse.com/1202776
https://bugzilla.suse.com/1202778
https://bugzilla.suse.com/1202779
https://bugzilla.suse.com/1202780
https://bugzilla.suse.com/1202781
https://bugzilla.suse.com/1202782
https://bugzilla.suse.com/1202783
https://bugzilla.suse.com/1202822
https://bugzilla.suse.com/1202823
https://bugzilla.suse.com/1202824
https://bugzilla.suse.com/1202860
https://bugzilla.suse.com/1202867
https://bugzilla.suse.com/1202874
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203036
https://bugzilla.suse.com/1203041
https://bugzilla.suse.com/1203063
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203117
https://bugzilla.suse.com/1203138
https://bugzilla.suse.com/1203139
https://bugzilla.suse.com/1203159
From sle-security-updates at lists.suse.com Fri Sep 16 22:20:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 00:20:07 +0200 (CEST)
Subject: SUSE-SU-2022:3294-1: important: Security update for the Linux Kernel
Message-ID: <20220916222007.9A7ABF78E@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3294-1
Rating: important
References: #1133374 #1191881 #1196616 #1201420 #1201726
#1201948 #1202096 #1202346 #1202347 #1202393
#1202897 #1202898 #1203098 #1203107
Cross-References: CVE-2019-3900 CVE-2020-36516 CVE-2022-20368
CVE-2022-20369 CVE-2022-21385 CVE-2022-2588
CVE-2022-26373 CVE-2022-2991 CVE-2022-3028
CVE-2022-36879 CVE-2022-39188
CVSS scores:
CVE-2019-3900 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVE-2019-3900 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2991 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2991 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
______________________________________________________________________________
An update that solves 11 vulnerabilities and has three
fixes is now available.
Description:
The SUSE Linux Enterprise 12 SP2 kernel was updated receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2991: Fixed an heap-based overflow in the lightnvm
implemenation (bsc#1201420).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2019-3900: Fixed infinite loop the vhost_net kernel module that
could result in a DoS scenario (bnc#1133374).
The following non-security bugs were fixed:
- net_sched: cls_route: Disallowed handle of 0 (bsc#1202393).
- mm, rmap: Fixed anon_vma->degree ambiguity leading to double-reuse
(bsc#1203098).
- lightnvm: Removed lightnvm implemenation (bsc#1191881).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3294=1
Package List:
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
kernel-default-4.4.121-92.188.1
kernel-default-base-4.4.121-92.188.1
kernel-default-base-debuginfo-4.4.121-92.188.1
kernel-default-debuginfo-4.4.121-92.188.1
kernel-default-debugsource-4.4.121-92.188.1
kernel-default-devel-4.4.121-92.188.1
kernel-syms-4.4.121-92.188.1
- SUSE Linux Enterprise Server 12-SP2-BCL (noarch):
kernel-devel-4.4.121-92.188.1
kernel-macros-4.4.121-92.188.1
kernel-source-4.4.121-92.188.1
References:
https://www.suse.com/security/cve/CVE-2019-3900.html
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2991.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1133374
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
From sle-security-updates at lists.suse.com Sat Sep 17 07:24:26 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:24:26 +0200 (CEST)
Subject: SUSE-CU-2022:2286-1: Security update of bci/bci-init
Message-ID: <20220917072426.C6741F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2286-1
Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.19.36
Container Release : 19.36
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
The following package changes have been done:
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-17.20.38 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:32:52 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:32:52 +0200 (CEST)
Subject: SUSE-CU-2022:2288-1: Security update of bci/nodejs
Message-ID: <20220917073252.F2BAFF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2288-1
Container Tags : bci/node:12 , bci/node:12-16.199 , bci/nodejs:12 , bci/nodejs:12-16.199
Container Release : 16.199
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
The following package changes have been done:
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-17.20.38 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:41:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:41:25 +0200 (CEST)
Subject: SUSE-CU-2022:2289-1: Security update of suse/sle15
Message-ID: <20220917074125.988B0F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2289-1
Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.38 , suse/sle15:15.3 , suse/sle15:15.3.17.20.38
Container Release : 17.20.38
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
The following package changes have been done:
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- perl-base-5.26.1-150300.17.11.1 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:42:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:42:31 +0200 (CEST)
Subject: SUSE-CU-2022:2290-1: Security update of bci/bci-init
Message-ID: <20220917074231.BDA40F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2290-1
Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.22.17 , bci/bci-init:latest
Container Release : 22.17
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:42:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:42:45 +0200 (CEST)
Subject: SUSE-CU-2022:2291-1: Security update of bci/bci-minimal
Message-ID: <20220917074245.EC590F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2291-1
Container Tags : bci/bci-minimal:15.4 , bci/bci-minimal:15.4.14.8 , bci/bci-minimal:latest
Container Release : 14.8
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container bci/bci-minimal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- perl-base-5.26.1-150300.17.11.1 updated
- container:micro-image-15.4.0-14.2 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:43:36 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:43:36 +0200 (CEST)
Subject: SUSE-CU-2022:2292-1: Security update of bci/rust
Message-ID: <20220917074336.DCD86F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2292-1
Container Tags : bci/rust:1.59 , bci/rust:1.59-9.44
Container Release : 9.44
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libatomic1-11.3.0+git1637-150000.1.11.2 updated
- libgomp1-11.3.0+git1637-150000.1.11.2 updated
- libitm1-11.3.0+git1637-150000.1.11.2 updated
- liblsan0-11.3.0+git1637-150000.1.11.2 updated
- libtsan0-11.3.0+git1637-150000.1.11.2 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:44:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:44:19 +0200 (CEST)
Subject: SUSE-CU-2022:2293-1: Security update of bci/rust
Message-ID: <20220917074419.D68BAF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2293-1
Container Tags : bci/rust:1.60 , bci/rust:1.60-5.27
Container Release : 5.27
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Sat Sep 17 07:44:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 17 Sep 2022 09:44:45 +0200 (CEST)
Subject: SUSE-CU-2022:2294-1: Security update of bci/rust
Message-ID: <20220917074445.DDEEEF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2294-1
Container Tags : bci/rust:1.62 , bci/rust:1.62-2.26 , bci/rust:latest
Container Release : 2.26
Severity : moderate
Type : security
References : 1047178 CVE-2017-6512
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- container:sles15-image-15.0.0-27.11.23 updated
From sle-security-updates at lists.suse.com Mon Sep 19 13:21:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 15:21:17 +0200 (CEST)
Subject: SUSE-SU-2022:3306-1: moderate: Security update for libarchive
Message-ID: <20220919132117.6739FF78E@maintenance.suse.de>
SUSE Security Update: Security update for libarchive
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3306-1
Rating: moderate
References: #1192425
Cross-References: CVE-2021-23177
CVSS scores:
CVE-2021-23177 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-23177 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libarchive fixes the following issues:
- CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the
target system (bsc#1192425).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3306=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3306=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3306=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
bsdtar-3.5.1-150400.3.6.1
bsdtar-debuginfo-3.5.1-150400.3.6.1
libarchive-debugsource-3.5.1-150400.3.6.1
libarchive-devel-3.5.1-150400.3.6.1
libarchive13-3.5.1-150400.3.6.1
libarchive13-debuginfo-3.5.1-150400.3.6.1
- openSUSE Leap 15.4 (x86_64):
libarchive13-32bit-3.5.1-150400.3.6.1
libarchive13-32bit-debuginfo-3.5.1-150400.3.6.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
bsdtar-3.5.1-150400.3.6.1
bsdtar-debuginfo-3.5.1-150400.3.6.1
libarchive-debugsource-3.5.1-150400.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libarchive-debugsource-3.5.1-150400.3.6.1
libarchive-devel-3.5.1-150400.3.6.1
libarchive13-3.5.1-150400.3.6.1
libarchive13-debuginfo-3.5.1-150400.3.6.1
References:
https://www.suse.com/security/cve/CVE-2021-23177.html
https://bugzilla.suse.com/1192425
From sle-security-updates at lists.suse.com Mon Sep 19 13:22:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 15:22:12 +0200 (CEST)
Subject: SUSE-SU-2022:3305-1: important: Security update for libtirpc
Message-ID: <20220919132212.9EF25F78E@maintenance.suse.de>
SUSE Security Update: Security update for libtirpc
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3305-1
Rating: important
References: #1201680
Cross-References: CVE-2021-46828
CVSS scores:
CVE-2021-46828 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-46828 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of
connections (bsc#1201680).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3305=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3305=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3305=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3305=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3305=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3305=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3305=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-devel-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
- openSUSE Leap 15.4 (x86_64):
libtirpc3-32bit-1.2.6-150300.3.14.1
libtirpc3-32bit-debuginfo-1.2.6-150300.3.14.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-devel-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
- openSUSE Leap 15.3 (x86_64):
libtirpc3-32bit-1.2.6-150300.3.14.1
libtirpc3-32bit-debuginfo-1.2.6-150300.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-devel-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libtirpc3-32bit-1.2.6-150300.3.14.1
libtirpc3-32bit-debuginfo-1.2.6-150300.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-devel-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libtirpc3-32bit-1.2.6-150300.3.14.1
libtirpc3-32bit-debuginfo-1.2.6-150300.3.14.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libtirpc-debugsource-1.2.6-150300.3.14.1
libtirpc-netconfig-1.2.6-150300.3.14.1
libtirpc3-1.2.6-150300.3.14.1
libtirpc3-debuginfo-1.2.6-150300.3.14.1
References:
https://www.suse.com/security/cve/CVE-2021-46828.html
https://bugzilla.suse.com/1201680
From sle-security-updates at lists.suse.com Mon Sep 19 16:21:24 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 18:21:24 +0200 (CEST)
Subject: SUSE-SU-2022:3307-1: moderate: Security update for sqlite3
Message-ID: <20220919162124.211F3F78E@maintenance.suse.de>
SUSE Security Update: Security update for sqlite3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3307-1
Rating: moderate
References: #1189802 #1195773 #1201783
Cross-References: CVE-2021-36690 CVE-2022-35737
CVSS scores:
CVE-2021-36690 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36690 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-35737 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-35737 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are
used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a
column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of
SQLite (bsc#1195773).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3307=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3307=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3307=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3307=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3307=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3307=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3307=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
sqlite3-devel-3.39.3-150000.3.17.1
- openSUSE Leap 15.4 (noarch):
sqlite3-doc-3.39.3-150000.3.17.1
- openSUSE Leap 15.4 (x86_64):
libsqlite3-0-32bit-3.39.3-150000.3.17.1
libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
sqlite3-devel-3.39.3-150000.3.17.1
- openSUSE Leap 15.3 (x86_64):
libsqlite3-0-32bit-3.39.3-150000.3.17.1
libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1
- openSUSE Leap 15.3 (noarch):
sqlite3-doc-3.39.3-150000.3.17.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
sqlite3-devel-3.39.3-150000.3.17.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64):
libsqlite3-0-32bit-3.39.3-150000.3.17.1
libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
sqlite3-devel-3.39.3-150000.3.17.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64):
libsqlite3-0-32bit-3.39.3-150000.3.17.1
libsqlite3-0-32bit-debuginfo-3.39.3-150000.3.17.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libsqlite3-0-3.39.3-150000.3.17.1
libsqlite3-0-debuginfo-3.39.3-150000.3.17.1
sqlite3-debuginfo-3.39.3-150000.3.17.1
sqlite3-debugsource-3.39.3-150000.3.17.1
References:
https://www.suse.com/security/cve/CVE-2021-36690.html
https://www.suse.com/security/cve/CVE-2022-35737.html
https://bugzilla.suse.com/1189802
https://bugzilla.suse.com/1195773
https://bugzilla.suse.com/1201783
From sle-security-updates at lists.suse.com Mon Sep 19 19:20:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:20:27 +0200 (CEST)
Subject: SUSE-SU-2022:3314-1: critical: Security update for SUSE Manager
Server 4.2
Message-ID: <20220919192027.B6A86F78E@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3314-1
Rating: critical
References: #1172705 #1187028 #1195455 #1195895 #1196729
#1198168 #1198489 #1198738 #1198903 #1199372
#1199659 #1199913 #1199950 #1200276 #1200296
#1200480 #1200532 #1200573 #1200591 #1200629
#1201142 #1201189 #1201210 #1201220 #1201224
#1201527 #1201606 #1201607 #1201626 #1201753
#1201913 #1201918 #1202142 #1202272 #1202464
#1202728 #1203287 #1203288 #1203449
Cross-References: CVE-2021-41411 CVE-2021-42740 CVE-2021-43138
CVE-2022-31129
CVSS scores:
CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves four vulnerabilities and has 35 fixes
is now available.
Description:
This update fixes the following issues:
drools:
- CVE-2021-41411: XML External Entity injection in
KieModuleModelImpl.java. (bsc#1200629)
httpcomponents-asyncclient:
- Provide maven metadata needed by other packages to build
image-sync-formula:
- Update to version 0.1.1661440526.b08d95b
* Add option to sort boot images by version (bsc#1196729)
inter-server-sync:
- Version 0.2.3
* Compress exported sql data #16631
* Add gzip dependency to decompress data file during import process
patterns-suse-manager:
- Strictly require OpenJDK 11 (bsc#1202142)
py27-compat-salt:
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
salt-netapi-client:
- Declare the LICENSE file as license and not doc
- Adapted for Enterprise Linux 9.
- Version 0.20.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0
saltboot-formula:
- Update to version 0.1.1661440526.b08d95b
* Fallback to local boot if the configured image is not synced
* improve image url modifications - preparation for ftp/http changes
spacecmd:
- Version 4.2.19-1
* Process date values in spacecmd api calls (bsc#1198903)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
spacewalk-admin:
- Version 4.2.12-1
* Add --help option to mgr-monitoring-ctl
spacewalk-backend:
- Version 4.2.24-1
* Make reposync use the configured http proxy with mirrorlist
(bsc#1198168)
* Revert proxy listChannels token caching pr#4548
* cleanup leftovers from removing unused xmlrpc endpoint
spacewalk-certs-tools:
- Version 4.2.18-1
* traditional stack bootstrap: install product packages (bsc#1201142)
spacewalk-client-tools:
- Version 4.2.20-1
* Update translation strings
spacewalk-java:
- Version 4.2.41-1
* Fixed date format on scheduler related messages (bsc#1195455)
* Support inherited values for kernel options from Cobbler API
(bsc#1199913)
* Add channel availability check for product migration (bsc#1200296)
* Check if system has all formulas correctly assigned (bsc#1201607)
* Remove group formula assignments and data on group delete (bsc#1201606)
* Fix sync for external repositories (bsc#1201753)
* fix state.apply result parsing in test mode (bsc#1201913)
* Reduce the length of image channel URL (bsc#1201220)
* Calculate dependencies between cloned channels of vendor channels
(bsc#1201626)
* fix symlinks pointing to ongres-stringprep
* Modify parameter type when communicating with the search server
(bsc#1187028)
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Fix the confirm message on the refresh action by adding a link to
pending actions on it (bsc#1172705)
* require new salt-netapi-client version
* Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
spacewalk-search:
- Version 4.2.8-1
* Add methods to handle session id as String
spacewalk-web:
- Version 4.2.29-1
* CVE-2021-43138: Obtain privileges via the `mapValues()` method.
(bsc#1200480)
* CVE-2021-42740: Command injection in the shell-quote package.
(bsc#1203287)
* CVE-2022-31129: Denial-of-Service moment: inefficient parsing
algorithm (bsc#1203288)
* Fix table header layout for unselectable tables
* Fix initial profile and build host on Image Build page (bsc#1199659)
subscription-matcher:
- Added Guava maximum version requirement.
susemanager:
- Version 4.2.37-1
* mark new dependencies for python-py optional in bootstrap repo to fix
generation for older service packs (bsc#1203449)
- Version 4.2.36-1
* add missing packages on SLES 15
* remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
* mgr-create-bootstrap-repo: flush directory also when called for a
specific label (bsc#1200573)
* add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)
* remove python-tornado from bootstrap repo, since no longer required
for salt version >= 3000
* add openSUSE 15.4 product (bsc#1201527)
* add clients tool product to generate bootstrap repo on openSUSE 15.x
(bsc#1201189)
susemanager-doc-indexes:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain
Salt as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and
about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp
(bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the
Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and
about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt
Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide
(bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client
systems
susemanager-docs_en:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain
Salt as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and
about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp
(bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the
Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and
about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt
Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide
(bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client
systems
susemanager-schema:
- Version 4.2.24-1
* Fix migration of image actions (bsc#1202272)
susemanager-sls:
- Version 4.2.27-1
* Copy grains file with util.mgr_switch_to_venv_minion state apply
* Remove the message 'rpm: command not found' on using Salt SSH with
Debian based systems which has no Salt Bundle
* Prevent possible tracebacks on calling module.run from mgrcompat by
setting proper globals with using LazyLoader
* Fix deploy of SLE Micro CA Certificate (bsc#1200276)
uyuni-common-libs:
- Version 4.2.7-1
* Do not allow creating path if nonexistent user or group in fileutils.
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
inter-server-sync-0.2.3-150300.8.22.2
inter-server-sync-debuginfo-0.2.3-150300.8.22.2
patterns-suma_retail-4.2-150300.4.12.2
patterns-suma_server-4.2-150300.4.12.2
python3-uyuni-common-libs-4.2.7-150300.3.9.2
susemanager-4.2.37-150300.3.41.1
susemanager-tools-4.2.37-150300.3.41.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
drools-7.17.0-150300.4.6.2
httpcomponents-asyncclient-4.1.4-150300.3.3.2
image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2
py27-compat-salt-3000.3-150300.7.7.23.2
python3-spacewalk-certs-tools-4.2.18-150300.3.24.3
python3-spacewalk-client-tools-4.2.20-150300.4.24.3
salt-netapi-client-0.20.0-150300.3.9.4
saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2
spacecmd-4.2.19-150300.4.27.2
spacewalk-admin-4.2.12-150300.3.15.3
spacewalk-backend-4.2.24-150300.4.29.5
spacewalk-backend-app-4.2.24-150300.4.29.5
spacewalk-backend-applet-4.2.24-150300.4.29.5
spacewalk-backend-config-files-4.2.24-150300.4.29.5
spacewalk-backend-config-files-common-4.2.24-150300.4.29.5
spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5
spacewalk-backend-iss-4.2.24-150300.4.29.5
spacewalk-backend-iss-export-4.2.24-150300.4.29.5
spacewalk-backend-package-push-server-4.2.24-150300.4.29.5
spacewalk-backend-server-4.2.24-150300.4.29.5
spacewalk-backend-sql-4.2.24-150300.4.29.5
spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5
spacewalk-backend-tools-4.2.24-150300.4.29.5
spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5
spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5
spacewalk-base-4.2.29-150300.3.27.3
spacewalk-base-minimal-4.2.29-150300.3.27.3
spacewalk-base-minimal-config-4.2.29-150300.3.27.3
spacewalk-certs-tools-4.2.18-150300.3.24.3
spacewalk-client-tools-4.2.20-150300.4.24.3
spacewalk-html-4.2.29-150300.3.27.3
spacewalk-java-4.2.41-150300.3.43.5
spacewalk-java-config-4.2.41-150300.3.43.5
spacewalk-java-lib-4.2.41-150300.3.43.5
spacewalk-java-postgresql-4.2.41-150300.3.43.5
spacewalk-search-4.2.8-150300.3.12.2
spacewalk-taskomatic-4.2.41-150300.3.43.5
subscription-matcher-0.29-150300.6.12.2
susemanager-doc-indexes-4.2-150300.12.33.4
susemanager-docs_en-4.2-150300.12.33.2
susemanager-docs_en-pdf-4.2-150300.12.33.2
susemanager-schema-4.2.24-150300.3.27.3
susemanager-sls-4.2.27-150300.3.33.4
uyuni-config-modules-4.2.27-150300.3.33.4
References:
https://www.suse.com/security/cve/CVE-2021-41411.html
https://www.suse.com/security/cve/CVE-2021-42740.html
https://www.suse.com/security/cve/CVE-2021-43138.html
https://www.suse.com/security/cve/CVE-2022-31129.html
https://bugzilla.suse.com/1172705
https://bugzilla.suse.com/1187028
https://bugzilla.suse.com/1195455
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1196729
https://bugzilla.suse.com/1198168
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198738
https://bugzilla.suse.com/1198903
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1199659
https://bugzilla.suse.com/1199913
https://bugzilla.suse.com/1199950
https://bugzilla.suse.com/1200276
https://bugzilla.suse.com/1200296
https://bugzilla.suse.com/1200480
https://bugzilla.suse.com/1200532
https://bugzilla.suse.com/1200573
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200629
https://bugzilla.suse.com/1201142
https://bugzilla.suse.com/1201189
https://bugzilla.suse.com/1201210
https://bugzilla.suse.com/1201220
https://bugzilla.suse.com/1201224
https://bugzilla.suse.com/1201527
https://bugzilla.suse.com/1201606
https://bugzilla.suse.com/1201607
https://bugzilla.suse.com/1201626
https://bugzilla.suse.com/1201753
https://bugzilla.suse.com/1201913
https://bugzilla.suse.com/1201918
https://bugzilla.suse.com/1202142
https://bugzilla.suse.com/1202272
https://bugzilla.suse.com/1202464
https://bugzilla.suse.com/1202728
https://bugzilla.suse.com/1203287
https://bugzilla.suse.com/1203288
https://bugzilla.suse.com/1203449
From sle-security-updates at lists.suse.com Mon Sep 19 19:25:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:25:05 +0200 (CEST)
Subject: SUSE-SU-2022:3312-1: moderate: Security update for
libcontainers-common
Message-ID: <20220919192505.410D3F78E@maintenance.suse.de>
SUSE Security Update: Security update for libcontainers-common
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3312-1
Rating: moderate
References: #1176804 #1177598 #1181640 #1182998 #1188520
#1189893
Cross-References: CVE-2020-14370 CVE-2020-15157 CVE-2021-20199
CVE-2021-20291 CVE-2021-3602
CVSS scores:
CVE-2020-14370 (NVD) : 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-14370 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2020-15157 (NVD) : 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2020-15157 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-20199 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2021-20199 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2021-20291 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-20291 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2021-3602 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-3602 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for libcontainers-common fixes the following issues:
libcontainers-common was updated:
- common component was updated to 0.44.0.
- storage component was updated to 1.36.0.
- image component was updated to 5.16.0.
- podman component was updated to 3.3.1.
3.3.1:
Bugfixes:
- Fixed a bug where unit files created by `podman generate systemd` could
not cleanup shut down containers when stopped by `systemctl stop` .
- Fixed a bug where `podman machine` commands would not properly locate
the `gvproxy` binary in some circumstances.
- Fixed a bug where containers created as part of a pod using the
`--pod-id-file` option would not join the pod's network namespace .
- Fixed a bug where Podman, when using the systemd cgroups driver, could
sometimes leak dbus sessions.
- Fixed a bug where the `until` filter to `podman logs` and `podman
events` was improperly handled, requiring input to be negated .
- Fixed a bug where rootless containers using CNI networking run on
systems using `systemd-resolved` for DNS would fail to start if resolved
symlinked `/etc/resolv.conf` to an absolute path .
API:
- A large number of potential file descriptor leaks from improperly
closing client connections have been fixed.
3.3.0:
Features:
- Containers inside VMs created by `podman machine` will now automatically
handle port forwarding - containers in `podman machine` VMs that publish
ports via `--publish` or `--publish-all` will have these ports not just
forwarded on the VM, but also on the host system.
- The `podman play kube` command's `--network` option now accepts advanced
network options (e.g. `--network slirp4netns:port_handler=slirp4netns`) .
- The `podman play kube` commmand now supports Kubernetes liveness probes,
which will be created as Podman healthchecks.
- Podman now provides a systemd unit, `podman-restart.service`, which,
when enabled, will restart all containers that were started with
`--restart=always` after the system reboots.
- Rootless Podman can now be configured to use CNI networking by default
by using the `rootless_networking` option in `containers.conf`.
- Images can now be pulled using `image:tag at digest` syntax (e.g. `podman
pull
fedora:34 at sha256:1b0d4ddd99b1a8c8a80e885aafe6034c95f266da44ead992aab388e6aa
91611a`) .
- The `podman container checkpoint` and `podman container restore`
commands can now be used to checkpoint containers that are in pods, and
restore those containers into pods.
- The `podman container restore` command now features a new option,
`--publish`, to change the ports that are forwarded to a container that
is being restored from an exported checkpoint.
- The `podman container checkpoint` command now features a new option,
`--compress`, to specify the compression algorithm that will be used on
the generated checkpoint.
- The `podman pull` command can now pull multiple images at once (e.g.
`podman pull fedora:34 ubi8:latest` will pull both specified images).
- THe `podman cp` command can now copy files from one container into
another directly (e.g. `podman cp containera:/etc/hosts
containerb:/etc/`) .
- The `podman cp` command now supports a new option, `--archive`, which
controls whether copied files will be chown'd to the UID and GID of the
user of the destination container.
- The `podman stats` command now provides two additional metrics: Average
CPU, and CPU time.
- The `podman pod create` command supports a new flag, `--pid`, to specify
the PID namespace of the pod. If specified, containers that join the pod
will automatically share its PID namespace.
- The `podman pod create` command supports a new flag, `--infra-name`,
which allows the name of the pod's infra container to be set .
- The `podman auto-update` command has had its output reformatted - it is
now much clearer what images were pulled and what containers were
updated.
- The `podman auto-update` command now supports a new option, `--dry-run`,
which reports what would be updated but does not actually perform the
update .
- The `podman build` command now supports a new option, `--secret`, to
mount secrets into build containers.
- The `podman manifest remove` command now has a new alias, `podman
manifest rm`.
- The `podman login` command now supports a new option, `--verbose`, to
print detailed information about where the credentials entered were
stored.
- The `podman events` command now supports a new event, `exec_died`, which
is produced when an exec session exits, and includes the exit code of
the exec session.
- The `podman system connection add` command now supports adding
connections that connect using the `tcp://` and `unix://` URL schemes.
- The `podman system connection list` command now supports a new flag,
`--format`, to determine how the output is printed.
- The `podman volume prune` and `podman volume ls` commands' `--filter`
option now support a new filter, `until`, that matches volumes created
before a certain time .
- The `podman ps --filter` option's `network` filter now accepts a new
value: `container:`, which matches containers that share a network
namespace with a specific container .
- The `podman diff` command can now accept two arguments, allowing two
images or two containers to be specified; the diff between the two will
be printed .
- Podman can now optionally copy-up content from containers into volumes
mounted into those containers earlier (at creation time, instead of at
runtime) via the `prepare_on_create` option in `containers.conf` .
- A new option, `--gpus`, has been added to `podman create` and `podman
run` as a no-op for better compatibility with Docker. If the
nvidia-container-runtime package is installed, GPUs should be
automatically added to containers without using the flag.
- If an invalid subcommand is provided, similar commands to try will now
be suggested in the error message. ### Changes
- The `podman system reset` command now removes non-Podman (e.g. Buildah
and CRI-O) containers as well.
- The new port forwarding offered by `podman machine` requires [gvproxy]
in order to function.
- Podman will now automatically create the default CNI network if it does
not exist, for both root and rootless users. This will only be done once
per user - if the network is subsequently removed, it will not be
recreated.
- The `install.cni` makefile option has been removed. It is no longer
required to distribute the default `87-podman.conflist` CNI
configuration file, as Podman will now automatically create it.
- The `--root` option to Podman will not automatically clear all default
storage options when set. Storage options can be set manually using
`--storage-opt` .
- The output of `podman system connection list` is now deterministic, with
connections being sorted alpabetically by their name.
- The auto-update service (`podman-auto-update.service`) has had its
default timer adjusted so it now starts at a random time up to 15
minutes after midnight, to help prevent system congestion from numerous
daily services run at once.
- Systemd unit files generated by `podman generate systemd` now depend on
`network-online.target` by default .
- Systemd unit files generated by `podman generate systemd` now use
`Type=notify` by default, instead of using PID files.
- The `podman info` command's logic for detecting package versions on
Gentoo has been improved, and should be significantly faster.
Bugfixes:
- Fixed a bug where the `podman play kube` command did not perform SELinux
relabelling of volumes specified with a `mountPath` that included the
`:z` or `:Z` options .
- Fixed a bug where the `podman play kube` command would ignore the `USER`
and `EXPOSE` directives in images .
- Fixed a bug where the `podman play kube` command would only accept
lowercase pull policies.
- Fixed a bug where named volumes mounted into containers with the `:z` or
`:Z` options were not appropriately relabelled for access from the
container .
- Fixed a bug where the `podman logs -f` command, with the `journald` log
driver, could sometimes fail to pick up the last line of output from a
container .
- Fixed a bug where running `podman rm` on a container created with the
`--rm` option would occasionally emit an error message saying the
container failed to be removed, when it was successfully removed.
- Fixed a bug where starting a Podman container would segfault if the
`LISTEN_PID` and `LISTEN_FDS` environment variables were set, but
`LISTEN_FDNAMES` was not .
- Fixed a bug where exec sessions in containers were sometimes not cleaned
up when run without `-d` and when the associated `podman exec` process
was killed before completion.
- Fixed a bug where `podman system service` could, when run in a systemd
unit file with sdnotify in use, drop some connections when it was
starting up.
- Fixed a bug where containers run using the REST API using the
`slirp4netns` network mode would leave zombie processes that were not
cleaned up until `podman system service` exited .
- Fixed a bug where the `podman system service` command would leave zombie
processes after its initial launch that were not cleaned up until it
exited .
- Fixed a bug where VMs created by `podman machine` could not be started
after the host system restarted .
- Fixed a bug where the `podman pod ps` command would not show headers for
optional information (e.g. container names when the `--ctr-names` option
was given).
- Fixed a bug where the remote Podman client's `podman create` and `podman
run` commands would ignore timezone configuration from the server's
`containers.conf` file .
- Fixed a bug where the remote Podman client's `podman build` command
would only respect `.containerignore` and not `.dockerignore` files
(when both are present, `.containerignore` will be preferred) .
- Fixed a bug where the remote Podman client's `podman build` command
would fail to send the Dockerfile being built to the server when it was
excluded by the `.dockerignore` file, resulting in an error .
- Fixed a bug where the remote Podman client's `podman build` command
could unexpectedly stop streaming the output of the build .
- Fixed a bug where the remote Podman client's `podman build` command
would fail to build when run on Windows .
- Fixed a bug where the `podman manifest create` command accepted at most
two arguments (an arbitrary number of images are allowed as arguments,
which will be added to the manifest).
- Fixed a bug where named volumes would not be properly chowned to the UID
and GID of the directory they were mounted over when first mounted into
a container .
- Fixed a bug where named volumes created using a volume plugin would be
removed from Podman, even if the plugin reported a failure to remove the
volume .
- Fixed a bug where the remote Podman client's `podman exec -i` command
would hang when input was provided via shell redirection (e.g. `podman
--remote exec -i foo cat <<<"hello"`) .
- Fixed a bug where containers created with `--rm` were not immediately
removed after being started by `podman start` if they failed to start .
- Fixed a bug where the `--storage-opt` flag to `podman create` and
`podman run` was nonfunctional .
- Fixed a bug where the `--device-cgroup-rule` option to `podman create`
and `podman run` was nonfunctional .
- Fixed a bug where the `--tls-verify` option to `podman manifest push`
was nonfunctional.
- Fixed a bug where the `podman import` command could, in some
circumstances, produce empty images .
- Fixed a bug where images pulled using the `docker-daemon:` transport had
the wrong registry (`localhost` instead of `docker.io/library`) .
- Fixed a bug where operations that pruned images (`podman image prune`
and `podman system prune`) would prune untagged images with children .
- Fixed a bug where dual-stack networks created by `podman network create`
did not properly auto-assign an IPv4 subnet when one was not explicitly
specified .
- Fixed a bug where port forwarding using the `rootlessport` port
forwarder would break when a network was disconnected and then
reconnected .
- Fixed a bug where Podman would ignore user-specified SELinux policies
for containers using the Kata OCI runtime, or containers using systemd
as PID 1 .
- Fixed a bug where Podman containers created using `--net=host` would add
an entry to `/etc/hosts` for the container's hostname pointing to
`127.0.1.1` .
- Fixed a bug where the `podman unpause --all` command would throw an
error for every container that was not paused .
- Fixed a bug where timestamps for the `since` and `until` filters using
Unix timestamps with a nanoseconds portion could not be parsed .
- Fixed a bug where the `podman info` command would sometimes print the
wrong path for the `slirp4netns` binary.
- Fixed a bug where rootless Podman containers joined to a CNI network
would not have functional DNS when the host used systemd-resolved
without the resolved stub resolver being enabled .
- Fixed a bug where `podman network connect` and `podman network
disconnect` of rootless containers could sometimes break port forwarding
to the container .
- Fixed a bug where joining a container to a CNI network by ID and adding
network aliases to this network would cause the container to fail to
start . ### API
- Fixed a bug where the Compat List endpoint for Containers included
healthcheck information for all containers, even those that did not have
a configured healthcheck.
- Fixed a bug where the Compat Create endpoint for Containers would fail
to create containers with the `NetworkMode` parameter set to `default` .
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle healthcheck commands .
- Fixed a bug where the Compat Wait endpoint for Containers would always
send an empty string error message when no error occurred.
- Fixed a bug where the Libpod Stats endpoint for Containers would not
error when run on rootless containers on cgroups v1 systems (nonsensical
results would be returned, as this configuration cannot be supportable).
- Fixed a bug where the Compat List endpoint for Images omitted the
`ContainerConfig` field .
- Fixed a bug where the Compat Build endpoint for Images was too strict
when validating the `Content-Type` header, rejecting content that Docker
would have accepted .
- Fixed a bug where the Compat Pull endpoint for Images could fail, but
return a 200 status code, if an image name that could not be parsed was
provided.
- Fixed a bug where the Compat Pull endpoint for Images would continue to
pull images after the client disconnected.
- Fixed a bug where the Compat List endpoint for Networks would fail for
non-bridge (e.g. macvlan) networks .
- Fixed a bug where the Libpod List endpoint for Networks would return
nil, instead of an empty list, when no networks were present .
- The Compat and Libpod Logs endpoints for Containers now support the
`until` query parameter .
- The Compat Import endpoint for Images now supports the `platform`,
`message`, and `repo` query parameters.
- The Compat Pull endpoint for Images now supports the `platform` query
parameter.
Misc:
- Updated Buildah to v1.22.3
- Updated the containers/storage library to v1.34.1
- Updated the containers/image library to v5.15.2
- Updated the containers/common library to v0.42.1
storage was updated to 1.36.0.
Updated image to 5.16.0.
Update podman to 3.2.3:
Security:
- This release addresses CVE-2021-3602, an issue with the `podman build`
command with the `--isolation chroot` flag that results in environment
variables from the host leaking into build containers. (bsc#1188520)
Bugfixes:
- Fixed a bug where events related to images could occur before the
relevant operation had completed (e.g. an image pull event could be
written before the pull was finished) .
- Fixed a bug where `podman save` would refuse to save images with an
architecture different from that of the host .
- Fixed a bug where the `podman import` command did not correctly handle
images without tags .
- Fixed a bug where Podman's journald events backend would fail and
prevent Podman from running when run on a host with systemd as PID1 but
in an environment (e.g. a container) without systemd .
- Fixed a bug where containers using rootless CNI networking would fail to
start when the `dnsname` CNI plugin was in use and the host system's
`/etc/resolv.conf` was a symlink ([#10855] and
[#10929](https://github.com/containers/podman/issues/10929)).
- Fixed a bug where containers using rootless CNI networking could fail to
start due to a race in rootless CNI initialization .
Update podman to 3.2.2
3.2.2:
- Podman's handling of the Architecture field of images has been relaxed.
Since 3.2.0, Podman required that the architecture of the image match
the architecture of the system to run containers based on an image, but
images often incorrectly report architecture, causing Podman to reject
valid images ([#10648] and
[#10682](https://github.com/containers/podman/issues/10682)).
- Podman no longer uses inotify to monitor for changes to CNI
configurations. This removes potential issues where Podman cannot be run
because a user has exhausted their available inotify sessions .
Bugfixes
- Fixed a bug where the `podman cp` would, when given a directory as its
source and a target that existed and was a file, copy the contents of
the directory into the parent directory of the file; this now results in
an error.
- Fixed a bug where the `podman logs` command would, when following a
running container's logs, not include the last line of output from the
container when it exited when the `k8s-file` driver was in use .
- Fixed a bug where Podman would fail to run containers if
`systemd-resolved` was incorrectly detected as the system's DNS server .
- Fixed a bug where the `podman exec -t` command would only resize the
exec session's TTY after the session started, leading to a race
condition where the terminal would initially not have a size set .
- Fixed a bug where Podman containers using the `slirp4netns` network mode
would add an incorrect entry to `/etc/hosts` pointing the container's
hostname to the wrong IP address.
- Fixed a bug where Podman would create volumes specified by images with
incorrect permissions ([#10188] and
[#10606](https://github.com/containers/podman/issues/10606)).
- Fixed a bug where Podman would not respect the `uid` and `gid` options
to `podman volume create -o` .
- Fixed a bug where the `podman run` command could panic when parsing the
system's cgroup configuration .
- Fixed a bug where the remote Podman client's `podman build -f - ...`
command did not read a Containerfile from STDIN .
- Fixed a bug where the `podman container restore --import` command would
fail to restore checkpoints created from privileged containers .
- Fixed a bug where Podman was not respecting the `TMPDIR` environment
variable when pulling images .
- Fixed a bug where a number of Podman commands did not properly support
using Go templates as an argument to the `--format` option.
API:
- Fixed a bug where the Compat Inspect endpoint for Containers did not
include information on container healthchecks .
- Fixed a bug where the Libpod and Compat Build endpoints for Images did
not properly handle the `devices` query parameter .
Misc:
- Fixed a bug where the Makefile's `make podman-remote-static` target to
build a statically-linked `podman-remote` binary was instead producing
dynamic binaries .
- Updated the containers/common library to v0.38.11
3.2.1:
Changes:
- Podman now allows corrupt images (e.g. from restarting the system during
an image pull) to be replaced by a `podman pull` of the same image
(instead of requiring they be removed first, then re-pulled).
Bugfixes:
- Fixed a bug where Podman would fail to start containers if a Seccomp
profile was not available at `/usr/share/containers/seccomp.json` .
- Fixed a bug where the `podman machine start` command failed on OS X
machines with the AMD64 architecture and certain QEMU versions .
- Fixed a bug where Podman would always use the slow path for joining the
rootless user namespace.
- Fixed a bug where the `podman stats` command would fail on Cgroups v1
systems when run on a container running systemd .
- Fixed a bug where pre-checkpoint support for `podman container
checkpoint` did not function correctly.
- Fixed a bug where the remote Podman client's `podman build` command did
not properly handle the `-f` option .
- Fixed a bug where the remote Podman client's `podman run` command would
sometimes not resize the container's terminal before execution began .
- Fixed a bug where the `--filter` option to the `podman image prune`
command was nonfunctional.
- Fixed a bug where the `podman logs -f` command would exit before all
output for a container was printed when the `k8s-file` log driver was in
use .
- Fixed a bug where Podman would not correctly detect that
systemd-resolved was in use on the host and adjust DNS servers in the
container appropriately under some circumstances .
- Fixed a bug where the `podman network connect` and `podman network
disconnect` commands acted improperly when containers were in the
Created state, marking the changes as done but not actually performing
them.
API:
- Fixed a bug where the Compat and Libpod Prune endpoints for Networks
returned null, instead of an empty array, when nothing was pruned.
- Fixed a bug where the Create API for Images would continue to pull
images even if a client closed the connection mid-pull .
- Fixed a bug where the Events API did not include some information
(including labels) when sending events.
- Fixed a bug where the Events API would, when streaming was not
requested, send at most one event .
3.2.0:
Features:
- Docker Compose is now supported with rootless Podman .
- The `podman network connect`, `podman network disconnect`, and `podman
network reload` commands have been enabled for rootless Podman.
- An experimental new set of commands, `podman machine`, was added to
assist in managing virtual machines containing a Podman server. These
are intended for easing the use of Podman on OS X by handling the
creation of a Linux VM for running Podman.
- The `podman generate kube` command can now be run on Podman named
volumes (generating `PersistentVolumeClaim` YAML), in addition to pods
and containers.
- The `podman play kube` command now supports two new options, `--ip` and
`--mac`, to set static IPs and MAC addresses for created pods ([#8442]
and [#9731](https://github.com/containers/podman/issues/9731)).
- The `podman play kube` command's support for `PersistentVolumeClaim`
YAML has been greatly improved.
- The `podman generate kube` command now preserves the label used by
`podman auto-update` to identify containers to update as a Kubernetes
annotation, and the `podman play kube` command will convert this
annotation back into a label. This allows `podman auto-update` to be
used with containers created by `podman play kube`.
- The `podman play kube` command now supports Kubernetes `secretRef` YAML
(using the secrets support from `podman secret`) for environment
variables.
- Secrets can now be added to containers as environment variables using
the `type=env` option to the `--secret` flag to `podman create` and
`podman run`.
- The `podman start` command now supports the `--all` option, allowing all
containers to be started simultaneously with a single command. The
`--filter` option has also been added to filter which containers to
start when `--all` is used.
- Filtering containers with the `--filter` option to `podman ps` and
`podman start` now supports a new filter, `restart-policy`, to filter
containers based on their restart policy.
- The `--group-add` option to rootless `podman run` and `podman create`
now accepts a new value, `keep-groups`, which instructs Podman to retain
the supplemental groups of the user running Podman in the created
container. This is only supported with the `crun` OCI runtime.
- The `podman run` and `podman create` commands now support a new option,
`--timeout`. This sets a maximum time the container is allowed to run,
after which it is killed .
- The `podman run` and `podman create` commands now support a new option,
`--pidfile`. This will create a file when the container is started
containing the PID of the first process in the container.
- The `podman run` and `podman create` commands now support a new option,
`--requires`. The `--requires` option adds dependency containers -
containers that must be running before the current container. Commands
like `podman start` will automatically start the requirements of a
container before starting the container itself.
- Auto-updating containers can now be done with locally-built images, not
just images hosted on a registry, by creating containers with the
`io.containers.autoupdate` label set to `local`.
- Podman now supports the [Container Device Interface] (CDI) standard.
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`,
pointing to the current gateway (which, for root containers, is usually
a bridge interface on the host system) .
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret
list`, and `podman volume list` commands now support a `--noheading`
option, which will cause Podman to omit the heading line including
column names.
- The `podman unshare` command now supports a new flag, `--rootless-cni`,
to join the rootless network namespace. This allows commands to be run
in the same network environment as rootless containers with CNI
networking.
- The `--security-opt unmask=` option to `podman run` and `podman create`
now supports glob operations to unmask a group of paths at once (e.g.
`podman run --security-opt unmask=/proc/* ...` will unmask all paths in
`/proc` in the container).
- The `podman network prune` command now supports a `--filter` option to
filter which networks will be pruned. ### Changes
- The change in Podman 3.1.2 where the `:z` and `:Z` mount options for
volumes were ignored for privileged containers has been reverted after
discussion in [#10209].
- Podman's rootless CNI functionality no longer requires a sidecar
container! The removal of the requirement for the `rootless-cni-infra`
container means that rootless CNI is now usable on all architectures,
not just AMD64, and no longer requires pulling an image .
- The Image handling code used by Podman has seen a major rewrite to
improve code sharing with our other projects, Buildah and CRI-O. This
should result in fewer bugs and performance gains in the long term. Work
on this is still ongoing.
- The `podman auto-update` command now prunes previous versions of images
after updating if they are unused, to prevent disk exhaustion after
repeated updates .
- The `podman play kube` now treats environment variables configured as
references to a `ConfigMap` as mandatory unless the `optional` parameter
was set; this better matches the behavior of Kubernetes.
- Podman now supports the `--context=default` flag from Docker as a no-op
for compatibility purposes.
- When Podman is run as root, but without `CAP_SYS_ADMIN` being available,
it will run in a user namespace using the same code as rootless Podman
(instead of failing outright).
- The `podman info` command now includes the path of the Seccomp profile
Podman is using, available cgroup controllers, and whether Podman is
connected to a remote service or running containers locally.
- Containers created with the `--rm` option now automatically use the
`volatile` storage flag when available for their root filesystems,
causing them not to write changes to disk as often as they will be
removed at completion anyways. This should result in improved
performance.
- The `podman generate systemd --new` command will now include environment
variables referenced by the container in generated unit files if the
value would be looked up from the system environment.
- Podman now requires that Conmon v2.0.24 be available.
Bugfixes:
- Fixed a bug where the remote Podman client's `podman build` command did
not support the `--arch`, `--platform`, and `--os`, options.
- Fixed a bug where the remote Podman client's `podman build` command
ignored the `--rm=false` option .
- Fixed a bug where the remote Podman client's `podman build --iidfile`
command could include extra output (in addition to just the image ID) in
the image ID file written .
- Fixed a bug where the remote Podman client's `podman build` command did
not preserve hardlinks when moving files into the container via `COPY`
instructions .
- Fixed a bug where the `podman generate systemd --new` command could
generate extra `--iidfile` arguments if the container was already
created with one.
- Fixed a bug where the `podman generate systemd --new` command would
generate unit files that did not include `RequiresMountsFor` lines .
- Fixed a bug where the `podman generate kube` command produced incorrect
YAML for containers which bind-mounted both `/` and `/root` from the
host system into the container .
- Fixed a bug where pods created by `podman play kube` from YAML that
specified `ShareProcessNamespace` would only share the PID namespace
(and not also the UTS, Network, and IPC namespaces) .
- Fixed a bug where the `podman network reload` command could generate
spurious error messages when `iptables-nft` was in use.
- Fixed a bug where rootless Podman could fail to attach to containers
when the user running Podman had a large UID.
- Fixed a bug where the `podman ps` command could fail with a `no such
container` error due to a race condition with container removal .
- Fixed a bug where containers using the `slirp4netns` network mode and
setting a custom `slirp4netns` subnet while using the `rootlesskit` port
forwarder would not be able to forward ports .
- Fixed a bug where the `--filter ancestor=` option to `podman ps` did not
require an exact match of the image name/ID to include a container in
its results.
- Fixed a bug where the `--filter until=` option to `podman image prune`
would prune images created after the specified time (instead of before).
- Fixed a bug where setting a custom Seccomp profile via the
`seccomp_profile` option in `containers.conf` had no effect, and the
default profile was used instead.
- Fixed a bug where the `--cgroup-parent` option to `podman create` and
`podman run` was ignored in rootless Podman on cgroups v2 systems with
the `cgroupfs` cgroup manager .
- Fixed a bug where the `IMAGE` and `NAME` variables in `podman container
runlabel` were not being correctly substituted .
- Fixed a bug where Podman could freeze when creating containers with a
specific combination of volumes and working directory .
- Fixed a bug where rootless Podman containers restarted by restart policy
(e.g. containers created with `--restart=always`) would lose networking
after being restarted .
- Fixed a bug where the `podman cp` command could not copy files into
containers created with the `--pid=host` flag .
- Fixed a bug where filters to the `podman events` command could not be
specified twice (if a filter is specified more than once, it will match
if any of the given values match - logical or) .
- Fixed a bug where Podman would include IPv6 nameservers in `resolv.conf`
in containers without IPv6 connectivity .
- Fixed a bug where containers could not be created with static IP
addresses when connecting to a network using the `macvlan` driver . ###
API
- Fixed a bug where the Compat Create endpoint for Containers did not
allow advanced network options to be set .
- Fixed a bug where the Compat Create endpoint for Containers ignored
static IP information provided in the `IPAMConfig` block .
- Fixed a bug where the Compat Inspect endpoint for Containers returned
null (instead of an empty list) for Networks when the container was not
joined to a CNI network .
- Fixed a bug where the Compat Wait endpoint for Containers could miss
containers exiting if they were immediately restarted.
- Fixed a bug where the Compat Create endpoint for Volumes required that
the user provide a name for the new volume .
- Fixed a bug where the Libpod Info handler would sometimes not return the
correct path to the Podman API socket.
- Fixed a bug where the Compat Events handler used the wrong name for
container exited events (`died` instead of `die`) .
- Fixed a bug where the Compat Push endpoint for Images could leak
goroutines if the remote end closed the connection prematurely.
Update storage to 1.32.5
Update podman to 3.1.2
3.1.2:
Bugfixes:
- Fixed a bug where images with empty layers were stored incorrectly,
causing them to be unable to be pushed or saved.
- Fixed a bug where the `podman rmi` command could fail to remove corrupt
images from storage.
- Fixed a bug where the remote Podman client's `podman save` command did
not support the `oci-dir` and `docker-dir` formats .
- Fixed a bug where volume mounts from `podman play kube` created with a
trailing `/` in the container path were were not properly superceding
named volumes from the image .
- Fixed a bug where Podman could fail to build on 32-bit architectures.
Update podman to 3.1.1
- Podman now recognizes `trace` as a valid argument to the `--log-level`
command. Trace logging is now the most verbose level of logging
available.
- The `:z` and `:Z` options for volume mounts are now ignored when the
container is privileged or is run with SELinux isolation disabled
(`--security-opt label=disable`). This matches better matches Docker's
behavior in this case.
Bugfixes
- Fixed a bug where pruning images with the `podman image prune` or
`podman system prune` commands could cause Podman to panic.
- Fixed a bug where the `podman save` command did not properly error when
the `--compress` flag was used with incompatible format types.
- Fixed a bug where the `--security-opt` and `--ulimit` options to the
remote Podman client's `podman build` command were nonfunctional.
- Fixed a bug where the `--log-rusage` option to the remote Podman
client's `podman build` command was nonfunctional .
- Fixed a bug where the `podman build` command could, in some
circumstances, use the wrong OCI runtime .
- Fixed a bug where the remote Podman client's `podman build` command
could return 0 despite failing .
- Fixed a bug where the `podman container runlabel` command did not
properly expand the `IMAGE` and `NAME` variables in the label .
- Fixed a bug where poststop OCI hooks would be executed twice on
containers started with the `--rm` argument .
- Fixed a bug where rootless Podman could fail to launch containers on
cgroups v2 systems when the `cgroupfs` cgroup manager was in use.
- Fixed a bug where the `podman stats` command could error when statistics
tracked exceeded the maximum size of a 32-bit signed integer .
- Fixed a bug where rootless Podman containers run with `--userns=keepid`
(without a `--user` flag in addition) would grant exec sessions run in
them too many capabilities .
- Fixed a bug where the `--authfile` option to `podman build` did not
validate that the path given existed .
- Fixed a bug where the `--storage-opt` option to Podman was appending to,
instead of overriding (as is documented), the default storage options.
- Fixed a bug where the `podman system service` connection did not
function properly when run in a socket-activated systemd unit file as a
non-root user.
- Fixed a bug where the `--network` option to the `podman play kube`
command of the remote Podman client was being ignored .
- Fixed a bug where the `--log-driver` option to the `podman play kube`
command was nonfunctional .
API
- Fixed a bug where the Libpod Create endpoint for Manifests did not
properly validate the image the manifest was being created with.
- Fixed a bug where the Libpod DF endpoint could, in error cases, append
an extra null to the JSON response, causing decode errors.
- Fixed a bug where the Libpod and Compat Top endpoint for Containers
would return process names that included extra whitespace.
- Fixed a bug where the Compat Prune endpoint for Containers accepted too
many types of filter.
Update podman to 3.1.0
Features:
- A set of new commands has been added to manage secrets! The `podman
secret create`, `podman secret inspect`, `podman secret ls` and `podman
secret rm` commands have been added to handle secrets, along with the
`--secret` option to `podman run` and `podman create` to add secrets to
containers. The initial driver for secrets does not support encryption -
this will be added in a future release.
- A new command to prune networks, `podman network prune`, has been added .
- The `-v` option to `podman run` and `podman create` now supports a new
volume option, `:U`, to chown the volume's source directory on the host
to match the UID and GID of the container and prevent permissions issues
.
- Three new commands, `podman network exists`, `podman volume exists`, and
`podman manifest exists`, have been added to check for the existence of
networks, volumes, and manifest lists.
- The `podman cp` command can now copy files into directories mounted as
`tmpfs` in a running container.
- The `podman volume prune` command will now list volumes that will be
pruned when prompting the user whether to continue and perform the prune
.
- The Podman remote client's `podman build` command now supports the
`--disable-compression`, `--excludes`, and `--jobs` options.
- The Podman remote client's `podman push` command now supports the
`--format` option.
- The Podman remote client's `podman rm` command now supports the `--all`
and `--ignore` options.
- The Podman remote client's `podman search` command now supports the
`--no-trunc` and `--list-tags` options.
- The `podman play kube` command can now read in Kubernetes YAML from
`STDIN` when `-` is specified as file name (`podman play kube -`),
allowing input to be piped into the command for scripting .
- The `podman generate systemd` command now supports a `--no-header`
option, which disables creation of the header comment automatically
added by Podman to generated unit files.
- The `podman generate kube` command can now generate
`PersistentVolumeClaim` YAML for Podman named volumes .
- The `podman generate kube` command can now generate YAML files
containing multiple resources (pods or deployments) .
Security:
- This release resolves CVE-2021-20291, a deadlock vulnerability in the
storage library caused by pulling a specially-crafted container image.
(bsc#1196497)
Changes:
- The Podman remote client's `podman build` command no longer allows the
`-v` flag to be used. Volumes are not yet supported with remote Podman
when the client and service are on different machines.
- The `podman kill` and `podman stop` commands now print the name given by
the user for each container, instead of the full ID.
- When the `--security-opt unmask=ALL` or `--security-opt
unmask=/sys/fs/cgroup` options to `podman create` or `podman run` are
given, Podman will mount cgroups into the container as read-write,
instead of read-only .
- The `podman rmi` command has been changed to better handle cases where
an image is incomplete or corrupted, which can be caused by interrupted
image pulls.
- The `podman rename` command has been improved to be more atomic,
eliminating many race conditions that could potentially render a renamed
container unusable.
- Detection of which OCI runtimes run using virtual machines and thus
require custom SELinux labelling has been improved .
- The hidden `--trace` option to `podman` has been turned into a no-op. It
was used in very early versions for performance tracing, but has not
been supported for some time.
- The `podman generate systemd` command now generates `RequiresMountsFor`
lines to ensure necessary storage directories are mounted before systemd
starts Podman.
- Podman will now emit a warning when `--tty` and `--interactive` are both
passed, but `STDIN` is not a TTY. This will be made into an error in the
next major Podman release some time next year. ### Bugfixes
- Fixed a bug where rootless Podman containers joined to CNI networks
could not receive traffic from forwarded ports .
- Fixed a bug where `podman network create` with the `--macvlan` flag did
not honor the `--gateway`, `--subnet`, and `--opt` options .
- Fixed a bug where the `podman generate kube` command generated invalid
YAML for privileged containers .
- Fixed a bug where the `podman generate kube` command could not be used
with containers that were not running.
- Fixed a bug where the `podman generate systemd` command could duplicate
some parameters to Podman in generated unit files .
- Fixed a bug where Podman did not add annotations specified in
`containers.conf` to containers.
- Foxed a bug where Podman did not respect the `no_hosts` default in
`containers.conf` when creating containers.
- Fixed a bug where the `--tail=0`, `--since`, and `--follow` options to
the `podman logs` command did not function properly when using the
`journald` log backend.
- Fixed a bug where specifying more than one container to `podman logs`
when the `journald` log backend was in use did not function correctly.
- Fixed a bug where the `podman run` and `podman create` commands would
panic if a memory limit was set, but the swap limit was set to unlimited
.
- Fixed a bug where the `--network` option to `podman run`, `podman
create`, and `podman pod create` would error if the user attempted to
specify CNI networks by ID, instead of name .
- Fixed a bug where Podman's cgroup handling for cgroups v1 systems did
not properly handle cases where a cgroup existed on some, but not all,
controllers, resulting in errors from the `podman stats` command .
- Fixed a bug where the `podman cp` did not properly handle cases where
`/dev/stdout` was specified as the destination (it was treated
identically to `-`) .
- Fixed a bug where the `podman cp` command would create files with
incorrect ownership .
- Fixed a bug where the `podman cp` command did not properly handle cases
where the destination directory did not exist.
- Fixed a bug where the `podman cp` command did not properly evaluate
symlinks when copying out of containers.
- Fixed a bug where the `podman rm -fa` command would error when
attempting to remove containers created with `--rm` .
- Fixed a bug where the ordering of capabilities was nondeterministic in
the `CapDrop` field of the output of `podman inspect` on a container .
- Fixed a bug where the `podman network connect` command could be used
with containers that were not initially connected to a CNI bridge
network (e.g. containers created with `--net=host`) .
- Fixed a bug where DNS search domains required by the `dnsname` CNI
plugin were not being added to container's `resolv.conf` under some
circumstances.
- Fixed a bug where the `--ignorefile` option to `podman build` was
nonfunctional .
- Fixed a bug where the `--timestamp` option to `podman build` was
nonfunctional .
- Fixed a bug where the `--iidfile` option to `podman build` could cause
Podman to panic if an error occurred during the build.
- Fixed a bug where the `--dns-search` option to `podman build` was
nonfunctional .
- Fixed a bug where the `--pull-never` option to `podman build` was
nonfunctional .
- Fixed a bug where the `--build-arg` option to `podman build` would, when
given a key but not a value, error (instead of attempting to look up the
key as an environment variable) .
- Fixed a bug where the `--isolation` option to `podman build` in the
remote Podman client was nonfunctional.
- Fixed a bug where the `podman network disconnect` command could cause
errors when the container that had a network removed was stopped and its
network was cleaned up .
- Fixed a bug where the `podman network rm` command did not properly check
what networks a container was present in, resulting in unexpected
behavior if `podman network connect` or `podman network disconnect` had
been used with the network .
- Fixed a bug where some errors with stopping a container could cause
Podman to panic, and the container to be stuck in an unusable `stopping`
state .
- Fixed a bug where the `podman load` command could return 0 even in cases
where an error occurred .
- Fixed a bug where specifying storage options to Podman using the
`--storage-opt` option would override all storage options. Instead,
storage options are now overridden only when the `--storage-driver`
option is used to override the current graph driver .
- Fixed a bug where containers created with `--privileged` could request
more capabilities than were available to Podman.
- Fixed a bug where `podman commit` did not use the `TMPDIR` environment
variable to place temporary files created during the commit .
- Fixed a bug where remote Podman could error when attempting to resize
short-lived containers .
- Fixed a bug where Podman was unusable on kernels built without
`CONFIG_USER_NS`.
- Fixed a bug where the ownership of volumes created by `podman volume
create` and then mounted into a container could be incorrect .
- Fixed a bug where Podman volumes using a volume plugin could not pass
certain options, and could not be used as non-root users.
- Fixed a bug where the `--tz` option to `podman create` and `podman run`
did not properly validate its input. ### API
- Fixed a bug where the `X-Registry-Auth` header did not accept `null` as
a valid value.
- A new compat endpoint, `/auth`, has been added. This endpoint validates
credentials against a registry .
- Fixed a bug where the compat Build endpoint for Images specified labels
using the wrong type (array vs map). Both formats will be accepted now.
- Fixed a bug where the compat Build endpoint for Images did not report
that it successfully tagged the built image in its response.
- Fixed a bug where the compat Create endpoint for Images did not provide
progress information on pulling the image in its response.
- Fixed a bug where the compat Push endpoint for Images did not properly
handle the destination (used a query parameter, instead of a path
parameter).
- Fixed a bug where the compat Push endpoint for Images did not send the
progress of the push and the digest of the pushed image in the response
body.
- Fixed a bug where the compat List endpoint for Networks returned null,
instead of an empty array (`[]`), when no networks were present .
- Fixed a bug where the compat List endpoint for Networks returned nulls,
instead of empty maps, for networks that do not have Labels and/or
Options.
- The Libpod Inspect endpoint for networks (`/libpod/network/$ID/json`)
now has an alias at `/libpod/network/$ID` .
- Fixed a bug where the libpod Inspect endpoint for Networks returned a
1-size array of results, instead of a single result .
- The Compat List endpoint for Networks now supports the legacy format for
filters in parallel with the current filter format .
- Fixed a bug where the compat Create endpoint for Containers did not
properly handle tmpfs filesystems specified with options .
- Fixed a bug where the compat Create endpoint for Containers did not
create bind-mount source directories .
- Fixed a bug where the compat Create endpoint for Containers did not
properly handle the `NanoCpus` option .
- Fixed a bug where the Libpod create endpoint for Containers has a
misnamed field in its JSON.
- Fixed a bug where the compat List endpoint for Containers did not
populate information on forwarded ports
- Fixed a bug where the compat List endpoint for Containers did not
populate information on container CNI networks .
- Fixed a bug where the compat and libpod Stop endpoints for Containers
would ignore a timeout of 0.
- Fixed a bug where the compat and libpod Resize endpoints for Containers
did not set the correct terminal sizes (dimensions were reversed) .
- Fixed a bug where the compat Remove endpoint for Containers would not
return 404 when attempting to remove a container that does not exist .
- Fixed a bug where the compat Prune endpoint for Volumes would still
prune even if an invalid filter was specified.
- Numerous bugs related to filters have been addressed.
Update podman to 3.0.1
3.0.1:
Changes:
- Several frequently-occurring `WARN` level log messages have been
downgraded to `INFO` or `DEBUG` to not clutter terminal output.
Bugfixes:
- Fixed a bug where the `Created` field of `podman ps --format=json` was
formatted as a string instead of an Unix timestamp (integer) .
- Fixed a bug where failing lookups of individual layers during the
`podman images` command would cause the whole command to fail without
printing output.
- Fixed a bug where `--cgroups=split` did not function properly on cgroups
v1 systems.
- Fixed a bug where mounting a volume over an directory in the container
that existed, but was empty, could fail .
- Fixed a bug where mounting a volume over a directory in the container
that existed could copy the entirety of the container's rootfs, instead
of just the directory mounted over, into the volume .
- Fixed a bug where Podman would treat the `--entrypoint=[""]` option to
`podman run` and `podman create` as a literal empty string in the
entrypoint, when instead it should have been ignored .
- Fixed a bug where Podman would set the `HOME` environment variable to
`""` when the container ran as a user without an assigned home directory
.
- Fixed a bug where specifying a pod infra image that had no tags (by
using its ID) would cause `podman pod create` to panic .
- Fixed a bug where the `--runtime` option was not properly handled by the
`podman build` command .
- Fixed a bug where Podman would incorrectly print an error message
related to the remote API when the remote API was not in use and
starting Podman failed.
- Fixed a bug where Podman would change ownership of a container's working
directory, even if it already existed .
- Fixed a bug where the `podman generate systemd --new` command would
incorrectly escape `%t` when generating the path for the PID file .
- Fixed a bug where Podman could, when run inside a Podman container with
the host's containers/storage directory mounted into the container,
erroneously detect a reboot and reset container state if the temporary
directory was not also mounted in .
- Fixed a bug where some options of the `podman build` command (including
but not limited to `--jobs`) were nonfunctional . ### API
- Fixed a breaking change to the Libpod Wait API for Containers where the
Conditions parameter changed type in Podman v3.0 .
- Fixed a bug where the Compat Create endpoint for Containers did not
properly handle forwarded ports that did not specify a host port.
- Fixed a bug where the Libpod Wait endpoint for Containers could write
duplicate headers after an error occurred.
- Fixed a bug where the Compat Create endpoint for Images would not pull
images that already had a matching tag present locally, even if a more
recent version was available at the registry .
- The Compat Create endpoint for Images has had its compatibility with
Docker improved, allowing its use with the `docker-java` library. ###
Misc
- Updated Buildah to v1.19.4
- Updated the containers/storage library to v1.24.6
3.0.0:
Features:
- Podman now features initial support for Docker Compose.
- Added the `podman rename` command, which allows containers to be renamed
after they are created .
- The Podman remote client now supports the `podman copy` command.
- A new command, `podman network reload`, has been added. This command
will re-configure the network of all running containers, and can be used
to recreate firewall rules lost when the system firewall was reloaded
(e.g. via `firewall-cmd --reload`).
- Podman networks now have IDs. They can be seen in `podman network ls`
and can be used when removing and inspecting networks. Existing networks
receive IDs automatically.
- Podman networks now also support labels. They can be added via the
`--label` option to `network create`, and `podman network ls` can filter
labels based on them.
- The `podman network create` command now supports setting bridge MTU and
VLAN through the `--opt` option .
- The `podman container checkpoint` and `podman container restore`
commands can now checkpoint and restore containers that include volumes.
- The `podman container checkpoint` command now supports the
`--with-previous` and `--pre-checkpoint` options, and the `podman
container restore` command now support the `--import-previous` option.
These add support for two-step checkpointing with lowered dump times.
- The `podman push` command can now push manifest lists. Podman will first
attempt to push as an image, then fall back to pushing as a manifest
list if that fails.
- The `podman generate kube` command can now be run on multiple containers
at once, and will generate a single pod containing all of them.
- The `podman generate kube` and `podman play kube` commands now support
Kubernetes DNS configuration, and will preserve custom DNS configuration
when exporting or importing YAML .
- The `podman generate kube` command now properly supports generating YAML
for containers and pods creating using host networking (`--net=host`) .
- The `podman kill` command now supports a `--cidfile` option to kill
containers given a file containing the container's ID .
- The `podman pod create` command now supports the `--net=none` option .
- The `podman volume create` command can now specify volume UID and GID as
options with the `UID` and `GID` fields passed to the the `--opt` option.
- Initial support has been added for Docker Volume Plugins. Podman can now
define available plugins in `containers.conf` and use them to create
volumes with `podman volume create --driver`.
- The `podman run` and `podman create` commands now support a new option,
`--platform`, to specify the platform of the image to be used when
creating the container.
- The `--security-opt` option to `podman run` and `podman create` now
supports the `systempaths=unconfined` option to unrestrict access to all
paths in the container, as well as `mask` and `unmask` options to allow
more granular restriction of container paths.
- The `podman stats --format` command now supports a new format specified,
`MemUsageBytes`, which prints the raw bytes of memory consumed by a
container without human-readable formatting [#8945].
- The `podman ps` command can now filter containers based on what pod they
are joined to via the `pod` filter .
- The `podman pod ps` command can now filter pods based on what networks
they are joined to via the `network` filter.
- The `podman pod ps` command can now print information on what networks a
pod is joined to via the `.Networks` specifier to the `--format` option.
- The `podman system prune` command now supports filtering what
containers, pods, images, and volumes will be pruned.
- The `podman volume prune` commands now supports filtering what volumes
will be pruned.
- The `podman system prune` command now includes information on space
reclaimed .
- The `podman info` command will now properly print information about
packages in use on Gentoo and Arch systems.
- The `containers.conf` file now contains an option for disabling creation
of a new kernel keyring on container creation .
- The `podman image sign` command can now sign multi-arch images by
producing a signature for each image in a given manifest list.
- The `podman image sign` command, when run as rootless, now supports
per-user registry configuration files in
`$HOME/.config/containers/registries.d`.
- Configuration options for `slirp4netns` can now be set system-wide via
the `NetworkCmdOptions` configuration option in `containers.conf`.
- The MTU of `slirp4netns` can now be configured via the `mtu=` network
command option (e.g. `podman run --net slirp4netns:mtu=9000`).
Security:
- A fix for CVE-2021-20199 is included. Podman between v1.8.0 and v2.2.1
used `127.0.0.1` as the source address for all traffic forwarded into
rootless containers by a forwarded port; this has been changed to
address the issue. (bsc#1181640)
Changes:
- Shortname aliasing support has now been turned on by default. All Podman
commands that must pull an image will, if a TTY is available, prompt the
user about what image to pull.
- The `podman load` command no longer accepts a `NAME[:TAG]` argument. The
presence of this argument broke CLI compatibility with Docker by making
`docker load` commands unusable with Podman .
- The Go bindings for the HTTP API have been rewritten with a focus on
limiting dependency footprint and improving extensibility. Read more
[here].
- The legacy Varlink API has been completely removed from Podman.
- The default log level for Podman has been changed from Error to Warn.
- The `podman network create` command can now create `macvlan` networks
using the `--driver macvlan` option for Docker compatibility. The
existing `--macvlan` flag has been deprecated and will be removed in
Podman 4.0 some time next year.
- The `podman inspect` command has had the `LogPath` and `LogTag` fields
moved into the `LogConfig` structure (from the root of the Inspect
structure). The maximum size of the log file is also included.
- The `podman generate systemd` command no longer generates unit files
using the deprecated `KillMode=none` option .
- The `podman stop` command now releases the container lock while waiting
for it to stop - as such, commands like `podman ps` will no longer block
until `podman stop` completes .
- Networks created with `podman network create --internal` no longer use
the `dnsname` plugin. This configuration never functioned as expected.
- Error messages for the remote Podman client have been improved when it
cannot connect to a Podman service.
- Error messages for `podman run` when an invalid SELinux is specified
have been improved.
- Rootless Podman features improved support for containers with a single
user mapped into the rootless user namespace.
- Pod infra containers now respect default sysctls specified in
`containers.conf` allowing for advanced configuration of the namespaces
they will share.
- SSH public key handling for remote Podman has been improved. ### Bugfixes
- Fixed a bug where the `podman history --no-trunc` command would truncate
the `Created By` field .
- Fixed a bug where root containers that did not explicitly specify a CNI
network to join did not generate an entry for the network in use in the
`Networks` field of the output of `podman inspect` .
- Fixed a bug where, under some circumstances, container working
directories specified by the image (via the `WORKDIR` instruction) but
not present in the image, would not be created .
- Fixed a bug where the `podman generate systemd` command would generate
invalid unit files if the container was creating using a command line
that included doubled braces (`{{` and `}}`), e.g.
`--log-opt-tag={{.Name}}` .
- Fixed a bug where the `podman generate systemd --new` command could
generate unit files including invalid Podman commands if the container
was created using merged short options (e.g. `podman run -dt`) .
- Fixed a bug where the `podman generate systemd --new` command could
generate unit files that did not handle Podman commands including some
special characters (e.g. `$`) ([#9176]
- Fixed a bug where rootless containers joining CNI networks could not set
a static IP address .
- Fixed a bug where rootless containers joining CNI networks could not set
network aliases .
- Fixed a bug where the remote client could, under some circumstances, not
include the `Containerfile` when sending build context to the server .
- Fixed a bug where rootless Podman did not mount `/sys` as a new `sysfs`
in some circumstances where it was acceptable.
- Fixed a bug where rootless containers that both joined a user namespace
and a CNI networks would cause a segfault. These options are
incompatible and now return an error.
- Fixed a bug where the `podman play kube` command did not properly handle
`CMD` and `ARGS` from images .
- Fixed a bug where the `podman play kube` command did not properly handle
environment variables from images .
- Fixed a bug where the `podman play kube` command did not properly print
errors that occurred when starting containers.
- Fixed a bug where the `podman play kube` command errored when
`hostNetwork` was used .
- Fixed a bug where the `podman play kube` command would always pull
images when the `:latest` tag was specified, even if the image was
available locally .
- Fixed a bug where the `podman play kube` command did not properly handle
SELinux configuration, rending YAML with custom SELinux configuration
unusable .
- Fixed a bug where the `podman generate kube` command incorrectly
populated the `args` and `command` fields of generated YAML .
- Fixed a bug where containers in a pod would create a duplicate entry in
the pod's shared `/etc/hosts` file every time the container restarted .
- Fixed a bug where the `podman search --list-tags` command did not
support the `--format` option .
- Fixed a bug where the `http_proxy` option in `containers.conf` was not
being respected, and instead was set unconditionally to true .
- Fixed a bug where rootless Podman could, on systems with a recent Conmon
and users with a long username, fail to attach to containers .
- Fixed a bug where the `podman images` command would break and fail to
display any images if an empty manifest list was present in storage .
- Fixed a bug where locale environment variables were not properly passed
on to Conmon.
- Fixed a bug where Podman would not build on the MIPS architecture .
- Fixed a bug where rootless Podman could fail to properly configure user
namespaces for rootless containers when the user specified a `--uidmap`
option that included a mapping beginning with UID `0`.
- Fixed a bug where the `podman logs` command using the `k8s-file` backend
did not properly handle partial log lines with a length of 1 .
- Fixed a bug where the `podman logs` command with the `--follow` option
did not properly handle log rotation .
- Fixed a bug where user-specified `HOSTNAME` environment variables were
overwritten by Podman .
- Fixed a bug where Podman would applied default sysctls from
`containers.conf` in too many situations (e.g. applying network sysctls
when the container shared its network with a pod).
- Fixed a bug where Podman did not properly handle cases where a secondary
image store was in use and an image was present in both the secondary
and primary stores .
- Fixed a bug where systemd-managed rootless Podman containers where the
user in the container was not root could fail as the container's PID
file was not accessible to systemd on the host .
- Fixed a bug where the `--privileged` option to `podman run` and `podman
create` would, under some circumstances, not disable Seccomp .
- Fixed a bug where the `podman exec` command did not properly add
capabilities when the container or exec session were run with
`--privileged`.
- Fixed a bug where rootless Podman would use the `--enable-sandbox`
option to `slirp4netns` unconditionally, even when `pivot_root` was
disabled, rendering `slirp4netns` unusable when `pivot_root` was
disabled .
- Fixed a bug where `podman build --logfile` did not actually write the
build's log to the logfile.
- Fixed a bug where the `podman system service` command did not close
STDIN, and could display user-interactive prompts .
- Fixed a bug where the `podman system reset` command could, under some
circumstances, remove all the contents of the `XDG_RUNTIME_DIR`
directory .
- Fixed a bug where the `podman network create` command created CNI
configurations that did not include a default gateway .
- Fixed a bug where the `podman.service` systemd unit provided by default
used the wrong service type, and would cause systemd to not correctly
register the service as started .
- Fixed a bug where, if the `TMPDIR` environment variable was set for the
container engine in `containers.conf`, it was being ignored.
- Fixed a bug where the `podman events` command did not properly handle
future times given to the `--until` option .
- Fixed a bug where the `podman logs` command wrote container `STDERR`
logs to `STDOUT` instead of `STDERR` .
- Fixed a bug where containers created from an image with multiple tags
would report that they were created from the wrong tag .
- Fixed a bug where container capabilities were not set properly when the
`--cap-add=all` and `--user` options to `podman create` and `podman run`
were combined.
- Fixed a bug where the `--layers` option to `podman build` was
nonfunctional .
- Fixed a bug where the `podman system prune` command did not act
recursively, and thus would leave images, containers, pods, and volumes
present that would be removed by a subsequent call to `podman system
prune` .
- Fixed a bug where the `--publish` option to `podman run` and `podman
create` did not properly handle ports specified as a range of ports with
no host port specified .
- Fixed a bug where `--format` did not support JSON output for individual
fields .
- Fixed a bug where the `podman stats` command would fail when run on root
containers using the `slirp4netns` network mode .
- Fixed a bug where the Podman remote client would ask for a password even
if the server's SSH daemon did not support password authentication .
- Fixed a bug where the `podman stats` command would fail if the system
did not support one or more of the cgroup controllers Podman supports .
- Fixed a bug where the `--mount` option to `podman create` and `podman
run` did not ignore the `consistency` mount option.
- Fixed a bug where failures during the resizing of a container's TTY
would print the wrong error.
- Fixed a bug where the `podman network disconnect` command could cause
the `podman inspect` command to fail for a container until it was
restarted .
- Fixed a bug where containers created from a read-only rootfs (using the
`--rootfs` option to `podman create` and `podman run`) would fail .
- Fixed a bug where specifying Go templates to the `--format` option to
multiple Podman commands did not support the `join` function .
- Fixed a bug where the `podman rmi` command could, when run in parallel
on multiple images, return `layer not known` errors .
- Fixed a bug where the `podman inspect` command on containers displayed
unlimited ulimits incorrectly .
- Fixed a bug where Podman would fail to start when a volume was mounted
over a directory in a container that contained symlinks that terminated
outside the directory and its subdirectories . ### API
- All Libpod Pod APIs have been modified to properly report errors with
individual containers. Cases where the operation as a whole succeeded
but individual containers failed now report an HTTP 409 error .
- The Compat API for Containers now supports the Rename and Copy APIs.
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and
images) did not return the amount of space reclaimed in their responses.
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would
drop errors that occurred prior to the exec session successfully
starting (e.g. a "no such file" error if an invalid executable was
passed)
- Fixed a bug where the Volumes field in the Compat Create API for
Containers was being ignored .
- Fixed a bug where the NetworkMode field in the Compat Create API for
Containers was not handling some values, e.g. `container:`, correctly.
- Fixed a bug where the Compat Create API for Containers did not set
container name properly.
- Fixed a bug where containers created using the Compat Create API
unconditionally used Kubernetes file logging (the default specified in
`containers.conf` is now used).
- Fixed a bug where the Compat Inspect API for Containers could include
container states not recognized by Docker.
- Fixed a bug where Podman did not properly clean up after calls to the
Events API when the `journald` backend was in use, resulting in a leak
of file descriptors .
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an
`index out of range` error under certain circumstances .
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
- Fixed a bug where the Compat List API for Containers did not support all
filters .
- Fixed a bug where the Compat List API for Containers did not properly
populate the Status field.
- Fixed a bug where the Compat and Libpod Resize APIs for Containers
ignored the height and width parameters .
- Fixed a bug where the Compat Search API for Images returned an
incorrectly-formatted JSON response .
- Fixed a bug where the Compat Load API for Images did not properly clean
up temporary files.
- Fixed a bug where the Compat Create API for Networks could panic when an
empty IPAM configuration was specified.
- Fixed a bug where the Compat Inspect and List APIs for Networks did not
include Scope.
- Fixed a bug where the Compat Wait endpoint for Containers did not
support the same wait conditions that Docker did.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3312=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3312=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3312=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3312=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3312=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3312=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3312=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3312=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3312=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3312=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3312=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3312=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3312=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3312=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3312=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.1 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Manager Proxy 4.1 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Enterprise Storage 7 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE Enterprise Storage 6 (noarch):
libcontainers-common-20210626-150100.3.15.1
- SUSE CaaS Platform 4.0 (noarch):
libcontainers-common-20210626-150100.3.15.1
References:
https://www.suse.com/security/cve/CVE-2020-14370.html
https://www.suse.com/security/cve/CVE-2020-15157.html
https://www.suse.com/security/cve/CVE-2021-20199.html
https://www.suse.com/security/cve/CVE-2021-20291.html
https://www.suse.com/security/cve/CVE-2021-3602.html
https://bugzilla.suse.com/1176804
https://bugzilla.suse.com/1177598
https://bugzilla.suse.com/1181640
https://bugzilla.suse.com/1182998
https://bugzilla.suse.com/1188520
https://bugzilla.suse.com/1189893
From sle-security-updates at lists.suse.com Mon Sep 19 19:26:38 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:26:38 +0200 (CEST)
Subject: SUSE-SU-2022:3310-1: moderate: Security update for tika-core
Message-ID: <20220919192638.18CB9F78E@maintenance.suse.de>
SUSE Security Update: Security update for tika-core
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3310-1
Rating: moderate
References: #1199604 #1200283 #1201217
Cross-References: CVE-2022-30126 CVE-2022-30973 CVE-2022-33879
CVSS scores:
CVE-2022-30126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-30126 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-30973 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-30973 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-33879 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-33879 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for tika-core fixes the following issues:
- CVE-2022-33879: Incomplete fix and new regex DoS in
StandardsExtractingContentHandler. (bsc#1201217)
- CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in
Standards Extractor. (bsc#1199604, bsc#1200283)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3310=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
tika-core-1.26-150300.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-30126.html
https://www.suse.com/security/cve/CVE-2022-30973.html
https://www.suse.com/security/cve/CVE-2022-33879.html
https://bugzilla.suse.com/1199604
https://bugzilla.suse.com/1200283
https://bugzilla.suse.com/1201217
From sle-security-updates at lists.suse.com Mon Sep 19 19:27:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:27:28 +0200 (CEST)
Subject: SUSE-SU-2022:3313-1: critical: Security update for
release-notes-susemanager, release-notes-susemanager-proxy
Message-ID: <20220919192728.DA66AF78E@maintenance.suse.de>
SUSE Security Update: Security update for release-notes-susemanager, release-notes-susemanager-proxy
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3313-1
Rating: critical
References: #1172705 #1187028 #1195455 #1195895 #1196729
#1198168 #1198489 #1198738 #1198903 #1199372
#1199659 #1199913 #1199950 #1200276 #1200296
#1200480 #1200532 #1200573 #1200591 #1200629
#1201142 #1201189 #1201210 #1201220 #1201224
#1201527 #1201606 #1201607 #1201626 #1201753
#1201913 #1201918 #1202142 #1202272 #1202464
#1202724 #1202728 #1203287 #1203288 #1203449
Cross-References: CVE-2021-41411 CVE-2021-42740 CVE-2021-43138
CVE-2022-31129
CVSS scores:
CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves four vulnerabilities and has 36 fixes
is now available.
Description:
This update for release-notes-susemanager, release-notes-susemanager-proxy
fixes the following issues:
Release notes for SUSE Manager:
- Update to SUSE:Manager 4.2.9
* Notification about SUSE Manager end-of-life has been added
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129,
CVE-2021-41411
* Bugs mentioned: bsc#1172705, bsc#1187028, bsc#1195455, bsc#1195895,
bsc#1196729 bsc#1198168, bsc#1198489, bsc#1198738, bsc#1198903,
bsc#1199372 bsc#1199659, bsc#1199913, bsc#1199950, bsc#1200276,
bsc#1200296 bsc#1200480, bsc#1200532, bsc#1200573, bsc#1200591,
bsc#1200629 bsc#1201142, bsc#1201189, bsc#1201210, bsc#1201220,
bsc#1201224 bsc#1201527, bsc#1201606, bsc#1201607, bsc#1201626,
bsc#1201753 bsc#1201913, bsc#1201918, bsc#1202142, bsc#1202272,
bsc#1202464 bsc#1202728, bsc#1203287, bsc#1203288, bsc#1203449
Release notes for SUSE Manager Proxy:
- Update to SUSE Manager 4.2.9
* CVEs fixed: CVE-2021-43138, CVE-2021-42740, CVE-2022-31129
* Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1199659, bsc#1200480,
bsc#1200591 bsc#1201142, bsc#1202142, bsc#1202724
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-3313=1
- SUSE Manager Retail Branch Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-3313=1
- SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-3313=1
Package List:
- SUSE Manager Server 4.2 (ppc64le s390x x86_64):
release-notes-susemanager-4.2.9-150300.3.54.1
- SUSE Manager Retail Branch Server 4.2 (x86_64):
release-notes-susemanager-proxy-4.2.9-150300.3.43.1
- SUSE Manager Proxy 4.2 (x86_64):
release-notes-susemanager-proxy-4.2.9-150300.3.43.1
References:
https://www.suse.com/security/cve/CVE-2021-41411.html
https://www.suse.com/security/cve/CVE-2021-42740.html
https://www.suse.com/security/cve/CVE-2021-43138.html
https://www.suse.com/security/cve/CVE-2022-31129.html
https://bugzilla.suse.com/1172705
https://bugzilla.suse.com/1187028
https://bugzilla.suse.com/1195455
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1196729
https://bugzilla.suse.com/1198168
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198738
https://bugzilla.suse.com/1198903
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1199659
https://bugzilla.suse.com/1199913
https://bugzilla.suse.com/1199950
https://bugzilla.suse.com/1200276
https://bugzilla.suse.com/1200296
https://bugzilla.suse.com/1200480
https://bugzilla.suse.com/1200532
https://bugzilla.suse.com/1200573
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200629
https://bugzilla.suse.com/1201142
https://bugzilla.suse.com/1201189
https://bugzilla.suse.com/1201210
https://bugzilla.suse.com/1201220
https://bugzilla.suse.com/1201224
https://bugzilla.suse.com/1201527
https://bugzilla.suse.com/1201606
https://bugzilla.suse.com/1201607
https://bugzilla.suse.com/1201626
https://bugzilla.suse.com/1201753
https://bugzilla.suse.com/1201913
https://bugzilla.suse.com/1201918
https://bugzilla.suse.com/1202142
https://bugzilla.suse.com/1202272
https://bugzilla.suse.com/1202464
https://bugzilla.suse.com/1202724
https://bugzilla.suse.com/1202728
https://bugzilla.suse.com/1203287
https://bugzilla.suse.com/1203288
https://bugzilla.suse.com/1203449
From sle-security-updates at lists.suse.com Mon Sep 19 19:31:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:31:57 +0200 (CEST)
Subject: SUSE-SU-2022:3309-1: moderate: Security update for wireshark
Message-ID: <20220919193157.36901F78E@maintenance.suse.de>
SUSE Security Update: Security update for wireshark
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3309-1
Rating: moderate
References: #1194165 #1203388
Cross-References: CVE-2021-4186 CVE-2022-3190
CVSS scores:
CVE-2021-4186 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-4186 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-3190 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3190 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for wireshark fixes the following issues:
Updated to Wireshark 3.6.8:
- CVE-2022-3190: Fixed F5 Ethernet Trailer dissector infinite loop
(bsc#1203388).
- CVE-2021-4186: Fixed Gryphon dissector crash (bsc#1194165).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3309=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3309=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3309=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3309=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3309=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3309=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libwireshark15-3.6.8-150000.3.74.1
libwireshark15-debuginfo-3.6.8-150000.3.74.1
libwiretap12-3.6.8-150000.3.74.1
libwiretap12-debuginfo-3.6.8-150000.3.74.1
libwsutil13-3.6.8-150000.3.74.1
libwsutil13-debuginfo-3.6.8-150000.3.74.1
wireshark-3.6.8-150000.3.74.1
wireshark-debuginfo-3.6.8-150000.3.74.1
wireshark-debugsource-3.6.8-150000.3.74.1
wireshark-devel-3.6.8-150000.3.74.1
wireshark-ui-qt-3.6.8-150000.3.74.1
wireshark-ui-qt-debuginfo-3.6.8-150000.3.74.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libwireshark15-3.6.8-150000.3.74.1
libwireshark15-debuginfo-3.6.8-150000.3.74.1
libwiretap12-3.6.8-150000.3.74.1
libwiretap12-debuginfo-3.6.8-150000.3.74.1
libwsutil13-3.6.8-150000.3.74.1
libwsutil13-debuginfo-3.6.8-150000.3.74.1
wireshark-3.6.8-150000.3.74.1
wireshark-debuginfo-3.6.8-150000.3.74.1
wireshark-debugsource-3.6.8-150000.3.74.1
wireshark-devel-3.6.8-150000.3.74.1
wireshark-ui-qt-3.6.8-150000.3.74.1
wireshark-ui-qt-debuginfo-3.6.8-150000.3.74.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
wireshark-debuginfo-3.6.8-150000.3.74.1
wireshark-debugsource-3.6.8-150000.3.74.1
wireshark-devel-3.6.8-150000.3.74.1
wireshark-ui-qt-3.6.8-150000.3.74.1
wireshark-ui-qt-debuginfo-3.6.8-150000.3.74.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
wireshark-debuginfo-3.6.8-150000.3.74.1
wireshark-debugsource-3.6.8-150000.3.74.1
wireshark-devel-3.6.8-150000.3.74.1
wireshark-ui-qt-3.6.8-150000.3.74.1
wireshark-ui-qt-debuginfo-3.6.8-150000.3.74.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libwireshark15-3.6.8-150000.3.74.1
libwireshark15-debuginfo-3.6.8-150000.3.74.1
libwiretap12-3.6.8-150000.3.74.1
libwiretap12-debuginfo-3.6.8-150000.3.74.1
libwsutil13-3.6.8-150000.3.74.1
libwsutil13-debuginfo-3.6.8-150000.3.74.1
wireshark-3.6.8-150000.3.74.1
wireshark-debuginfo-3.6.8-150000.3.74.1
wireshark-debugsource-3.6.8-150000.3.74.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libwireshark15-3.6.8-150000.3.74.1
libwireshark15-debuginfo-3.6.8-150000.3.74.1
libwiretap12-3.6.8-150000.3.74.1
libwiretap12-debuginfo-3.6.8-150000.3.74.1
libwsutil13-3.6.8-150000.3.74.1
libwsutil13-debuginfo-3.6.8-150000.3.74.1
wireshark-3.6.8-150000.3.74.1
wireshark-debuginfo-3.6.8-150000.3.74.1
wireshark-debugsource-3.6.8-150000.3.74.1
References:
https://www.suse.com/security/cve/CVE-2021-4186.html
https://www.suse.com/security/cve/CVE-2022-3190.html
https://bugzilla.suse.com/1194165
https://bugzilla.suse.com/1203388
From sle-security-updates at lists.suse.com Mon Sep 19 19:32:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:32:53 +0200 (CEST)
Subject: SUSE-SU-2022:3314-1: critical: Security update for SUSE Manager
Server 4.2
Message-ID: <20220919193253.5D129F78E@maintenance.suse.de>
SUSE Security Update: Security update for SUSE Manager Server 4.2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3314-1
Rating: critical
References: #1172705 #1187028 #1195455 #1195895 #1196729
#1198168 #1198489 #1198738 #1198903 #1199372
#1199659 #1199913 #1199950 #1200276 #1200296
#1200480 #1200532 #1200573 #1200591 #1200629
#1201142 #1201189 #1201210 #1201220 #1201224
#1201527 #1201606 #1201607 #1201626 #1201753
#1201913 #1201918 #1202142 #1202272 #1202464
#1202724 #1202728 #1203287 #1203288 #1203449
Cross-References: CVE-2021-41411 CVE-2021-42740 CVE-2021-43138
CVE-2022-31129
CVSS scores:
CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves four vulnerabilities and has 36 fixes
is now available.
Description:
This update fixes the following issues:
drools:
- CVE-2021-41411: XML External Entity injection in
KieModuleModelImpl.java. (bsc#1200629)
httpcomponents-asyncclient:
- Provide maven metadata needed by other packages to build
image-sync-formula:
- Update to version 0.1.1661440526.b08d95b
* Add option to sort boot images by version (bsc#1196729)
inter-server-sync:
- Version 0.2.3
* Compress exported sql data #16631
* Add gzip dependency to decompress data file during import process
patterns-suse-manager:
- Strictly require OpenJDK 11 (bsc#1202142)
py27-compat-salt:
- Add support for gpgautoimport in zypperpkg module
- Fix salt.states.file.managed() for follow_symlinks=True and test=True
(bsc#1199372)
- Add support for name, pkgs and diff_attr parameters to upgrade function
for zypper and yum (bsc#1198489)
- Unify logic on using multiple requisites and add onfail_all (bsc#1198738)
- Normalize package names once with pkg.installed/removed using yum
(bsc#1195895)
salt-netapi-client:
- Declare the LICENSE file as license and not doc
- Adapted for Enterprise Linux 9.
- Version 0.20.0
* See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0
saltboot-formula:
- Update to version 0.1.1661440526.b08d95b
* Fallback to local boot if the configured image is not synced
* improve image url modifications - preparation for ftp/http changes
spacecmd:
- Version 4.2.19-1
* Process date values in spacecmd api calls (bsc#1198903)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
spacewalk-admin:
- Version 4.2.12-1
* Add --help option to mgr-monitoring-ctl
spacewalk-backend:
- Version 4.2.24-1
* Make reposync use the configured http proxy with mirrorlist
(bsc#1198168)
* Revert proxy listChannels token caching pr#4548
* cleanup leftovers from removing unused xmlrpc endpoint
spacewalk-certs-tools:
- Version 4.2.18-1
* traditional stack bootstrap: install product packages (bsc#1201142)
spacewalk-client-tools:
- Version 4.2.20-1
* Update translation strings
spacewalk-java:
- Version 4.2.41-1
* Fixed date format on scheduler related messages (bsc#1195455)
* Support inherited values for kernel options from Cobbler API
(bsc#1199913)
* Add channel availability check for product migration (bsc#1200296)
* Check if system has all formulas correctly assigned (bsc#1201607)
* Remove group formula assignments and data on group delete (bsc#1201606)
* Fix sync for external repositories (bsc#1201753)
* fix state.apply result parsing in test mode (bsc#1201913)
* Reduce the length of image channel URL (bsc#1201220)
* Calculate dependencies between cloned channels of vendor channels
(bsc#1201626)
* fix symlinks pointing to ongres-stringprep
* Modify parameter type when communicating with the search server
(bsc#1187028)
* Fix initial profile and build host on Image Build page (bsc#1199659)
* Fix the confirm message on the refresh action by adding a link to
pending actions on it (bsc#1172705)
* require new salt-netapi-client version
* Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
spacewalk-search:
- Version 4.2.8-1
* Add methods to handle session id as String
spacewalk-web:
- Version 4.2.29-1
* CVE-2021-43138: Obtain privileges via the `mapValues()` method.
(bsc#1200480)
* CVE-2021-42740: Command injection in the shell-quote package.
(bsc#1203287)
* CVE-2022-31129: Denial-of-Service moment: inefficient parsing
algorithm (bsc#1203288)
* Fix table header layout for unselectable tables
* Fix initial profile and build host on Image Build page (bsc#1199659)
subscription-matcher:
- Added Guava maximum version requirement.
susemanager:
- Version 4.2.37-1
* mark new dependencies for python-py optional in bootstrap repo to fix
generation for older service packs (bsc#1203449)
- Version 4.2.36-1
* add missing packages on SLES 15
* remove server-migrator.sh from SUSE Manager installations (bsc#1202728)
* mgr-create-bootstrap-repo: flush directory also when called for a
specific label (bsc#1200573)
* add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918)
* remove python-tornado from bootstrap repo, since no longer required
for salt version >= 3000
* add openSUSE 15.4 product (bsc#1201527)
* add clients tool product to generate bootstrap repo on openSUSE 15.x
(bsc#1201189)
susemanager-doc-indexes:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain
Salt as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and
about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp
(bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the
Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and
about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt
Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide
(bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client
systems
susemanager-docs_en:
- Documented mandatory channels in the Disconnected Setup chapter of the
Administration Guide (bsc#1202464)
- Documented how to onboard Ubuntu clients with the Salt bundle as a
regular user
- Documented how to onboard Debian clients with the Salt bundle or plain
Salt as a regular user
- Fixed the names of updates channels for Leap
- Fixed errors in OpenSCAP chapter of Administration Guide
- Added exact command to create the bootstrap repo for Salt bundle and
about how to disable salt-thin
- Removed CentOS 8 from the list of supported client systems
- Extend the notes about using noexec option for /tmp and /var/tmp
(bsc#1201210)
- Reverted single snippet change for two separate books
- Added extend Salt Bundle functionality with Python packages using pip
- Add missing part of the description to enable optional support of the
Salt Bundle with Salt SSH
- Added exact command to create the bootstrap repo for salt bundle and
about how to disable salt-thin
- Salt Configuration Modules are no longer Technology Preview in Salt
Guide.
- Fixed Ubuntu 18 Client registration in Client Configuration Guide
(bsc#1201224)
- Added ports 1232 and 1233 in the Ports section of the Installation and
Upgrade Guide; required for Salt SSH Push (bsc#1200532)
- In the Custom Channel section of the Administration Guide add a note
about synchronizing repositories regularly.
- Removed SUSE Linux Enterprise 11 from the list of supported client
systems
susemanager-schema:
- Version 4.2.24-1
* Fix migration of image actions (bsc#1202272)
susemanager-sls:
- Version 4.2.27-1
* Copy grains file with util.mgr_switch_to_venv_minion state apply
* Remove the message 'rpm: command not found' on using Salt SSH with
Debian based systems which has no Salt Bundle
* Prevent possible tracebacks on calling module.run from mgrcompat by
setting proper globals with using LazyLoader
* Fix deploy of SLE Micro CA Certificate (bsc#1200276)
uyuni-common-libs:
- Version 4.2.7-1
* Do not allow creating path if nonexistent user or group in fileutils.
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314=1
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3314=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
inter-server-sync-0.2.3-150300.8.22.2
inter-server-sync-debuginfo-0.2.3-150300.8.22.2
patterns-suma_retail-4.2-150300.4.12.2
patterns-suma_server-4.2-150300.4.12.2
python3-uyuni-common-libs-4.2.7-150300.3.9.2
susemanager-4.2.37-150300.3.41.1
susemanager-tools-4.2.37-150300.3.41.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
drools-7.17.0-150300.4.6.2
httpcomponents-asyncclient-4.1.4-150300.3.3.2
image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2
py27-compat-salt-3000.3-150300.7.7.23.2
python3-spacewalk-certs-tools-4.2.18-150300.3.24.3
python3-spacewalk-client-tools-4.2.20-150300.4.24.3
salt-netapi-client-0.20.0-150300.3.9.4
saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2
spacecmd-4.2.19-150300.4.27.2
spacewalk-admin-4.2.12-150300.3.15.3
spacewalk-backend-4.2.24-150300.4.29.5
spacewalk-backend-app-4.2.24-150300.4.29.5
spacewalk-backend-applet-4.2.24-150300.4.29.5
spacewalk-backend-config-files-4.2.24-150300.4.29.5
spacewalk-backend-config-files-common-4.2.24-150300.4.29.5
spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5
spacewalk-backend-iss-4.2.24-150300.4.29.5
spacewalk-backend-iss-export-4.2.24-150300.4.29.5
spacewalk-backend-package-push-server-4.2.24-150300.4.29.5
spacewalk-backend-server-4.2.24-150300.4.29.5
spacewalk-backend-sql-4.2.24-150300.4.29.5
spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5
spacewalk-backend-tools-4.2.24-150300.4.29.5
spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5
spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5
spacewalk-base-4.2.29-150300.3.27.3
spacewalk-base-minimal-4.2.29-150300.3.27.3
spacewalk-base-minimal-config-4.2.29-150300.3.27.3
spacewalk-certs-tools-4.2.18-150300.3.24.3
spacewalk-client-tools-4.2.20-150300.4.24.3
spacewalk-html-4.2.29-150300.3.27.3
spacewalk-java-4.2.41-150300.3.43.5
spacewalk-java-config-4.2.41-150300.3.43.5
spacewalk-java-lib-4.2.41-150300.3.43.5
spacewalk-java-postgresql-4.2.41-150300.3.43.5
spacewalk-search-4.2.8-150300.3.12.2
spacewalk-taskomatic-4.2.41-150300.3.43.5
subscription-matcher-0.29-150300.6.12.2
susemanager-doc-indexes-4.2-150300.12.33.4
susemanager-docs_en-4.2-150300.12.33.2
susemanager-docs_en-pdf-4.2-150300.12.33.2
susemanager-schema-4.2.24-150300.3.27.3
susemanager-sls-4.2.27-150300.3.33.4
uyuni-config-modules-4.2.27-150300.3.33.4
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (x86_64):
patterns-suma_proxy-4.2-150300.4.12.2
python3-uyuni-common-libs-4.2.7-150300.3.9.2
- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch):
mgr-daemon-4.2.10-150300.2.9.4
python3-spacewalk-certs-tools-4.2.18-150300.3.24.3
python3-spacewalk-check-4.2.20-150300.4.24.3
python3-spacewalk-client-setup-4.2.20-150300.4.24.3
python3-spacewalk-client-tools-4.2.20-150300.4.24.3
spacecmd-4.2.19-150300.4.27.2
spacewalk-backend-4.2.24-150300.4.29.5
spacewalk-base-minimal-4.2.29-150300.3.27.3
spacewalk-base-minimal-config-4.2.29-150300.3.27.3
spacewalk-certs-tools-4.2.18-150300.3.24.3
spacewalk-check-4.2.20-150300.4.24.3
spacewalk-client-setup-4.2.20-150300.4.24.3
spacewalk-client-tools-4.2.20-150300.4.24.3
spacewalk-proxy-broker-4.2.12-150300.3.21.3
spacewalk-proxy-common-4.2.12-150300.3.21.3
spacewalk-proxy-management-4.2.12-150300.3.21.3
spacewalk-proxy-package-manager-4.2.12-150300.3.21.3
spacewalk-proxy-redirect-4.2.12-150300.3.21.3
spacewalk-proxy-salt-4.2.12-150300.3.21.3
susemanager-tftpsync-recv-4.2.5-150300.3.6.2
References:
https://www.suse.com/security/cve/CVE-2021-41411.html
https://www.suse.com/security/cve/CVE-2021-42740.html
https://www.suse.com/security/cve/CVE-2021-43138.html
https://www.suse.com/security/cve/CVE-2022-31129.html
https://bugzilla.suse.com/1172705
https://bugzilla.suse.com/1187028
https://bugzilla.suse.com/1195455
https://bugzilla.suse.com/1195895
https://bugzilla.suse.com/1196729
https://bugzilla.suse.com/1198168
https://bugzilla.suse.com/1198489
https://bugzilla.suse.com/1198738
https://bugzilla.suse.com/1198903
https://bugzilla.suse.com/1199372
https://bugzilla.suse.com/1199659
https://bugzilla.suse.com/1199913
https://bugzilla.suse.com/1199950
https://bugzilla.suse.com/1200276
https://bugzilla.suse.com/1200296
https://bugzilla.suse.com/1200480
https://bugzilla.suse.com/1200532
https://bugzilla.suse.com/1200573
https://bugzilla.suse.com/1200591
https://bugzilla.suse.com/1200629
https://bugzilla.suse.com/1201142
https://bugzilla.suse.com/1201189
https://bugzilla.suse.com/1201210
https://bugzilla.suse.com/1201220
https://bugzilla.suse.com/1201224
https://bugzilla.suse.com/1201527
https://bugzilla.suse.com/1201606
https://bugzilla.suse.com/1201607
https://bugzilla.suse.com/1201626
https://bugzilla.suse.com/1201753
https://bugzilla.suse.com/1201913
https://bugzilla.suse.com/1201918
https://bugzilla.suse.com/1202142
https://bugzilla.suse.com/1202272
https://bugzilla.suse.com/1202464
https://bugzilla.suse.com/1202724
https://bugzilla.suse.com/1202728
https://bugzilla.suse.com/1203287
https://bugzilla.suse.com/1203288
https://bugzilla.suse.com/1203449
From sle-security-updates at lists.suse.com Mon Sep 19 19:37:11 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 19 Sep 2022 21:37:11 +0200 (CEST)
Subject: SUSE-SU-2022:3311-1: moderate: Security update for tika-core
Message-ID: <20220919193711.BABEDF78E@maintenance.suse.de>
SUSE Security Update: Security update for tika-core
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3311-1
Rating: moderate
References: #1199604 #1200283 #1201217
Cross-References: CVE-2022-30126 CVE-2022-30973 CVE-2022-33879
CVSS scores:
CVE-2022-30126 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-30126 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-30973 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-30973 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-33879 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2022-33879 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for tika-core fixes the following issues:
- CVE-2022-33879: Regular Expression Denial of Service in
StandardsExtractingContentHandler (bsc#1201217)
- CVE-2022-30973, CVE-2022-30126: Regular Expression Denial of Service in
Standards Extractor (bsc#1199604, bsc#1200283)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3311=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
tika-core-1.26-150200.3.8.1
References:
https://www.suse.com/security/cve/CVE-2022-30126.html
https://www.suse.com/security/cve/CVE-2022-30973.html
https://www.suse.com/security/cve/CVE-2022-33879.html
https://bugzilla.suse.com/1199604
https://bugzilla.suse.com/1200283
https://bugzilla.suse.com/1201217
From sle-security-updates at lists.suse.com Tue Sep 20 07:19:26 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 20 Sep 2022 09:19:26 +0200 (CEST)
Subject: SUSE-CU-2022:2295-1: Security update of bci/dotnet-aspnet
Message-ID: <20220920071926.7A980F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2295-1
Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-39.34 , bci/dotnet-aspnet:3.1.28 , bci/dotnet-aspnet:3.1.28-39.34
Container Release : 39.34
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Tue Sep 20 07:21:33 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 20 Sep 2022 09:21:33 +0200 (CEST)
Subject: SUSE-CU-2022:2296-1: Security update of suse/pcp
Message-ID: <20220920072133.1E9DDF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2296-1
Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-10.36 , suse/pcp:latest
Container Release : 10.36
Severity : important
Type : security
References : 1189802 1195773 1201680 1201783 CVE-2021-36690 CVE-2021-46828
CVE-2022-35737
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:bci-bci-init-15.4-15.4-22.21 updated
From sle-security-updates at lists.suse.com Tue Sep 20 07:22:38 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 20 Sep 2022 09:22:38 +0200 (CEST)
Subject: SUSE-CU-2022:2297-1: Security update of bci/python
Message-ID: <20220920072238.9100BF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2297-1
Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.31 , bci/python:latest
Container Release : 5.31
Severity : important
Type : security
References : 1047178 1189802 1195773 1201041 1201680 1201783 CVE-2017-6512
CVE-2021-36690 CVE-2021-46828 CVE-2022-35737
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2022:3302-1
Released: Mon Sep 19 08:51:02 2022
Summary: Feature update for python310-pip
Type: feature
Severity: moderate
References: 1201041
This feature update for python310-pip and python-rpm-macros provides:
python310-pip:
Upgrade from version 20.2.4 to version 22.0.4 (jsc#SLE-24539)
- Adjust SPEC file to generate python310 module only
- Avoid cycle: BuildRequire ca-certificates only in tests
- This version is not compatible with Python 3.6 and thus not suitable for SUSE Linux Enterprise 15.
- Drop the doctype check, that presented a warning for index pages that use non-compliant HTML 5.
- Print the exception via rich.traceback, when running with `--debug`.
- Only calculate topological installation order, for packages that are going to be installed/upgraded.
* This error occurred when determining the installation order for a very specific combination of
upgrading of already installed packages, change of dependencies and fetching some packages
from a package index. This combination was especially common in Read the Docs' builds.
- Use html.parser by default, instead of falling back to html5lib when --use-deprecated=html5lib is not passed.
- Clarify that using per-requirement overrides disables the usage of wheels.
- Instead of failing on index pages that use non-compliant HTML 5, print a deprecation warning
and fall back to html5lib-based parsing for now.
This simplifies the migration for non-compliant index pages, by letting such indexes function with a warning.
- Accept lowercase on index pages.
- Properly handle links parsed by html5lib, when using --use-deprecated=html5lib.
- Changed PackageFinder to parse HTML documents using the
stdlib :class:`html.parser.HTMLParser` class instead of the
html5lib package.
- For now, the deprecated html5lib code remains and can be used with the --use-deprecated=html5lib
command line option. However, it will be removed in a future pip release.
- Completely replace :pypi:`tox` in our development workflow, with :pypi:`nox`.
- Deprecate alternative progress bar styles, leaving only on and off as available choices.
- Drop support for Python 3.6.
- Disable location mismatch warnings on Python versions prior to 3.10.
* These warnings were helping identify potential issues as part
of the sysconfig -> distutils transition, and we no longer
need to rely on reports from older Python versions for information on the transition.
- Utilize rich for presenting pip's default download progress bar.
- Present a better error message when an invalid wheel file is
encountered, providing more context where the invalid wheel file is.
- Documents the --require-virtualenv flag for pip install.
- pip install autocompletes paths.
- Allow Python distributors to opt-out from or opt-in to the
sysconfig installation scheme backend by setting
sysconfig._PIP_USE_SYSCONFIG to True or False.
- Make it possible to deselect tests requiring cryptography package on systems where it cannot be installed.
- Start using Rich for presenting error messages in a consistent format.
- Improve presentation of errors from subprocesses.
- Forward pip's verbosity configuration to VCS tools to control their output accordingly.
- Optimize installation order calculation to improve
performance when installing requirements that form a complex
dependency graph with a large amount of edges.
- When a package is requested by the user for upgrade,
correctly identify that the extra-ed variant of that same
package depended by another user-requested package is
requesting the same package, and upgrade it accordingly.
- Prevent pip from installing yanked releases unless explicitly
pinned via the `==` or `===` operators.
- Stop backtracking on build failures, by instead surfacing
them to the user and aborting immediately. This behaviour
provides more immediate feedback when a package cannot be
built due to missing build dependencies or platform
incompatibility.
- Silence Value for does not match warning caused by
an erroneous patch in Slackware-distributed Python 3.9.
- Fix an issue where pip did not consider dependencies with and without extras to be equal
- Always refuse installing or building projects that have no ``pyproject.toml`` nor ``setup.py``.
- Tweak running-as-root detection, to check ``os.getuid`` if it exists, on Unix-y and non-Linux/non-MacOS machines.
- When installing projects with a ``pyproject.toml`` in editable mode, and the build
backend does not support :pep:`660`, prepare metadata using
``prepare_metadata_for_build_wheel`` instead of ``setup.py egg_info``. Also, refuse
installing projects that only have a ``setup.cfg`` and no ``setup.py`` nor
``pyproject.toml``. These restore the pre-21.3 behaviour.
- Restore compatibility of where configuration files are loaded from on MacOS
- Upgrade pep517 to 0.12.0
- Improve deprecation warning regarding the copying of source trees when installing from a local directory.
- Suppress location mismatch warnings when pip is invoked from a Python source
tree, so ``ensurepip`` does not emit warnings on CPython ``make install``.
- On Python 3.10 or later, the installation scheme backend has been changed to use
``sysconfig``. This is to anticipate the deprecation of ``distutils`` in Python
3.10, and its scheduled removal in 3.12. For compatibility considerations, pip
installations running on Python 3.9 or lower will continue to use ``distutils``.
- Remove the ``--build-dir`` option and aliases, one last time.
- In-tree builds are now the default. ``--use-feature=in-tree-build`` is now
ignored. ``--use-deprecated=out-of-tree-build`` may be used temporarily to ease the transition.
- Un-deprecate source distribution re-installation behaviour.
- Replace vendored appdirs with platformdirs.
- Support `PEP 610 `_ to detect
editable installs in ``pip freeze`` and ``pip list``. The ``pip list`` column output
has a new ``Editable project location`` column, and the JSON output has a new
``editable_project_location`` field.
- ``pip freeze`` will now always fallback to reporting the editable project
location when it encounters a VCS error while analyzing an editable
requirement. Before, it sometimes reported the requirement as non-editable.
- ``pip show`` now sorts ``Requires`` and ``Required-By`` alphabetically.
- Do not raise error when there are no files to remove with ``pip cache purge/remove``.
Instead log a warning and continue (to log that we removed 0 files).
- When backtracking during dependency resolution, prefer the dependencies
which are involved in the most recent conflict. This can significantly reduce the amount of backtracking required.
- Cache requirement objects, to improve performance reducing reparses of requirement strings.
- Support editable installs for projects that have a ``pyproject.toml`` and use a
build backend that supports :pep:`660`.
- When a revision is specified in a Git URL, use git's partial clone feature to speed up source retrieval.
- Add a ``--debug`` flag, to enable a mode that doesn't log errors and
propagates them to the top level instead. This is primarily to aid with debugging pip's crashes.
- If a host is explicitly specified as trusted by the user (via the
--trusted-host option), cache HTTP responses from it in addition to HTTPS ones.
- Present a better error message, when a ``file:`` URL is not found.
- Fix the auth credential cache to allow for the case in which the index url contains the username, but the password
comes from an external source, such as keyring.
- Fix double unescape of HTML ``data-requires-python`` and ``data-yanked`` attributes.
- New resolver: Fixes depth ordering of packages during resolution, e.g. a
dependency 2 levels deep will be ordered before a dependency 3 levels deep.
python-rpm-macros:
Update from version 20220106.80d3756 to version 20220809.cf8a7b8 (bsc#1201041)
- Pass `--ignore-installed` to `pip install` in %pyproject_install
- restore end-of-line in alternative scriptlets
- make python_flavored_alternatives less verbose
- Move install of libalts from sciptlets to python_clone -a
- hard-code %py_ver
- print proper error on missing python interpreter
- Update compile-macros.sh
- Create python_flavored_alternatives and use for testing
- Switch primary_interpreter from python38 to python310
- Avoid bashism in %()
- Fix flavor executable substitution
- Keep python38 as primary python3
- Add python310 to the buildset
- Move python39 to the primary place in %pythons
- Disable python36 flavor in Factory buildset
- Add python310 flavor macros to compile set
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- python310-pip-22.0.4-150400.3.3.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Tue Sep 20 16:20:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 20 Sep 2022 18:20:07 +0200 (CEST)
Subject: SUSE-SU-2022:3320-1: important: Security update for vsftpd
Message-ID: <20220920162007.7F75FF78E@maintenance.suse.de>
SUSE Security Update: Security update for vsftpd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3320-1
Rating: important
References: #1021387 #1052900 #1187678 #1187686 #786024
PM-3322
Cross-References: CVE-2021-3618
CVSS scores:
CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has four fixes is now available.
Description:
This update for vsftpd fixes the following issues:
- CVE-2021-3618: Enforced security checks against ALPACA attack
(bsc#1187678, bsc#1187686, PM-3322).
Bugfixes:
- Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900).
- Allowed wait4() to be called so that the broker can wait for its child
processes (bsc#1021387).
- Allowed sendto() syscall when /dev/log support is enabled (bsc#786024).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3320=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3320=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-150400.3.3.1
vsftpd-debuginfo-3.0.5-150400.3.3.1
vsftpd-debugsource-3.0.5-150400.3.3.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-150400.3.3.1
vsftpd-debuginfo-3.0.5-150400.3.3.1
vsftpd-debugsource-3.0.5-150400.3.3.1
References:
https://www.suse.com/security/cve/CVE-2021-3618.html
https://bugzilla.suse.com/1021387
https://bugzilla.suse.com/1052900
https://bugzilla.suse.com/1187678
https://bugzilla.suse.com/1187686
https://bugzilla.suse.com/786024
From sle-security-updates at lists.suse.com Tue Sep 20 19:19:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 20 Sep 2022 21:19:20 +0200 (CEST)
Subject: SUSE-SU-2022:3321-1: important: Security update for kubevirt,
virt-api-container, virt-controller-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-tools-container,
virt-operator-container
Message-ID: <20220920191920.95AD2F78E@maintenance.suse.de>
SUSE Security Update: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3321-1
Rating: important
References: #1199392 #1199460 #1199603 #1200528 #1202516
Cross-References: CVE-2022-1798 CVE-2022-1996 CVE-2022-29162
CVSS scores:
CVE-2022-1798 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-1798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29162 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29162 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This update for kubevirt, virt-api-container, virt-controller-container,
virt-handler-container, virt-launcher-container,
virt-libguestfs-tools-container, virt-operator-container fixes the
following issues:
Security issues fixed:
- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs
(bsc#1202516)
Security issues fixed in vendored dependencies:
- CVE-2022-1996: Fixed go-restful CORS bypass (bsc#1200528)
- CVE-2022-29162: Fixed runc incorrect handling of inheritable
capabilities in default configuration (bsc#1199460)
Other fixes:
- Pack nft rules and nsswitch.conf for virt-handler
- Only create 1MiB-aligned disk images (bsc#1199603)
- Avoid to return nil failure message
- Use semantic equality comparison
- Allow to configure utility containers for update test
- Install nftables to manage network rules
- Install tar to allow kubectl cp ...
- Symlink nsswitch.conf and nft rules to proper locations
- Enable USB redirection support for QEMU
- Install vim-small instread of vim
- Drop libvirt-daemon-driver-storage-core
- Install ethtool and gawk (bsc#1199392)
- Use non-versioned appliance to avoid redundant rpm query
- Explicitly state the dependency on kubevirt main package
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3321=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3321=1
Package List:
- openSUSE Leap 15.3 (x86_64):
kubevirt-container-disk-0.49.0-150300.8.13.1
kubevirt-container-disk-debuginfo-0.49.0-150300.8.13.1
kubevirt-manifests-0.49.0-150300.8.13.1
kubevirt-tests-0.49.0-150300.8.13.1
kubevirt-tests-debuginfo-0.49.0-150300.8.13.1
kubevirt-virt-api-0.49.0-150300.8.13.1
kubevirt-virt-api-debuginfo-0.49.0-150300.8.13.1
kubevirt-virt-controller-0.49.0-150300.8.13.1
kubevirt-virt-controller-debuginfo-0.49.0-150300.8.13.1
kubevirt-virt-handler-0.49.0-150300.8.13.1
kubevirt-virt-handler-debuginfo-0.49.0-150300.8.13.1
kubevirt-virt-launcher-0.49.0-150300.8.13.1
kubevirt-virt-launcher-debuginfo-0.49.0-150300.8.13.1
kubevirt-virt-operator-0.49.0-150300.8.13.1
kubevirt-virt-operator-debuginfo-0.49.0-150300.8.13.1
kubevirt-virtctl-0.49.0-150300.8.13.1
kubevirt-virtctl-debuginfo-0.49.0-150300.8.13.1
obs-service-kubevirt_containers_meta-0.49.0-150300.8.13.1
- SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64):
kubevirt-manifests-0.49.0-150300.8.13.1
kubevirt-virtctl-0.49.0-150300.8.13.1
kubevirt-virtctl-debuginfo-0.49.0-150300.8.13.1
References:
https://www.suse.com/security/cve/CVE-2022-1798.html
https://www.suse.com/security/cve/CVE-2022-1996.html
https://www.suse.com/security/cve/CVE-2022-29162.html
https://bugzilla.suse.com/1199392
https://bugzilla.suse.com/1199460
https://bugzilla.suse.com/1199603
https://bugzilla.suse.com/1200528
https://bugzilla.suse.com/1202516
From sle-security-updates at lists.suse.com Wed Sep 21 07:04:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:04:13 +0200 (CEST)
Subject: SUSE-IU-2022:1081-1: Security update of
suse-sles-15-sp3-chost-byos-v20220916-x86_64-gen2
Message-ID: <20220921070413.1C044F78E@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220916-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1081-1
Image Tags : suse-sles-15-sp3-chost-byos-v20220916-x86_64-gen2:20220916
Image Release :
Severity : important
Type : security
References : 1023051 1047178 1065729 1156395 1178134 1179722 1179723 1181475
1181862 1185882 1191662 1191667 1191881 1192594 1192968 1193081
1194272 1194535 1194557 1195059 1196616 1197158 1197178 1197755
1197756 1197757 1197760 1197763 1197920 1198341 1198405 1198731
1198752 1198823 1198829 1198830 1198832 1198925 1198971 1199093
1199140 1199283 1199291 1199364 1199524 1199647 1199665 1199670
1199895 1200015 1200270 1200431 1200485 1200521 1200570 1200598
1200644 1200651 1200697 1200698 1200700 1200701 1200732 1200762
1200800 1200842 1200845 1200868 1200869 1200870 1200871 1200872
1200873 1200884 1200902 1200903 1200904 1200910 1200993 1201019
1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151
1201152 1201153 1201154 1201155 1201196 1201206 1201249 1201251
1201356 1201359 1201363 1201381 1201420 1201429 1201442 1201458
1201511 1201576 1201610 1201620 1201635 1201636 1201638 1201644
1201645 1201664 1201672 1201673 1201676 1201705 1201726 1201846
1201863 1201930 1201940 1201948 1201954 1201956 1201958 1202020
1202046 1202049 1202050 1202051 1202096 1202097 1202154 1202175
1202310 1202346 1202347 1202393 1202396 1202414 1202420 1202421
1202447 1202498 1202498 1202511 1202512 1202515 1202552 1202564
1202577 1202593 1202599 1202636 1202672 1202687 1202689 1202701
1202708 1202709 1202710 1202711 1202712 1202713 1202714 1202715
1202716 1202717 1202718 1202720 1202722 1202745 1202756 1202810
1202811 1202860 1202862 1202895 1202898 1203063 1203098 1203107
1203116 1203117 1203135 1203136 1203137 CVE-2016-3695 CVE-2017-6512
CVE-2020-27784 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655
CVE-2021-33656 CVE-2021-4155 CVE-2021-41819 CVE-2021-4203 CVE-2022-1116
CVE-2022-1462 CVE-2022-1706 CVE-2022-1720 CVE-2022-1968 CVE-2022-20166
CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
CVE-2022-2129 CVE-2022-21505 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2318 CVE-2022-2343 CVE-2022-2344
CVE-2022-2345 CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571
CVE-2022-2580 CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-26365
CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-27404 CVE-2022-27405
CVE-2022-27406 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2905
CVE-2022-2923 CVE-2022-2946 CVE-2022-29581 CVE-2022-2977 CVE-2022-3016
CVE-2022-3028 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742
CVE-2022-35252 CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188
CVE-2022-39190
-----------------------------------------------------------------
The container suse-sles-15-sp3-chost-byos-v20220916-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2875-1
Released: Tue Aug 23 13:19:13 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154,CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598)
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- Fixed battery detection problem on macbooks (bnc#1201206).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- Sort in RETbleed backport into the sorted section Now that it is upstream..
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- amd-xgbe: Update DMA coherency values (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: do not delete queue kobject before its children (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559).
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules.
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559).
- kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559).
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559).
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/slub: add missing TID updates on slab deactivation (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules.
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2882-1
Released: Wed Aug 24 10:34:31 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3008-1
Released: Mon Sep 5 04:49:14 2022
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1199283
This update for rsyslog fixes the following issues:
- Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3151-1
Released: Wed Sep 7 12:20:53 2022
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1200570
This update for open-iscsi fixes the following issues:
- Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570)
- On Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d
to vendor-specific /usr/etc/logrotate.d
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3223-1
Released: Fri Sep 9 04:33:35 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3241-1
Released: Mon Sep 12 07:21:04 2022
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1201511
This update for cups fixes the following issues:
- Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3264-1
Released: Wed Sep 14 06:23:17 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190
The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kabi/severities: add stmmac driver local sumbols
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- profiling: fix shift too large makes kernel panic (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3292-1
Released: Fri Sep 16 17:06:20 2022
Summary: Security update for ruby2.5
Type: security
Severity: moderate
References: 1193081,CVE-2021-41819
This update for ruby2.5 fixes the following issues:
- CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081).
The following package changes have been done:
- cups-config-2.2.7-150000.3.35.1 updated
- curl-7.66.0-150200.4.39.1 updated
- kernel-default-5.3.18-150300.59.93.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcups2-2.2.7-150000.3.35.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libgnutls30-3.6.7-150200.14.19.2 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libopeniscsiusr0_2_0-2.1.7-150300.32.21.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libruby2_5-2_5-2.5.9-150000.4.26.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150200.42.1 updated
- open-iscsi-2.1.7-150300.32.21.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- perl-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- rsyslog-8.2106.0-150200.4.32.1 updated
- ruby2.5-stdlib-2.5.9-150000.4.26.1 updated
- ruby2.5-2.5.9-150000.4.26.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-sysvinit-246.16-150300.7.51.1 updated
- systemd-246.16-150300.7.51.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- zypper-1.14.55-150200.36.1 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:07:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:07:08 +0200 (CEST)
Subject: SUSE-IU-2022:1082-1: Security update of
suse-sles-15-sp3-chost-byos-v20220916-hvm-ssd-x86_64
Message-ID: <20220921070708.68344F78E@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220916-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1082-1
Image Tags : suse-sles-15-sp3-chost-byos-v20220916-hvm-ssd-x86_64:20220916
Image Release :
Severity : important
Type : security
References : 1023051 1047178 1065729 1156395 1178134 1179722 1179723 1181475
1181862 1185882 1191662 1191667 1191881 1192594 1192968 1193081
1194272 1194535 1194557 1195059 1196616 1197158 1197178 1197755
1197756 1197757 1197760 1197763 1197920 1198341 1198405 1198731
1198752 1198823 1198829 1198830 1198832 1198925 1198971 1199093
1199140 1199283 1199291 1199364 1199524 1199647 1199665 1199670
1199895 1200015 1200270 1200431 1200485 1200521 1200570 1200598
1200644 1200651 1200697 1200698 1200700 1200701 1200732 1200762
1200800 1200842 1200845 1200868 1200869 1200870 1200871 1200872
1200873 1200884 1200902 1200903 1200904 1200910 1200993 1201019
1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151
1201152 1201153 1201154 1201155 1201196 1201206 1201249 1201251
1201356 1201359 1201363 1201381 1201420 1201429 1201442 1201458
1201511 1201576 1201610 1201620 1201635 1201636 1201638 1201644
1201645 1201664 1201672 1201673 1201676 1201705 1201726 1201846
1201863 1201930 1201940 1201948 1201954 1201956 1201958 1202020
1202046 1202049 1202050 1202051 1202096 1202097 1202154 1202175
1202310 1202346 1202347 1202393 1202396 1202414 1202420 1202421
1202447 1202498 1202498 1202511 1202512 1202515 1202552 1202564
1202577 1202593 1202599 1202636 1202672 1202687 1202689 1202701
1202708 1202709 1202710 1202711 1202712 1202713 1202714 1202715
1202716 1202717 1202718 1202720 1202722 1202745 1202756 1202810
1202811 1202860 1202862 1202895 1202898 1203063 1203098 1203107
1203116 1203117 1203135 1203136 1203137 CVE-2016-3695 CVE-2017-6512
CVE-2020-27784 CVE-2020-36516 CVE-2020-36557 CVE-2020-36558 CVE-2021-33655
CVE-2021-33656 CVE-2021-4155 CVE-2021-41819 CVE-2021-4203 CVE-2022-1116
CVE-2022-1462 CVE-2022-1706 CVE-2022-1720 CVE-2022-1968 CVE-2022-20166
CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126
CVE-2022-2129 CVE-2022-21505 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2318 CVE-2022-2343 CVE-2022-2344
CVE-2022-2345 CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571
CVE-2022-2580 CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-26365
CVE-2022-26373 CVE-2022-2639 CVE-2022-2663 CVE-2022-27404 CVE-2022-27405
CVE-2022-27406 CVE-2022-2816 CVE-2022-2817 CVE-2022-2819 CVE-2022-2845
CVE-2022-2849 CVE-2022-2862 CVE-2022-2874 CVE-2022-2889 CVE-2022-2905
CVE-2022-2923 CVE-2022-2946 CVE-2022-29581 CVE-2022-2977 CVE-2022-3016
CVE-2022-3028 CVE-2022-32250 CVE-2022-33740 CVE-2022-33741 CVE-2022-33742
CVE-2022-35252 CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188
CVE-2022-39190
-----------------------------------------------------------------
The container suse-sles-15-sp3-chost-byos-v20220916-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2853-1
Released: Fri Aug 19 15:59:42 2022
Summary: Recommended update for sle-module-legacy-release
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2875-1
Released: Tue Aug 23 13:19:13 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1178134,1196616,1198829,1199364,1199647,1199665,1199670,1200015,1200521,1200598,1200644,1200651,1200762,1200910,1201196,1201206,1201251,1201381,1201429,1201442,1201458,1201635,1201636,1201644,1201645,1201664,1201672,1201673,1201676,1201846,1201930,1201940,1201954,1201956,1201958,1202154,CVE-2020-36516,CVE-2020-36557,CVE-2020-36558,CVE-2021-33655,CVE-2021-33656,CVE-2022-1116,CVE-2022-1462,CVE-2022-20166,CVE-2022-21505,CVE-2022-2318,CVE-2022-26365,CVE-2022-2639,CVE-2022-29581,CVE-2022-32250,CVE-2022-33740,CVE-2022-33741,CVE-2022-33742,CVE-2022-36946
The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed TCP session data injection vulnerability via the mixed IPID assignment method (bnc#1196616).
- CVE-2020-36557: Fixed race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys that could lead to a use-after-free (bnc#1201429).
- CVE-2020-36558: Fixed race condition involving VT_RESIZEX that could lead to a NULL pointer dereference and general protection fault (bnc#1200910).
- CVE-2021-33655: Fixed out of bounds write with ioctl FBIOPUT_VSCREENINFO (bnc#1201635).
- CVE-2021-33656: Fixed out of bounds write with ioctl PIO_FONT (bnc#1201636).
- CVE-2022-1116: Fixed a integer overflow vulnerability in io_uring which allowed a local attacker to cause memory corruption and escalate privileges to root (bnc#1199647).
- CVE-2022-1462: Fixed an out-of-bounds read flaw in the TeleTYpe subsystem (bnc#1198829).
- CVE-2022-2318: Fixed a use-after-free vulnerabilities in the timer handler in net/rose/rose_timer.c that allow attackers to crash the system without any privileges (bsc#1201251).
- CVE-2022-2639: Fixed integer underflow that could lead to out-of-bounds write in reserve_sfa_size() (bsc#1202154).
- CVE-2022-20166: Fixed possible out of bounds write due to sprintf unsafety that could cause local escalation of privilege (bnc#1200598)
- CVE-2022-21505: Fixed kexec lockdown bypass with IMA policy (bsc#1201458).
- CVE-2022-26365, CVE-2022-33740, CVE-2022-33741, CVE-2022-33742: Fixed multiple potential data leaks with Block and Network devices when using untrusted backends (bsc#1200762).
- CVE-2022-29581: Fixed improper update of Reference Count in net/sched that could cause root privilege escalation (bnc#1199665).
- CVE-2022-32250: Fixed user-after-free in net/netfilter/nf_tables_api.c that could allow local privilege escalation (bnc#1200015).
- CVE-2022-36946: Fixed incorrect packet truncation in nfqnl_mangle() that could lead to remote DoS (bnc#1201940).
The following non-security bugs were fixed:
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: hda - Add fixup for Dell Latitidue E5430 (git-fixes).
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (git-fixes).
- ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 (git-fixes).
- ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes).
- ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array (git-fixes).
- ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() (git-fixes).
- ASoC: Remove unused hw_write_t type (git-fixes).
- ASoC: cs47l15: Fix event generation for low power mux control (git-fixes).
- ASoC: madera: Fix event generation for OUT1 demux (git-fixes).
- ASoC: madera: Fix event generation for rate controls (git-fixes).
- ASoC: ops: Fix off by one in range control validation (git-fixes).
- ASoC: sgtl5000: Fix noise on shutdown/remove (git-fixes).
- ASoC: wm5110: Fix DRE control (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- FDDI: defxx: Bail out gracefully with unassigned PCI resource for CSR (git-fixes).
- FDDI: defxx: Make MMIO the configuration default except for EISA (git-fixes).
- Fixed a system crash related to the recent RETBLEED mitigation (bsc#1201644, bsc#1201664, bsc#1201672, bsc#1201673, bsc#1201676).
- Fixed battery detection problem on macbooks (bnc#1201206).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- KVM/emulate: Fix SETcc emulation function offsets with SLS (bsc#1201930).
- KVM: VMX: Add non-canonical check on writes to RTIT address MSRs (git-fixes).
- KVM: VMX: Do not freeze guest when event delivery causes an APIC-access exit (git-fixes).
- KVM: apic: avoid calculating pending eoi from an uninitialized val (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: arm64: Fix definition of PAGE_HYP_DEVICE (git-fixes)
- KVM: emulate: do not adjust size of fastop and setcc subroutines (bsc#1201930).
- KVM: nVMX: avoid NULL pointer dereference with incorrect EVMCS GPAs (git-fixes).
- KVM: nVMX: handle nested posted interrupts when apicv is disabled for L1 (git-fixes).
- KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (git-fixes).
- KVM: x86: Do not let userspace set host-reserved cr4 bits (git-fixes).
- KVM: x86: Fix split-irqchip vs interrupt injection window request (git-fixes).
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (git-fixes).
- KVM: x86: Update vCPU's hv_clock before back to guest when tsc_offset is adjusted (git-fixes).
- KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint (git-fixes).
- NFC: nxp-nci: do not print header length mismatch on i2c error (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: runtime: Remove link state checks in rpm_get/put_supplier() (git-fixes).
- Sort in RETbleed backport into the sorted section Now that it is upstream..
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- USB: serial: ftdi_sio: add Belimo device ids (git-fixes).
- amd-xgbe: Update DMA coherency values (git-fixes).
- arm64 module: set plt* section addresses to 0x0 (git-fixes)
- arm64: Extend workaround for erratum 1024718 to all versions of (git-fixes)
- arm64: asm: Add new-style position independent function annotations (git-fixes)
- arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return (git-fixes)
- arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function (git-fixes)
- arm64: dts: marvell: espressobin: Add ethernet switch aliases (git-fixes)
- arm64: dts: marvell: espressobin: add ethernet alias (git-fixes)
- arm64: dts: mcbin: support 2W SFP modules (git-fixes)
- arm64: fix compat syscall return truncation (git-fixes)
- arm64: fix inline asm in load_unaligned_zeropad() (git-fixes)
- arm64: mm: Do not invalidate FROM_DEVICE buffers at start of DMA (git-fixes)
- arm64: module: remove (NOLOAD) from linker script (git-fixes)
- arm64: module: rework special section handling (git-fixes)
- arm64: perf: Report the PC value in REGS_ABI_32 mode (git-fixes)
- arm64: ptrace: Consistently use pseudo-singlestep exceptions (git-fixes)
- arm64: ptrace: Override SPSR.SS when single-stepping is enabled (git-fixes)
- arm64: stackleak: fix current_top_of_stack() (git-fixes)
- arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing (git-fixes)
- arm64: vdso: Avoid ISB after reading from cntvct_el0 (git-fixes)
- ath10k: Fix error handling in ath10k_setup_msa_resources (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ax88179_178a: add ethtool_op_get_ts_info() (git-fixes).
- blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN (git-fixes).
- blk-zoned: allow zone management send operations without CAP_SYS_ADMIN (git-fixes).
- block/compat_ioctl: fix range check in BLKGETSIZE (git-fixes).
- block: Fix fsync always failed if once failed (git-fixes).
- block: Fix wrong offset in bio_truncate() (git-fixes).
- block: bio-integrity: Advance seed correctly for larger interval sizes (git-fixes).
- block: do not delete queue kobject before its children (git-fixes).
- block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' explicit (git-fixes).
- bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature (bsc#1199364).
- bpf: Add config to allow loading modules with BTF mismatches (jsc#SLE-24559).
- bpf: Add in-kernel split BTF support (jsc#SLE-24559).
- bpf: Assign ID to vmlinux BTF and return extra info for BTF in GET_OBJ_INFO (jsc#SLE-24559).
- bpf: Keep module's btf_data_size intact after load (jsc#SLE-24559).
- bpf: Load and verify kernel module BTFs (jsc#SLE-24559).
- bpf: Provide function to get vmlinux BTF information (jsc#SLE-24559).
- bpf: Sanitize BTF data pointer after module is loaded (jsc#SLE-24559).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: gs_usb: gs_usb_open/close(): fix memory leak (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- config: enable DEBUG_INFO_BTF This option allows users to access the btf type information for vmlinux but not kernel modules.
- cpuidle: PSCI: Move the `has_lpi` check to the beginning of the (git-fixes)
- crypto: qat - disable registration of algorithms (git-fixes).
- crypto: qat - fix memory leak in RSA (git-fixes).
- crypto: qat - remove dma_free_coherent() for DH (git-fixes).
- crypto: qat - remove dma_free_coherent() for RSA (git-fixes).
- crypto: qat - set to zero DH parameters before free (git-fixes).
- cxgb4: Fix the -Wmisleading-indentation warning (git-fixes).
- dm btree remove: assign new_root only when removal succeeds (git-fixes).
- dm btree remove: fix use after free in rebalance_children() (git-fixes).
- dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size (git-fixes).
- dm crypt: Avoid percpu_counter spinlock contention in crypt_page_alloc() (git-fixes).
- dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS (git-fixes).
- dm crypt: make printing of the key constant-time (git-fixes).
- dm integrity: conditionally disable 'recalculate' feature (git-fixes).
- dm integrity: fix a crash if 'recalculate' used without 'internal_hash' (git-fixes).
- dm integrity: fix error code in dm_integrity_ctr() (git-fixes).
- dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes).
- dm integrity: fix the maximum number of arguments (git-fixes).
- dm mirror log: round up region bitmap size to BITS_PER_LONG (git-fixes).
- dm persistent data: packed struct should have an aligned() attribute too (git-fixes).
- dm raid: fix inconclusive reshape layout on fast raid4/5/6 table reload sequences (git-fixes).
- dm snapshot: fix crash with transient storage and zero chunk size (git-fixes).
- dm snapshot: flush merged data before committing metadata (git-fixes).
- dm snapshot: properly fix a crash when an origin has no snapshots (git-fixes).
- dm space map common: fix division bug in sm_ll_find_free_block() (git-fixes).
- dm stats: add cond_resched when looping over entries (git-fixes).
- dm verity: fix FEC for RS roots unaligned to block size (git-fixes).
- dm: fix mempool NULL pointer race when completing IO (git-fixes).
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (git-fixes).
- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (git-fixes).
- dmaengine: pl330: Fix lockdep warning about non-static key (git-fixes).
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (git-fixes).
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (git-fixes).
- do not call utsname() after ->nsproxy is NULL (bsc#1201196).
- drbd: fix potential silent data corruption (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/net: Fix kABI in tun.c (git-fixes).
- drivers: net: fix memory leak in atusb_probe (git-fixes).
- drivers: net: fix memory leak in peak_usb_create_dev (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/i915/gt: Serialize TLB invalidates with GT resets (git-fixes).
- drm/i915/selftests: fix a couple IS_ERR() vs NULL tests (git-fixes).
- drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/panfrost: Fix shrinker list corruption by madvise IOCTL (git-fixes).
- drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- fbcon: Disallow setting font bigger than screen size (git-fixes).
- fbcon: Prevent that screen size is smaller than font size (git-fixes).
- fbdev: fbmem: Fix logo center image dx issue (git-fixes).
- fbmem: Check virtual screen sizes in fb_set_var() (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- ftgmac100: Restart MAC HW once (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: only use single read/write for No AI mode (git-fixes).
- gpio: pca953x: use the correct range when do regmap sync (git-fixes).
- gpio: pca953x: use the correct register address when regcache sync during init (git-fixes).
- hex2bin: make the function hex_to_bin constant-time (git-fixes).
- hv_netvsc: Add (more) validation for untrusted Hyper-V values (bsc#1199364).
- hv_netvsc: Add comment of netvsc_xdp_xmit() (bsc#1199364).
- hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer (bsc#1199364).
- hv_netvsc: Fix validation in netvsc_linkstatus_callback() (bsc#1199364).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Change large transfer count reset logic to be unconditional (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: cadence: Unregister the clk notifier in error path (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- ida: do not use BUG_ON() for debugging (git-fixes).
- igb: Enable RSS for Intel I211 Ethernet Controller (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- ima: Fix a potential integer overflow in ima_appraise_measurement (git-fixes).
- ima: Fix potential memory leak in ima_init_crypto() (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- kABI workaround for rtsx_usb (git-fixes).
- kabi: create module private struct to hold btf size/data (jsc#SLE-24559).
- kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it (jsc#SLE-24559).
- kbuild: Skip module BTF generation for out-of-tree external modules (jsc#SLE-24559).
- kbuild: add marker for build log of *.mod.o (jsc#SLE-24559).
- kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild (jsc#SLE-24559).
- kbuild: rebuild modules when module linker scripts are updated (jsc#SLE-24559).
- kbuild: rename any-prereq to newer-prereqs (jsc#SLE-24559).
- kbuild: split final module linking out into Makefile.modfinal (jsc#SLE-24559).
- lib/string.c: implement stpcpy (git-fixes).
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (git-fixes).
- linux/random.h: Remove arch_has_random, arch_has_random_seed (git-fixes).
- linux/random.h: Use false with bool (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1178134).
- macvlan: remove redundant null check on data (git-fixes).
- md/bitmap: wait for external bitmap writes to complete during tear down (git-fixes).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md: Set prev_flush_start and flush_bio in an atomic way (git-fixes).
- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: rc: increase rc-mm tolerance and add debug message (git-fixes).
- media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T dongle (git-fixes).
- media: rtl28xxu: add missing sleep before probing slave demod (git-fixes).
- media: rtl28xxu: set keymap for Astrometa DVB-T2 (git-fixes).
- media: smipcie: fix interrupt handling and IR timeout (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: usb: dvb-usb-v2: rtl28xxu: convert to use i2c_new_client_device() (git-fixes).
- media: v4l2-mem2mem: always consider OUTPUT queue during poll (git-fixes).
- media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memregion: Fix memregion_free() fallback definition (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (git-fixes).
- misc: rtsx_usb: set return value in rsp_buf alloc err path (git-fixes).
- misc: rtsx_usb: use separate command and response buffers (git-fixes).
- mm/slub: add missing TID updates on slab deactivation (git-fixes).
- mm: fix page reference leak in soft_offline_page() (git fixes (mm/memory-failure)).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- net, xdp: Introduce __xdp_build_skb_from_frame utility routine (bsc#1199364).
- net, xdp: Introduce xdp_build_skb_from_frame utility routine (bsc#1199364).
- net/mlx5e: When changing XDP program without reset, take refs for XSK RQs (git-fixes).
- net/sonic: Fix some resource leaks in error handling paths (git-fixes).
- net: ag71xx: remove unnecessary MTU reservation (git-fixes).
- net: allwinner: Fix some resources leak in the error handling path of the probe and in the remove function (git-fixes).
- net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue timeout warning (git-fixes).
- net: amd-xgbe: Fix network fluctuations when using 1G BELFUSE SFP (git-fixes).
- net: amd-xgbe: Reset link when the link never comes back (git-fixes).
- net: amd-xgbe: Reset the PHY rx data path when mailbox command timeout (git-fixes).
- net: axienet: Handle deferred probe on clock properly (git-fixes).
- net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port (git-fixes).
- net: dsa: bcm_sf2: put device node before return (git-fixes).
- net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE (git-fixes).
- net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock (git-fixes).
- net: enetc: fix incorrect TPID when receiving 802.1ad tagged packets (git-fixes).
- net: enetc: keep RX ring consumer index in sync with hardware (git-fixes).
- net: evaluate net.ipv4.conf.all.proxy_arp_pvlan (git-fixes).
- net: evaluate net.ipvX.conf.all.ignore_routes_with_linkdown (git-fixes).
- net: hns3: fix error mask definition of flow director (git-fixes).
- net: hso: bail out on interrupt URB allocation failure (git-fixes).
- net: lapbether: Remove netif_start_queue / netif_stop_queue (git-fixes).
- net: ll_temac: Fix potential NULL dereference in temac_probe() (git-fixes).
- net: ll_temac: Use devm_platform_ioremap_resource_byname() (git-fixes).
- net: macb: add function to disable all macb clocks (git-fixes).
- net: macb: restore cmp registers on resume path (git-fixes).
- net: macb: unprepare clocks in case of failure (git-fixes).
- net: mscc: Fix OF_MDIO config check (git-fixes).
- net: mvneta: Remove per-cpu queue mapping for Armada 3700 (git-fixes).
- net: rose: fix UAF bug caused by rose_t0timer_expiry (git-fixes).
- net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes (git-fixes).
- net: stmmac: dwmac1000: provide multicast filter fallback (git-fixes).
- net: stmmac: fix CBS idleslope and sendslope calculation (git-fixes).
- net: stmmac: fix incorrect DMA channel intr enable setting of EQoS v4.10 (git-fixes).
- net: stmmac: fix watchdog timeout during suspend/resume stress test (git-fixes).
- net: stmmac: stop each tx channel independently (git-fixes).
- net: tun: set tun->dev->addr_len during TUNSETLINK processing (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: ax88179_178a: add MCT usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: add Toshiba usb 3.0 adapter (git-fixes).
- net: usb: ax88179_178a: remove redundant assignment to variable ret (git-fixes).
- net: usb: ax88179_178a: write mac to hardware in get_mac_addr (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1060 composition (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1070 composition (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- octeontx2-af: fix memory leak of lmac and lmac->name (git-fixes).
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (git-fixes).
- pinctrl: sunxi: sunxi_pconf_set: use correct offset (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: hp-wmi: Ignore Sanitization Mode event (git-fixes).
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (git-fixes).
- powerpc/mobility: wait for memory transfer to complete (bsc#1201846 ltc#198761).
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (bsc#1201846 ltc#198761).
- powerpc/watchdog: introduce a NMI watchdog's factor (bsc#1201846 ltc#198761).
- profiling: fix shift-out-of-bounds bugs (git fixes).
- qla2xxx: drop patch which prevented nvme port discovery (bsc#1200651 bsc#1200644 bsc#1201954 bsc#1201958).
- r8169: fix accessing unset transport header (git-fixes).
- random: document add_hwgenerator_randomness() with other input functions (git-fixes).
- random: fix typo in comments (git-fixes).
- random: remove useless header comment (git fixes).
- raw: Fix a data-race around sysctl_raw_l3mdev_accept (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- rpm/kernel-binary.spec.in: Require dwarves >= 1.22 on SLE15-SP3 or newer Dwarves 1.22 or newer is required to build kernels with BTF information embedded in modules.
- sched/debug: Remove mpol_get/put and task_lock/unlock from (git-fixes)
- sched/fair: Revise comment about lb decision matrix (git fixes (sched/fair)).
- sched/membarrier: fix missing local execution of ipi_sync_rq_state() (git fixes (sched/membarrier)).
- scripts: dummy-tools, add pahole (jsc#SLE-24559).
- scsi: core: Fix error handling of scsi_host_alloc() (git-fixes).
- scsi: core: Fix failure handling of scsi_add_host_with_dma() (git-fixes).
- scsi: core: Only put parent device if host state differs from SHOST_CREATED (git-fixes).
- scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (git-fixes).
- scsi: core: Put LLD module refcnt after SCSI device is released (git-fixes).
- scsi: core: Retry I/O for Notify (Enable Spinup) Required error (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956 bsc#1200521).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() (git-fixes).
- scsi: sd: Fix potential NULL pointer dereference (git-fixes).
- scsi: ufs: Release clock if DMA map fails (git-fixes).
- scsi: ufs: handle cleanup correctly on devm_reset_control_get error (git-fixes).
- serial: 8250: fix return error code in serial8250_request_std_resource() (git-fixes).
- serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle (git-fixes).
- serial: stm32: Clear prev values before setting RTS delays (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: ixp4xx/npe: Fix unused match warning (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- spi: <linux/spi/spi.h>: add missing struct kernel-doc entry (git-fixes).
- spi: amd: Limit max transfer and message size (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- sysctl: Fix data races in proc_dointvec() (git-fixes).
- sysctl: Fix data races in proc_dointvec_jiffies() (git-fixes).
- sysctl: Fix data races in proc_dointvec_minmax() (git-fixes).
- sysctl: Fix data races in proc_douintvec() (git-fixes).
- sysctl: Fix data races in proc_douintvec_minmax() (git-fixes).
- sysctl: Fix data-races in proc_dointvec_ms_jiffies() (git-fixes).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- tick/nohz: Use WARN_ON_ONCE() to prevent console saturation (git fixes (kernel/time)).
- usb: dwc3: add cancelled reasons for dwc3 requests (git-fixes).
- usb: dwc3: gadget: Fix event pending check (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: typec: add missing uevent when partner support PD (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: fix memory leak in error case (git-fixes).
- video: of_display_timing.h: include errno.h (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_mmio: Add missing PM calls to freeze/restore (git-fixes).
- virtio_mmio: Restore guest page size on resume (git-fixes).
- watchdog: export lockup_detector_reconfigure (bsc#1201846 ltc#198761).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: fix queue selection for mesh/OCB interfaces (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- x86/bugs: Remove apostrophe typo (bsc#1178134).
- x86/kvmclock: Move this_cpu_pvti into kvmclock.h (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1178134).
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (bsc#1201381).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2882-1
Released: Wed Aug 24 10:34:31 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2921-1
Released: Fri Aug 26 15:17:43 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059
This update for systemd fixes the following issues:
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- tmpfiles: check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2982-1
Released: Thu Sep 1 12:33:47 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2994-1
Released: Fri Sep 2 10:44:54 2022
Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame
Type: recommended
Severity: moderate
References: 1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3004-1
Released: Fri Sep 2 15:02:14 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3008-1
Released: Mon Sep 5 04:49:14 2022
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1199283
This update for rsyslog fixes the following issues:
- Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3151-1
Released: Wed Sep 7 12:20:53 2022
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1200570
This update for open-iscsi fixes the following issues:
- Modify SPEC file so systemd unit files are mode 644 (not 755) (bsc#1200570)
- On Tumbleweed, moved logrotate files from user-specific directory /etc/logrotate.d
to vendor-specific /usr/etc/logrotate.d
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3223-1
Released: Fri Sep 9 04:33:35 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3241-1
Released: Mon Sep 12 07:21:04 2022
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1201511
This update for cups fixes the following issues:
- Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3264-1
Released: Wed Sep 14 06:23:17 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1065729,1156395,1179722,1179723,1181862,1191662,1191667,1191881,1192594,1192968,1194272,1194535,1197158,1197755,1197756,1197757,1197760,1197763,1197920,1198971,1199291,1200431,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201420,1201610,1201705,1201726,1201948,1202096,1202097,1202346,1202347,1202393,1202396,1202447,1202564,1202577,1202636,1202672,1202701,1202708,1202709,1202710,1202711,1202712,1202713,1202714,1202715,1202716,1202717,1202718,1202720,1202722,1202745,1202756,1202810,1202811,1202860,1202895,1202898,1203063,1203098,1203107,1203116,1203117,1203135,1203136,1203137,CVE-2016-3695,CVE-2020-27784,CVE-2021-4155,CVE-2021-4203,CVE-2022-20368,CVE-2022-20369,CVE-2022-2588,CVE-2022-26373,CVE-2022-2663,CVE-2022-2905,CVE-2022-2977,CVE-2022-3028,CVE-2022-36879,CVE-2022-39188,CVE-2022-39190
The SUSE Linux Enterprise 15 SP3 kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl() printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
The following non-security bugs were fixed:
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (git-fixes).
- ALSA: hda/realtek: Add new alc285-hp-amp-init model (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP50PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNJ (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NP70PNP (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for Dell Latitude 7520 (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Dev One (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add quirk for the Framework Laptop (git-fixes).
- ALSA: hda/realtek: Fix LED on HP ProBook 435 G7 (git-fixes).
- ALSA: hda/realtek: Fix deadlock by COEF mutex (git-fixes).
- ALSA: hda/realtek: Fix headset mic for Acer SF313-51 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP machines (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (git-fixes).
- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machines (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ARM: 9077/1: PLT: Move struct plt_entries definition to header (git-fixes).
- ARM: 9078/1: Add warn suppress parameter to arm_gen_branch_link() (git-fixes).
- ARM: 9079/1: ftrace: Add MODULE_PLTS support (git-fixes).
- ARM: 9098/1: ftrace: MODULE_PLT: Fix build problem without DYNAMIC_FTRACE (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling irqs (bsc#1065729).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: VMX: Refuse to load kvm_intel if EPT and NX are disabled (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: x86: accept userspace interrupt only if no event is injected (git-fixes).
- NFS: fix nfs_path in case of a rename retry (git-fixes).
- NFSD: Add missing NFSv2 .pc_func methods (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).
- NFSv4: Fix second deadlock in nfs4_evict_inode() (git-fixes).
- NFSv4: nfs4_proc_set_acl needs to restore NFS_CAP_UIDGID_NOMAP on error (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (bsc#1200845).
- PCI: hv: Fix interrupt mapping for multi-MSI (bsc#1200845).
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (bsc#1200845).
- PCI: hv: Make the code arch neutral by adding arch specific interfaces (bsc#1200845).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (bsc#1200845).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- SUNRPC reverting d03727b248d0 ('NFSv4 fix CLOSE not waiting for direct IO compeletion') (git-fixes).
- SUNRPC: Clean up scheduling of autoclose (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- VMCI: Add support for ARM64 (bsc#1199291, jsc#SLE-24635).
- VMCI: Check exclusive_vectors when freeing interrupt 1 (bsc#1199291, jsc#SLE-24635).
- VMCI: Enforce queuepair max size for IOCTL_VMCI_QUEUEPAIR_ALLOC (bsc#1199291, jsc#SLE-24635).
- VMCI: Fix some error handling paths in vmci_guest_probe_device() (bsc#1199291, jsc#SLE-24635).
- VMCI: Release notification_bitmap in error path (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add MMIO access to registers (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams receive (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: add support for DMA datagrams sends (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: allocate send and receive buffers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: detect DMA datagram capability (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: register dummy IRQ handlers for DMA datagrams (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: set OS page size (bsc#1199291, jsc#SLE-24635).
- VMCI: dma dg: whitespace formatting change for vmci register defines (bsc#1199291, jsc#SLE-24635).
- arm64: signal: nofpsimd: Do not allocate fp/simd context when not available (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- blk-iocost: clamp inuse and skip noops in __propagate_weights() (bsc#1202722).
- blk-iocost: fix operation ordering in iocg_wake_fn() (bsc#1202720).
- blk-iocost: fix weight updates of inner active iocgs (bsc#1202717).
- blk-iocost: rename propagate_active_weights() to propagate_weights() (bsc#1202722).
- blktrace: fix blk_rq_merge documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: m_can: process interrupt only when not runtime suspended (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202810).
- ceph: do not truncate file in atomic_open (bsc#1202811).
- cgroup: Trace event cgroup id fields should be u64 (git-fixes).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: rockchip: add sclk_mac_lbtest to rk3188_critical_clocks (git-fixes).
- coresight: cti: Correct the parameter for pm_runtime_put (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dpaa2-eth: unregister the netdev before disconnecting from the PHY (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- ehea: fix error return code in ehea_restart_qps() (git-fixes).
- enetc: Fix endianness issues for enetc_qos (git-fixes).
- ethernet: sun: niu: fix missing checks of niu_pci_eeprom_read() (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not set SB_ACTIVE in ext4_orphan_cleanup() (bsc#1202708).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling code in add_new_gdb (bsc#1179722).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix invalid inode checksum (bsc#1179723).
- ext4: fix loff_t overflow in ext4_max_bitmap_size() (bsc#1202709).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix potential infinite loop in ext4_dx_readdir() (bsc#1191662).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- fuse: Remove the control interface for virtio-fs (bsc#1203137).
- fuse: ioctl: translate ENOSYS (bsc#1203136).
- fuse: limit nsec (bsc#1203135).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- hv_netvsc: Load and store the proper (NBL_HASH_INFO) per-packet info (bsc#1202701).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- ice: report supported and advertised autoneg using PHY capabilities (git-fixes).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- ipmi: ssif: initialize ssif_info->client early (git-fixes).
- ixgbevf: add correct exception tracing for XDP (git-fixes).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kabi/severities: add stmmac driver local sumbols
- kbuild: do not create built-in objects for external module builds (jsc#SLE-24559 bsc#1202756).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (bsc#1181862 git-fixes).
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kfifo: fix ternary sign extension bugs (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib: bitmap: provide devm_bitmap_alloc() and devm_bitmap_zalloc() (git-fixes).
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420 ZDI-CAN-17325).
- list: add 'list_del_init_careful()' to go with 'list_empty_careful()' (bsc#1202745).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- loop: Fix missing discard support when using LOOP_CONFIGURE (bsc#1202718).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes, bsc#1203098).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- module: Ignore _GLOBAL_OFFSET_TABLE_ when warning for undefined symbols (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- net/mlx5e: Check for needed capability for cvlan matching (git-fixes).
- net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()' (git-fixes).
- net: bcmgenet: Add mdio-bcm-unimac soft dependency (git-fixes).
- net: cpsw: Properly initialise struct page_pool_params (git-fixes).
- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (git-fixes).
- net: davinci_emac: Fix incorrect masking of tx and rx error channel (git-fixes).
- net: dsa: b53: fix an off by one in checking 'vlan->vid' (git-fixes).
- net: dsa: felix: suppress -EPROBE_DEFER errors (git-fixes).
- net: dsa: mt7530: fix VLAN traffic leaks (git-fixes).
- net: enetc: Use pci_release_region() to release some resources (git-fixes).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: enetc: unmap DMA in enetc_send_cmd() (git-fixes).
- net: ethernet: aeroflex: fix UAF in greth_of_remove (git-fixes).
- net: ethernet: ezchip: fix UAF in nps_enet_remove (git-fixes).
- net: ethernet: ezchip: fix error handling (git-fixes).
- net: ethernet: ezchip: remove redundant check (git-fixes).
- net: ethernet: fix potential use-after-free in ec_bhf_remove (git-fixes).
- net: ethernet: ti: cpsw_ale: Fix access to un-initialized memory (git-fixes).
- net: fec: fix the potential memory leak in fec_enet_init() (git-fixes).
- net: fec_ptp: add clock rate zero check (git-fixes).
- net: ftgmac100: Fix crash when removing driver (git-fixes).
- net: hdlc_x25: Return meaningful error code in x25_open (git-fixes).
- net: hns: Fix kernel-doc (git-fixes).
- net: lantiq: fix memory corruption in RX ring (git-fixes).
- net: lapbether: Prevent racing when checking whether the netif is running (git-fixes).
- net: moxa: Use devm_platform_get_and_ioremap_resource() (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mvpp2: fix interrupt mask/unmask skip condition (git-fixes).
- net: netcp: Fix an error message (git-fixes).
- net: pch_gbe: Propagate error from devm_gpio_request_one() (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmicro: handle clk_prepare() failure during init (git-fixes).
- net: stmmac: Modify configuration method of EEE timers (git-fixes).
- net: stmmac: Use resolved link config in mac_link_up() (git-fixes).
- net: stmmac: disable clocks in stmmac_remove_config_dt() (git-fixes).
- net: stmmac: dwmac1000: Fix extended MAC address registers definition (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send (git-fixes).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- ocfs2: drop acl cache for directories too (bsc#1191667).
- ocfs2: fix crash when initialize filecheck kobj fails (bsc#1197920).
- ocfs2: mount fails with buffer overflow in strlen (bsc#1197760).
- octeontx2-af: fix infinite loop in unmapping NPC counter (git-fixes).
- perf bench: Share some global variables to fix build with gcc 10 (git-fixes).
- pinctrl/rockchip: fix gpio device creation (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: Staticify functions without prototypes (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- profiling: fix shift too large makes kernel panic (git-fixes).
- qlcnic: Add null check after calling netdev_alloc_skb (git-fixes).
- random: fix crash on multiple early calls to add_bootloader_randomness() (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- reiserfs: fix handling of -EOPNOTSUPP in reiserfs_for_each_xattr (bsc#1202714).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: fix 2KB pgtable release race (git-fixes).
- s390/ptrace: pass invalid syscall numbers to tracing (bsc#1192594 LTC#197522).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- serial: tegra: Change lower tolerance baud rate limit for tegra20 and tegra30 (git-fixes).
- silence nfscache allocation warnings with kvzalloc (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: Fix incorrect page free bug (git-fixes).
- thermal: Fix NULL pointer dereferences in of_thermal_ functions (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tracing/histogram: Fix a potential memory leak for kstrdup() (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc3: Switch to platform_get_irq_byname_optional() (git-fixes).
- usb: dwc3: ep0: Fix delay status handling (git-fixes).
- usb: dwc3: gadget: END_TRANSFER before CLEAR_STALL command (git-fixes).
- usb: dwc3: gadget: Fix IN endpoint max packet size allocation (git-fixes).
- usb: dwc3: gadget: Refactor dwc3_gadget_ep_dequeue (git-fixes).
- usb: dwc3: gadget: Remove FS bInterval_m1 limitation (git-fixes).
- usb: dwc3: gadget: Remove unnecessary checks (git-fixes).
- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (git-fixes).
- usb: dwc3: gadget: Store resource index of start cmd (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings.
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: u_audio: fix race condition on endpoint stop (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: do not stop tx queues after netif_device_detach() (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- xfs: Fix assert failure in xfs_setattr_size() (git-fixes).
- xfs: bunmapi has unnecessary AG lock ordering issues (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: mark a data structure sick if there are cross-referencing errors (git-fixes).
- xfs: only reset incore inode health state flags when reclaiming an inode (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xprtrdma: Fix XDRBUF_SPARSE_PAGES support (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3276-1
Released: Thu Sep 15 06:15:29 2022
Summary: This update fixes the following issues:
Type: recommended
Severity: moderate
References:
Implement ECO jsc#SLE-20950 to fix the channel configuration for libeconf-devel having L3 support (instead of unsupported).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3292-1
Released: Fri Sep 16 17:06:20 2022
Summary: Security update for ruby2.5
Type: security
Severity: moderate
References: 1193081,CVE-2021-41819
This update for ruby2.5 fixes the following issues:
- CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081).
The following package changes have been done:
- cups-config-2.2.7-150000.3.35.1 updated
- curl-7.66.0-150200.4.39.1 updated
- kernel-default-5.3.18-150300.59.93.1 updated
- libblkid1-2.36.2-150300.4.23.1 updated
- libcups2-2.2.7-150000.3.35.1 updated
- libcurl4-7.66.0-150200.4.39.1 updated
- libeconf0-0.4.4+git20220104.962774f-150300.3.8.1 updated
- libfdisk1-2.36.2-150300.4.23.1 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libgnutls30-3.6.7-150200.14.19.2 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.36.2-150300.4.23.1 updated
- libopeniscsiusr0_2_0-2.1.7-150300.32.21.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libruby2_5-2_5-2.5.9-150000.4.26.1 updated
- libsmartcols1-2.36.2-150300.4.23.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-246.16-150300.7.51.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-246.16-150300.7.51.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.36.2-150300.4.23.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150200.42.1 updated
- open-iscsi-2.1.7-150300.32.21.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- perl-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- rsyslog-8.2106.0-150200.4.32.1 updated
- ruby2.5-stdlib-2.5.9-150000.4.26.1 updated
- ruby2.5-2.5.9-150000.4.26.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-sysvinit-246.16-150300.7.51.1 updated
- systemd-246.16-150300.7.51.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-246.16-150300.7.51.1 updated
- util-linux-systemd-2.36.2-150300.4.23.1 updated
- util-linux-2.36.2-150300.4.23.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- zypper-1.14.55-150200.36.1 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:07:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:07:42 +0200 (CEST)
Subject: SUSE-IU-2022:1083-1: Security update of
suse-sles-15-sp4-chost-byos-v20220916-x86_64-gen2
Message-ID: <20220921070742.D2AC1F78E@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220916-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1083-1
Image Tags : suse-sles-15-sp4-chost-byos-v20220916-x86_64-gen2:20220916
Image Release :
Severity : important
Type : security
References : 1023051 1032323 1047178 1065729 1156395 1181475 1185882 1190497
1190698 1194557 1194592 1194869 1194904 1195059 1195480 1195917
1196616 1197158 1197178 1197391 1197755 1197756 1197757 1197763
1198341 1198405 1198410 1198709 1198731 1198752 1198823 1198830
1198832 1198971 1198979 1199086 1199093 1199140 1199283 1199364
1199524 1199670 1199895 1200102 1200270 1200313 1200431 1200465
1200485 1200544 1200570 1200697 1200698 1200700 1200701 1200732
1200771 1200800 1200845 1200868 1200869 1200870 1200871 1200872
1200873 1200884 1200902 1200903 1200904 1200975 1200993 1201019
1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151
1201152 1201153 1201154 1201155 1201249 1201308 1201356 1201359
1201363 1201427 1201442 1201455 1201489 1201511 1201519 1201576
1201610 1201620 1201638 1201675 1201725 1201768 1201795 1201863
1201940 1201956 1201958 1201975 1202011 1202020 1202046 1202049
1202050 1202051 1202096 1202097 1202113 1202131 1202154 1202175
1202262 1202265 1202310 1202312 1202346 1202347 1202385 1202393
1202414 1202420 1202421 1202447 1202471 1202498 1202511 1202512
1202515 1202552 1202558 1202564 1202593 1202599 1202623 1202636
1202672 1202681 1202687 1202689 1202710 1202711 1202712 1202713
1202715 1202716 1202757 1202758 1202759 1202761 1202762 1202763
1202764 1202765 1202766 1202767 1202768 1202769 1202770 1202771
1202773 1202774 1202775 1202776 1202778 1202779 1202780 1202781
1202782 1202783 1202803 1202822 1202823 1202824 1202860 1202862
1202867 1202874 1202898 1202976 1203036 1203041 1203063 1203107
1203117 1203138 1203139 1203159 CVE-2016-3695 CVE-2017-6512 CVE-2020-36516
CVE-2021-33135 CVE-2021-4037 CVE-2022-1615 CVE-2022-1706 CVE-2022-1720
CVE-2022-1968 CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125
CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580
CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-2639 CVE-2022-2663
CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-2816 CVE-2022-2817
CVE-2022-2819 CVE-2022-28356 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862
CVE-2022-28693 CVE-2022-2873 CVE-2022-2874 CVE-2022-2889 CVE-2022-2905
CVE-2022-2923 CVE-2022-2938 CVE-2022-2946 CVE-2022-2959 CVE-2022-2977
CVE-2022-3016 CVE-2022-3028 CVE-2022-3078 CVE-2022-32250 CVE-2022-32743
CVE-2022-35252 CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188
CVE-2022-39190
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20220916-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2925-1
Released: Mon Aug 29 03:16:48 2022
Summary: Recommended update for audit-secondary
Type: recommended
Severity: important
References: 1201519
This update for audit-secondary fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2973-1
Released: Thu Sep 1 11:37:02 2022
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1198709,1201975
This update for dracut fixes the following issues:
- Include fixes to make network-manager module work properly with dracut (bsc#1201975)
- Add auto timeout to wicked DHCP test (bsc#1198709)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3009-1
Released: Mon Sep 5 04:49:43 2022
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1199283
This update for rsyslog fixes the following issues:
-Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released: Mon Sep 5 15:16:02 2022
Summary: Recommended update for python-pyOpenSSL
Type: recommended
Severity: moderate
References: 1200771
This update for python-pyOpenSSL fixes the following issues:
- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).
python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3161-1
Released: Wed Sep 7 14:40:54 2022
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1200975
This update for hwinfo fixes the following issue:
- improve treatment of NVME devices (bsc#1200975)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3209-1
Released: Thu Sep 8 13:10:13 2022
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1200570
This update for open-iscsi fixes the following issues:
- Set the systemd unit files as non executable. (bsc#1200570)
- For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to
vendor-specific `/usr/etc/logrotate.d`
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3220-1
Released: Fri Sep 9 04:30:52 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3241-1
Released: Mon Sep 12 07:21:04 2022
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1201511
This update for cups fixes the following issues:
- Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3244-1
Released: Mon Sep 12 09:00:27 2022
Summary: Security update for samba
Type: security
Severity: important
References: 1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743
This update for samba fixes the following issues:
- CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976).
- CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803).
Bugfixes:
- Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3293-1
Released: Fri Sep 16 17:30:01 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159,CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-
2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
- CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
- CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685).
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015).
The following non-security bugs were fixed:
- 9p: Fix refcounting during full path walks for fid lookups (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: VIOT: Fix ACS setup (git-fixes).
- ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: thermal: drop an always true check (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Add endianness annotations (git-fixes).
- ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
- ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
- ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
- ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
- ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
- ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
- ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
- ARM: dts: ast2500-evb: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb: fix board compatible (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes).
- ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes).
- ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
- ARM: dts: imx6ul: add missing properties for sram (git-fixes).
- ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
- ARM: dts: imx6ul: fix csi node compatible (git-fixes).
- ARM: dts: imx6ul: fix keypad compatible (git-fixes).
- ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
- ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
- ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
- ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
- ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
- ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
- ARM: findbit: fix overflowing offset (git-fixes).
- ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes).
- ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
- ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
- ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
- ASoC: imx-audmux: Silence a clang warning (git-fixes).
- ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
- ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
- ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes).
- ASoC: mt6359: Fix refcount leak bug (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes).
- ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
- ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes).
- ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
- ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
- ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
- ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
- Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
- Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
- Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes).
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes).
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
- Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
- Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
- HID: add Lenovo Yoga C630 battery quirk (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: amd_sfh: Add NULL check for hid device (git-fixes).
- HID: amd_sfh: Handle condition of 'no sensors' (git-fixes).
- HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- HID: hid-input: add Surface Go battery quirk (git-fixes).
- HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
- HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies).
- HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes).
- Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes).
- Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - merge quirk tables (git-fies).
- Input: i8042 - move __initconst to fix code styling warning (git-fies).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
- KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
- KVM: MMU: shadow nested paging does not have PKU (git-fixes).
- KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869).
- KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes).
- KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
- KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes).
- KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
- KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
- KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes).
- KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
- KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
- KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes).
- KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes).
- KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes).
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes).
- KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes).
- KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes).
- KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes).
- KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes).
- KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
- KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes).
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes).
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes).
- KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
- KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
- KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes).
- NFSD: Fix ia_size underflow (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI/AER: Iterate over error counters instead of error strings (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
- PM: hibernate: defer device probing when resuming from hibernation (git-fixes).
- SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- XArray: Update the LRU list in xas_split() (git-fixes).
- apparmor: Fix failed mount permission check error message (git-fixes).
- apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
- apparmor: fix aa_label_asxprint return check (git-fixes).
- apparmor: fix absroot causing audited secids to begin with = (git-fixes).
- apparmor: fix overlapping attachment computation (git-fixes).
- apparmor: fix quiet_denied for file rules (git-fixes).
- apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
- apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
- arm64: Do not forget syscall when starting a new thread (git-fixes).
- arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes).
- arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
- arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
- arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
- arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
- arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes).
- arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
- arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
- arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes).
- arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes).
- arm64: fix rodata=full (git-fixes).
- arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes).
- arm64: set UXN on swapper page tables (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
- arm64: tegra: Fixup SYSRAM references (git-fixes).
- arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
- arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes).
- arm_pmu: Validate single/group leader events (git-fixes).
- asm-generic: remove a broken and needless ifdef conditional (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ath11k: Fix incorrect debug_mask mappings (git-fixes).
- ath11k: fix netdev open race (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
- ax25: Fix ax25 session cleanup problems (git-fixes).
- bitfield.h: Fix 'type of reg too small for mask' test (git-fixes).
- block: Fix fsync always failed if once failed (bsc#1202779).
- block: Fix wrong offset in bio_truncate() (bsc#1202780).
- block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
- block: only mark bio as tracked if it really is tracked (bsc#1202782).
- bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
- bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
- btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: mcp251x: Fix race condition on receive interrupt (git-fixes).
- can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
- can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes).
- can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
- ceph: do not truncate file in atomic_open (bsc#1202824).
- ceph: use correct index when encoding client supported features (bsc#1202822).
- cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- cifs: fix reconnect on smb3 mount types (bsc#1201427).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: mediatek: reset: Fix written reset bit offset (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes).
- clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes).
- clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes).
- clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes).
- clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes).
- clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes).
- clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes).
- clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
- cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
- crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes).
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes).
- crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes).
- crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes).
- crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
- crypto: hisilicon/sec - fix auth key size error (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes).
- crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes).
- crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
- crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
- device property: Check fwnode->secondary when finding properties (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes).
- dma-debug: make things less spammy under memory pressure (git-fixes).
- dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
- dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
- dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes).
- dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes).
- dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes).
- docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes).
- docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
- docs: zh_CN: fix a broken reference (git-fixes).
- dpaa2-eth: fix ethtool statistics (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/iio: Remove all strcpy() uses (git-fixes).
- drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
- drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
- drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
- drm/amd/display: Avoid MPC infinite loop (git-fixes).
- drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
- drm/amd/display: Fix pixel clock programming (git-fixes).
- drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes).
- drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes).
- drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes).
- drm/amd/display: Optimize bandwidth on following fast update (git-fixes).
- drm/amd/display: Reset DMCUB before HW init (git-fixes).
- drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes).
- drm/amd/display: avoid doing vm_init multiple time (git-fixes).
- drm/amd/display: clear optc underflow before turn off odm clock (git-fixes).
- drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
- drm/amdgpu: Remove one duplicated ef removal (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
- drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes).
- drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/i915: fix null pointer dereference (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: Allow commands to be sent during video mode (git-fixes).
- drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
- drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
- drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes).
- drm/msm/dpu: Fix for non-visible planes (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
- drm/msm: Fix dirtyfb refcounting (git-fixes).
- drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes).
- drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
- drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/nouveau: recognise GA103 (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/shmem-helper: Add missing vunmap on error (git-fixes).
- drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
- drm/udl: Add parameter to set number of URBs (bsc#1195917).
- drm/udl: Add reset_resume (bsc#1195917)
- drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917).
- drm/udl: Drop unneeded alignment (bsc#1195917).
- drm/udl: Enable damage clipping (bsc#1195917).
- drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917).
- drm/udl: Fix potential URB leaks (bsc#1195917).
- drm/udl: Increase the default URB list size to 20 (bsc#1195917).
- drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
- drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
- drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
- drm/udl: Restore display mode on resume (bsc#1195917)
- drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917).
- drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
- drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
- drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes).
- drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
- drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
- dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
- dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes).
- dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
- dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
- dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes).
- eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes).
- erofs: fix deadlock when shrink erofs slab (git-fixes).
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies).
- exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
- exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725).
- exfat: Drop superfluous new line for error messages (bsc#1201725).
- exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix referencing wrong parent directory information after renaming (git-fixes).
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes).
- exfat: use updated exfat_chain directly during renaming (git-fixes).
- export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759).
- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771).
- ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769).
- ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757).
- ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768).
- ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix super block checksum incorrect after mount (bsc#1202773).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761).
- ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
- ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
- ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758).
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
- filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774).
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes).
- firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fix race between exit_itimers() and /proc/pid/timers (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- ftrace/x86: Add back ftrace_expected assignment (git-fixes).
- fuse: ioctl: translate ENOSYS (bsc#1203139).
- fuse: limit nsec (bsc#1203138).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- habanalabs/gaudi: fix shift out of bounds (git-fixes).
- habanalabs/gaudi: mask constant value before cast (git-fixes).
- hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes).
- hwmon: (drivetemp) Add module alias (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- i2c: mxs: Silence a clang warning (git-fixes).
- i2c: npcm: Capitalize the one-line comment (git-fixes).
- i2c: npcm: Correct slave role behavior (git-fixes).
- i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
- ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes).
- ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
- ieee80211: change HE nominal packet padding value defines (bsc#1202131).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
- iio: accel: bma400: Reordering of header files (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
- iio: ad7292: Prevent regulator double disable (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: common: ssp: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
- iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
- inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- interconnect: imx: fix max_node_id (git-fixes).
- io_uring: add a schedule point in io_add_buffers() (git-fixes).
- io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes).
- iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
- iommu/amd: Enable swiotlb in all cases (git-fixes).
- iommu/amd: Fix I/O page table memory leak (git-fixes).
- iommu/amd: Recover from event log overflow (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/dart: Add missing module owner to ops structure (git-fixes).
- iommu/dart: check return value after calling platform_get_resource() (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
- iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes).
- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes).
- iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Drop stop marker messages (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
- iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
- iommu/vt-d: Remove global g_iommus array (bsc#1200301).
- iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
- iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
- iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- iommu: Fix potential use-after-free during probe (git-fixes).
- iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
- iov_iter: fix build issue due to possible type mis-match (git-fixes).
- ipmi: fix initialization when workqueue allocation fails (git-fixes).
- irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes).
- irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
- iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
- iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
- iwlwifi: Add support for more BZ HWs (bsc#1202131).
- iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
- iwlwifi: BZ Family SW reset support (bsc#1202131).
- iwlwifi: Configure FW debug preset via module param (bsc#1202131).
- iwlwifi: Fix FW name for gl (bsc#1202131).
- iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
- iwlwifi: Fix syntax errors in comments (bsc#1202131).
- iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
- iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131).
- iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
- iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
- iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
- iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
- iwlwifi: add new Qu-Hr device (bsc#1202131).
- iwlwifi: add new ax1650 killer device (bsc#1202131).
- iwlwifi: add new device id 7F70 (bsc#1202131).
- iwlwifi: add new pci SoF with JF (bsc#1202131).
- iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
- iwlwifi: add support for BNJ HW (bsc#1202131).
- iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
- iwlwifi: add support for Bz-Z HW (bsc#1202131).
- iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
- iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
- iwlwifi: allow rate-limited error messages (bsc#1202131).
- iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
- iwlwifi: api: remove ttl field from TX command (bsc#1202131).
- iwlwifi: api: remove unused RX status bits (bsc#1202131).
- iwlwifi: avoid variable shadowing (bsc#1202131).
- iwlwifi: avoid void pointer arithmetic (bsc#1202131).
- iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
- iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
- iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
- iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
- iwlwifi: dbg: check trigger data before access (bsc#1202131).
- iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
- iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
- iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131).
- iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131).
- iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131).
- iwlwifi: de-const properly where needed (bsc#1202131).
- iwlwifi: debugfs: remove useless double condition (bsc#1202131).
- iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131).
- iwlwifi: do not use __unused as variable name (bsc#1202131).
- iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
- iwlwifi: dump CSR scratch from outer function (bsc#1202131).
- iwlwifi: dump RCM error tables (bsc#1202131).
- iwlwifi: dump both TCM error tables if present (bsc#1202131).
- iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
- iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: eeprom: clean up macros (bsc#1202131).
- iwlwifi: fix LED dependencies (bsc#1202131).
- iwlwifi: fix debug TLV parsing (bsc#1202131).
- iwlwifi: fix fw/img.c license statement (bsc#1202131).
- iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
- iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
- iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
- iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
- iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
- iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131).
- iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
- iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
- iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
- iwlwifi: fw: make dump_start callback void (bsc#1202131).
- iwlwifi: fw: remove dead error log code (bsc#1202131).
- iwlwifi: implement reset flow for Bz devices (bsc#1202131).
- iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
- iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
- iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
- iwlwifi: make some functions friendly to sparse (bsc#1202131).
- iwlwifi: move symbols into a separate namespace (bsc#1202131).
- iwlwifi: mvm/api: define system control command (bsc#1202131).
- iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
- iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
- iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131).
- iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
- iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
- iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
- iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
- iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131).
- iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131).
- iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131).
- iwlwifi: mvm: Remove antenna c references (bsc#1202131).
- iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131).
- iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131).
- iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
- iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131).
- iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
- iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
- iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
- iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131).
- iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
- iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
- iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
- iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
- iwlwifi: mvm: add some missing command strings (bsc#1202131).
- iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131).
- iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131).
- iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
- iwlwifi: mvm: add support for OCE scan (bsc#1202131).
- iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
- iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
- iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131).
- iwlwifi: mvm: always remove the session protection after association (bsc#1202131).
- iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131).
- iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
- iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
- iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131).
- iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
- iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
- iwlwifi: mvm: correctly set channel flags (bsc#1202131).
- iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
- iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
- iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
- iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
- iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
- iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131).
- iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131).
- iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
- iwlwifi: mvm: drop too short packets silently (bsc#1202131).
- iwlwifi: mvm: extend session protection on association (bsc#1202131).
- iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131).
- iwlwifi: mvm: fix a stray tab (bsc#1202131).
- iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131).
- iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
- iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
- iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131).
- iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
- iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
- iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
- iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131).
- iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
- iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
- iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
- iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
- iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
- iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131).
- iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
- iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
- iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131).
- iwlwifi: mvm: remove card state notification code (bsc#1202131).
- iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
- iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131).
- iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
- iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
- iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
- iwlwifi: mvm: remove session protection upon station removal (bsc#1202131).
- iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
- iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
- iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131).
- iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
- iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131).
- iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
- iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131).
- iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
- iwlwifi: mvm: support RLC configuration command (bsc#1202131).
- iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
- iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
- iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
- iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
- iwlwifi: mvm: update RFI TLV (bsc#1202131).
- iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
- iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131).
- iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
- iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
- iwlwifi: nvm: Correct HE capability (bsc#1202131).
- iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
- iwlwifi: parse error tables from debug TLVs (bsc#1202131).
- iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
- iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131).
- iwlwifi: pcie: add support for MS devices (bsc#1202131).
- iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
- iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
- iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
- iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
- iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
- iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131).
- iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
- iwlwifi: pcie: remove duplicate entry (bsc#1202131).
- iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
- iwlwifi: pcie: retake ownership after reset (bsc#1202131).
- iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
- iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
- iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
- iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
- iwlwifi: pnvm: print out the version properly (bsc#1202131).
- iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
- iwlwifi: propagate (const) type qualifier (bsc#1202131).
- iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
- iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
- iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
- iwlwifi: remove contact information (bsc#1202131).
- iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
- iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
- iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
- iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
- iwlwifi: remove unused macros (bsc#1202131).
- iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131).
- iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131).
- iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
- iwlwifi: scan: Modify return value of a function (bsc#1202131).
- iwlwifi: support 4-bits in MAC step value (bsc#1202131).
- iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
- iwlwifi: support new queue allocation command (bsc#1202131).
- iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
- iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131).
- iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
- iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
- iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
- iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
- iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
- iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
- iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
- iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
- iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131).
- iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131).
- iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
- iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
- iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
- iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
- kabi/severities: Exclude ppc kvm
- kabi/severities: add Qlogic qed symbols
- kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
- kabi/severities: add hisilicon hns3 symbols
- kabi/severities: add microchip dsa drivers
- kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules.
- kabi/severities: octeontx2 driver (jsc#SLE-24682)
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kbuild: fix the modules order between drivers and libs (git-fixes).
- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes).
- kcm: fix strp_init() order and cleanup (git-fies).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
- kselftest/vm: fix tests build with old libc (git-fixes).
- kselftest: Fix vdso_test_abi return status (git-fixes).
- kselftest: signal all child processes (git-fixes).
- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes).
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes).
- landlock: Add clang-format exceptions (git-fixes).
- landlock: Change landlock_add_rule(2) argument check ordering (git-fixes).
- landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
- landlock: Create find_rule() from unmask_layers() (git-fixes).
- landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes).
- landlock: Fix landlock_add_rule(2) documentation (git-fixes).
- landlock: Fix same-layer rule unions (git-fixes).
- landlock: Format with clang-format (git-fixes).
- landlock: Reduce the maximum number of layers to 16 (git-fixes).
- landlock: Use square brackets around 'landlock-ruleset' (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1190497).
- lockdep: Correct lock_classes index mapping (git-fixes).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
- locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes).
- loop: Check for overflow while configuring loop (git-fies).
- loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- mac80211: fix a memory leak where sta_info is not freed (git-fixes).
- mac80211: introduce channel switch disconnect function (bsc#1202131).
- macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
- macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
- macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
- macsec: limit replay window size with XPN (git-fixes).
- marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036).
- media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes).
- media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes).
- media: cedrus: h265: Fix flag name (git-fixes).
- media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
- media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes).
- media: hantro: postproc: Fix motion vector space size (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: hevc: Embedded indexes in RPS (git-fixes).
- media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
- media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
- media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
- media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes).
- mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- minix: fix bug when opening a file with O_DIRECT (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mmc: block: Add single read for 4k sector cards (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
- mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes).
- mmc: mxcmmc: Silence a clang warning (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mmc: tmio: avoid glitches when resetting (git-fixes).
- msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- mt76: mt7615: do not update pm stats in case of error (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
- mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
- mtd: dataflash: Add SPI ID table (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
- mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes).
- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes).
- mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
- n_gsm: remove unused parameters from gsm_error() (git-fixes).
- net: asix: fix 'can't send until first packet is send' issue (git-fixes).
- net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes).
- net: dsa: b53: Add SPI ID table (git-fixes).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes).
- net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies).
- net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
- net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
- net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes).
- net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
- net: dsa: microchip: implement multi-bridge support (git-fixes).
- net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes).
- net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes).
- net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
- net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes).
- net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes).
- net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes).
- net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes).
- net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
- net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes).
- net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes).
- net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
- net: dsa: qca8k: fix MTU calculation (git-fixes).
- net: dsa: seville: register the mdiobus under devres (git-fixes).
- net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: hns3: clean residual vf config after disable sriov (git-fixes).
- net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes).
- net: marvell: prestera: fix incorrect structure access (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes).
- net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes).
- net: mscc: ocelot: set up traps for PTP packets (git-fixes).
- net: openvswitch: do not send internal clone attribute to the userspace (git-fixes).
- net: openvswitch: fix leak of nested actions (git-fixes).
- net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes).
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
- net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes).
- net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
- net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes).
- net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmmac: clean up impossible condition (git-fixes).
- net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904).
- net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
- net: stmmac: fix off-by-one error in sanity check (git-fixes).
- net: usb: Correct PHY handling of smsc95xx (git-fixes).
- net: usb: Correct reset handling of smsc95xx (git-fixes).
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes).
- nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
- nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes).
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)).
- nouveau/svm: Fix to migrate all requested pages (git-fixes).
- nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
- nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
- nvme-auth: retry command if DNR bit is not set (bsc#1201675).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- nvme: implement In-Band authentication (jsc#SLE-20183).
- nvme: kabi fixes for in-band authentication (bsc#1199086).
- nvmet-auth: expire authentication sessions (jsc#SLE-20183).
- nvmet: Expose max queues to configfs (bsc#1201865).
- nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
- ocfs2: fix a deadlock when commit trans (bsc#1202776).
- octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682).
- octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682).
- octeontx2-af: Add SDP interface support (jsc#SLE-24682).
- octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
- octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
- octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
- octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682).
- octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
- octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
- octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
- octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682).
- octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682).
- octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
- octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
- octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
- octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
- octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
- octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682).
- octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
- octeontx2-af: Flow control resource management (jsc#SLE-24682).
- octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
- octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
- octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682).
- octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
- octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
- octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
- octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
- octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682).
- octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
- octeontx2-af: Priority flow control configuration support (jsc#SLE-24682).
- octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682).
- octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
- octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
- octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682).
- octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
- octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682).
- octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
- octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682).
- octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
- octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682).
- octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
- octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682).
- octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
- octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
- octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682).
- octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
- octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
- octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
- octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
- octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
- octeontx2-af: fix array bound error (jsc#SLE-24682).
- octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
- octeontx2-af: initialize action variable (jsc#SLE-24682).
- octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
- octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682).
- octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
- octeontx2-af: verify CQ context updates (jsc#SLE-24682).
- octeontx2-nic: fix mixed module build (jsc#SLE-24682).
- octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682).
- octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
- octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
- octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
- octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
- octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
- octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
- octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
- octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
- octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
- octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
- octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
- octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
- octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682).
- octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682).
- octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
- octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
- octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
- octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
- octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
- octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682).
- octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682).
- octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682).
- octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682).
- octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
- octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682).
- openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
- openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
- openvswitch: always update flow key after nat (git-fixes).
- optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
- perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
- phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes).
- phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
- pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes).
- pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
- pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes).
- pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes).
- pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/chrome: cros_ec: Always expose last resume result (git-fixes).
- platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- proc: fix a dentry lock race between release_task and lookup (git-fixes).
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
- pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes).
- pwm: lpc18xx: Fix period handling (git-fixes).
- qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
- r8152: fix the RX FIFO settings when suspending (git-fixes).
- r8152: fix the units of some registers for RTL8156A (git-fixes).
- random: remove useless header comment (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
- regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
- remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes).
- remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes).
- remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
- remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
- rose: check NULL rose_loopback_neigh->loopback (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
- rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
- rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
- s390/cpumf: Handle events cycles and instructions identical (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
- s390/stp: clock_delta should be signed (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- samples/landlock: Add clang-format exceptions (git-fixes).
- samples/landlock: Fix path_list memory leak (git-fixes).
- samples/landlock: Format with clang-format (git-fixes).
- sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)).
- sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)).
- sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
- sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)).
- sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)).
- sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh
- sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)).
- scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
- scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
- scripts/gdb: change kernel config dumping method (git-fixes).
- scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
- scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
- scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471).
- scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
- scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: ufs: core: Fix another task management completion race (git-fixes).
- scsi: ufs: core: Fix task management completion timeout race (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
- selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130).
- selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
- selftest/vm: verify mmap addr in mremap_test (git-fixes).
- selftest/vm: verify remap destination address in mremap_test (git-fixes).
- selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
- selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
- selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
- selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes).
- selftests/ftrace: make kprobe profile testcase description unique (git-fixes).
- selftests/landlock: Add clang-format exceptions (git-fixes).
- selftests/landlock: Add tests for O_PATH (git-fixes).
- selftests/landlock: Add tests for unknown access rights (git-fixes).
- selftests/landlock: Extend access right tests to directories (git-fixes).
- selftests/landlock: Extend tests for minimal valid attribute size (git-fixes).
- selftests/landlock: Format with clang-format (git-fixes).
- selftests/landlock: Fully test file rename with 'remove' access (git-fixes).
- selftests/landlock: Make tests build with old libc (git-fixes).
- selftests/landlock: Normalize array assignment (git-fixes).
- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes).
- selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
- selftests/memfd: remove unused variable (git-fixes).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes).
- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes).
- selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes).
- selftests/net: timestamping: Fix bind_phc check (git-fixes).
- selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
- selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes).
- selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
- selftests/resctrl: Fix null pointer dereference on open failed (git-fixes).
- selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes).
- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes).
- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes).
- selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes).
- selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
- selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
- selftests/rseq: Introduce thread pointer getters (git-fixes).
- selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes).
- selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
- selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes).
- selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
- selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes).
- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes).
- selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes).
- selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
- selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes).
- selftests/sgx: Treat CC as one argument (git-fixes).
- selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes).
- selftests/x86: Add validity check and allow field splitting (git-fixes).
- selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
- selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes).
- selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes).
- selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
- selftests: Fix IPv6 address bind tests (git-fixes).
- selftests: Fix raw socket bind tests with VRF (git-fixes).
- selftests: add ping test with ping_group_range tuned (git-fixes).
- selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes).
- selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes).
- selftests: cgroup: Test open-time credential usage for migration checks (git-fixes).
- selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
- selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
- selftests: forwarding: fix error message in learning_test (git-fixes).
- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes).
- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- selftests: gpio: fix gpio compiling error (git-fixes).
- selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes).
- selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
- selftests: kvm: set rax before vmcall (git-fixes).
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes).
- selftests: mlxsw: resource_scale: Fix return value (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
- selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes).
- selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
- selftests: mptcp: fix diag instability (git-fixes).
- selftests: mptcp: fix ipv6 routing setup (git-fixes).
- selftests: mptcp: more stable diag tests (git-fixes).
- selftests: net: Correct case name (git-fixes).
- selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
- selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
- selftests: net: tls: remove unused variable and code (git-fixes).
- selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes).
- selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
- selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes).
- selftests: netfilter: disable rp_filter on router (git-fixes).
- selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
- selftests: nft_concat_range: add test for reload with no element add/del (git-fixes).
- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes).
- selftests: openat2: Add missing dependency in Makefile (git-fixes).
- selftests: openat2: Print also errno in failure messages (git-fixes).
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
- selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes).
- selftests: rtc: Increase test timeout so that all tests run (git-fixes).
- selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes).
- selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
- selftests: timers: clocksource-switch: fix passing errors from child (git-fixes).
- selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes).
- selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
- selftests: vm: fix clang build error multiple output files (git-fixes).
- selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes).
- selinux: Add boundary check in put_entry() (git-fixes).
- selinux: access superblock_security_struct in LSM blob way (git-fixes).
- selinux: check return value of sel_make_avc_files (git-fixes).
- selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
- selinux: fix double free of cond_list on error paths (git-fixes).
- selinux: fix memleak in security_read_state_kernel() (git-fixes).
- selinux: fix misuse of mutex_is_locked() (git-fixes).
- selinux: use correct type for context length (git-fixes).
- serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes).
- serial: 8250: Export ICR access helpers for internal use (git-fixes).
- serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes).
- serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
- serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
- serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
- soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
- soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
- soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
- soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes).
- soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
- soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- soundwire: qcom: Check device status before reading devid (git-fixes).
- soundwire: qcom: fix device status array range (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: Fix simplification of devm_spi_register_controller (git-fixes).
- spi: dt-bindings: cadence: add missing 'required' (git-fixes).
- spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
- spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes).
- spi: spi-altera-dfl: Fix an error handling path (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: do not check memref size on return from Secure World (git-fixes).
- tee: tee_get_drvdata(): fix description of return value (git-fixes).
- testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes).
- testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
- testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
- tests: fix idmapped mount_setattr test (git-fixes).
- thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes).
- tools/nolibc: fix incorrect truncation of exit code (git-fixes).
- tools/nolibc: i386: fix initial stack alignment (git-fixes).
- tools/nolibc: x86-64: Fix startup code bug (git-fixes).
- tools/testing/scatterlist: add missing defines (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes).
- trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes).
- trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
- tracing: Have filter accept 'common_cpu' to be consistent (git-fixes).
- tracing: Use a struct alignof to determine trace event field alignment (git-fixes).
- tty: 8250: Add support for Brainboxes PX cards (git-fixes).
- tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes).
- tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes).
- tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes).
- tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
- tty: n_gsm: Modify cr bit value when config requester (git-fixes).
- tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes).
- tty: n_gsm: Save dlci address open status when config requester (git-fixes).
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes).
- tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes).
- tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
- tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes).
- tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
- tty: n_gsm: fix DM command (git-fixes).
- tty: n_gsm: fix broken virtual tty handling (git-fixes).
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
- tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes).
- tty: n_gsm: fix decoupled mux resource (git-fixes).
- tty: n_gsm: fix encoding of command/response bit (git-fixes).
- tty: n_gsm: fix flow control handling in tx path (git-fixes).
- tty: n_gsm: fix frame reception handling (git-fixes).
- tty: n_gsm: fix incorrect UA handling (git-fixes).
- tty: n_gsm: fix insufficient txframe size (git-fixes).
- tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
- tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
- tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
- tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
- tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
- tty: n_gsm: fix missing mux reset on config change at responder (git-fixes).
- tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes).
- tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes).
- tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
- tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
- tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
- tty: n_gsm: fix packet re-transmission without open control channel (git-fixes).
- tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
- tty: n_gsm: fix reset fifo race condition (git-fixes).
- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes).
- tty: n_gsm: fix restart handling via CLD command (git-fixes).
- tty: n_gsm: fix software flow control handling (git-fixes).
- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes).
- tty: n_gsm: fix tty registration before control channel open (git-fixes).
- tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes).
- tty: n_gsm: fix wrong DLCI release order (git-fixes).
- tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
- tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
- tty: n_gsm: fix wrong command retry handling (git-fixes).
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes).
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes).
- tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
- tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
- tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: fsl_lpuart: correct the count of break characters (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tun: avoid double free in tun_free_netdev (git-fixes).
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes).
- tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
- uaccess: fix type mismatch warnings from access_ok() (git-fixes).
- ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
- ucounts: Fix rlimit max values check (git-fixes).
- ucounts: Fix systemd LimitNPROC with private users regression (git-fixes).
- ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
- ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
- udmabuf: add back sanity check (git-fixes).
- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes).
- usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
- usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes).
- usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
- usb: cdns3: fix random warning message when driver load (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes).
- usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
- usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes).
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes).
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
- usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes).
- usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
- usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
- usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
- usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Run unregister_netdev() before unbind() again (git-fixes).
- usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes).
- usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes).
- userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
- venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- vfio: Clear the caps->buf to NULL after free (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
- vsock/virtio: read the negotiated features before using VQs (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes).
- watch-queue: remove spurious double semicolon (git-fixes).
- watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
- watch_queue: Fix missing rcu annotation (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes).
- watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies).
- wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
- wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
- x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
- x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497).
- x86/sev: Save the negotiated GHCB version (bsc#1190497).
- xen/gntdev: fix unmap notification order (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
- xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
- xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes).
- xfs: fix use-after-free in xattr node block inactivation (git-fixes).
- xfs: fold perag loop iteration logic into helper function (git-fixes).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: only bother with sync_filesystem during readonly remount (git-fixes).
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
- xfs: rename the next_agno perag iteration variable (git-fixes).
- xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
- xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes).
- xfs: terminate perag iteration reliably on agcount (git-fixes).
- xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xfs: use setattr_copy to set vfs inode attributes (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
- xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
- xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
- xhci: dbc: refactor xhci_dbc_init() (git-fixes).
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
- zonefs: Clear inode information flags on inode creation (git-fixes).
- zonefs: Fix management of open zones (git-fixes).
- zonefs: add MODULE_ALIAS_FS (git-fixes).
The following package changes have been done:
- audit-3.0.6-150400.4.3.1 updated
- cups-config-2.2.7-150000.3.35.1 updated
- curl-7.79.1-150400.5.6.1 updated
- dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- elfutils-0.185-150400.5.3.1 updated
- hwinfo-21.83-150400.3.6.1 updated
- kernel-default-5.14.21-150400.24.21.2 updated
- libasm1-0.185-150400.5.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libcups2-2.2.7-150000.3.35.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libopeniscsiusr0_2_0-2.1.7-150400.39.8.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150400.3.6.1 updated
- open-iscsi-2.1.7-150400.39.8.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- perl-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 updated
- python3-pyOpenSSL-21.0.0-150400.3.3.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- rsyslog-8.2106.0-150400.5.6.1 updated
- samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- system-group-audit-3.0.6-150400.4.3.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-sysvinit-249.12-150400.8.10.1 updated
- systemd-249.12-150400.8.10.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-249.12-150400.8.10.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- zypper-1.14.55-150400.3.6.1 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:08:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:08:16 +0200 (CEST)
Subject: SUSE-IU-2022:1084-1: Security update of
suse-sles-15-sp4-chost-byos-v20220916-hvm-ssd-x86_64
Message-ID: <20220921070816.A434CF78E@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220916-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1084-1
Image Tags : suse-sles-15-sp4-chost-byos-v20220916-hvm-ssd-x86_64:20220916
Image Release :
Severity : important
Type : security
References : 1023051 1032323 1047178 1065729 1156395 1181475 1185882 1190497
1190698 1194557 1194592 1194869 1194904 1195059 1195480 1195917
1196616 1197158 1197178 1197391 1197755 1197756 1197757 1197763
1198341 1198405 1198410 1198709 1198731 1198752 1198823 1198830
1198832 1198971 1198979 1199086 1199093 1199140 1199283 1199364
1199524 1199670 1199895 1200102 1200270 1200313 1200431 1200465
1200485 1200544 1200570 1200697 1200698 1200700 1200701 1200732
1200771 1200800 1200845 1200868 1200869 1200870 1200871 1200872
1200873 1200884 1200902 1200903 1200904 1200975 1200993 1201019
1201092 1201132 1201133 1201134 1201135 1201136 1201150 1201151
1201152 1201153 1201154 1201155 1201249 1201308 1201356 1201359
1201363 1201427 1201442 1201455 1201489 1201511 1201519 1201576
1201610 1201620 1201638 1201675 1201725 1201768 1201795 1201863
1201940 1201956 1201958 1201975 1202011 1202020 1202046 1202049
1202050 1202051 1202096 1202097 1202113 1202131 1202154 1202175
1202262 1202265 1202310 1202312 1202346 1202347 1202385 1202393
1202414 1202420 1202421 1202447 1202471 1202498 1202511 1202512
1202515 1202552 1202558 1202564 1202593 1202599 1202623 1202636
1202672 1202681 1202687 1202689 1202710 1202711 1202712 1202713
1202715 1202716 1202757 1202758 1202759 1202761 1202762 1202763
1202764 1202765 1202766 1202767 1202768 1202769 1202770 1202771
1202773 1202774 1202775 1202776 1202778 1202779 1202780 1202781
1202782 1202783 1202803 1202822 1202823 1202824 1202860 1202862
1202867 1202874 1202898 1202976 1203036 1203041 1203063 1203107
1203117 1203138 1203139 1203159 CVE-2016-3695 CVE-2017-6512 CVE-2020-36516
CVE-2021-33135 CVE-2021-4037 CVE-2022-1615 CVE-2022-1706 CVE-2022-1720
CVE-2022-1968 CVE-2022-20368 CVE-2022-20369 CVE-2022-2124 CVE-2022-2125
CVE-2022-2126 CVE-2022-2129 CVE-2022-2175 CVE-2022-2182 CVE-2022-2183
CVE-2022-2206 CVE-2022-2207 CVE-2022-2208 CVE-2022-2210 CVE-2022-2231
CVE-2022-2257 CVE-2022-2264 CVE-2022-2284 CVE-2022-2285 CVE-2022-2286
CVE-2022-2287 CVE-2022-2304 CVE-2022-2343 CVE-2022-2344 CVE-2022-2345
CVE-2022-24795 CVE-2022-2509 CVE-2022-2522 CVE-2022-2571 CVE-2022-2580
CVE-2022-2581 CVE-2022-2588 CVE-2022-2598 CVE-2022-2639 CVE-2022-2663
CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-2816 CVE-2022-2817
CVE-2022-2819 CVE-2022-28356 CVE-2022-2845 CVE-2022-2849 CVE-2022-2862
CVE-2022-28693 CVE-2022-2873 CVE-2022-2874 CVE-2022-2889 CVE-2022-2905
CVE-2022-2923 CVE-2022-2938 CVE-2022-2946 CVE-2022-2959 CVE-2022-2977
CVE-2022-3016 CVE-2022-3028 CVE-2022-3078 CVE-2022-32250 CVE-2022-32743
CVE-2022-35252 CVE-2022-36879 CVE-2022-36946 CVE-2022-37434 CVE-2022-39188
CVE-2022-39190
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20220916-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2866-1
Released: Mon Aug 22 15:36:30 2022
Summary: Security update for systemd-presets-common-SUSE
Type: security
Severity: moderate
References: 1199524,1200485,CVE-2022-1706
This update for systemd-presets-common-SUSE fixes the following issues:
- CVE-2022-1706: Fixed accessible configs from unprivileged containers in VMs running on VMware products (bsc#1199524).
The following non-security bugs were fixed:
- Modify branding-preset-states to fix systemd-presets-common-SUSE
not enabling new user systemd service preset configuration just
as it handles system service presets. By passing an (optional)
second parameter 'user', the save/apply-changes commands now
work with user services instead of system ones (bsc#1200485)
- Add the wireplumber user service preset to enable it by default
in SLE15-SP4 where it replaced pipewire-media-session, but keep
pipewire-media-session preset so we don't have to branch the
systemd-presets-common-SUSE package for SP4 (bsc#1200485)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2901-1
Released: Fri Aug 26 03:34:23 2022
Summary: Recommended update for elfutils
Type: recommended
Severity: moderate
References:
This update for elfutils fixes the following issues:
- Fix runtime dependency for devel package
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2904-1
Released: Fri Aug 26 05:28:34 2022
Summary: Recommended update for openldap2
Type: recommended
Severity: moderate
References: 1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2919-1
Released: Fri Aug 26 15:04:20 2022
Summary: Security update for gnutls
Type: security
Severity: important
References: 1190698,1198979,1202020,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
Non-security fixes:
- FIPS: Check minimum keylength for symmetric key generation [bsc#1190698]
- FIPS: Only allows ECDSA signature with valid set of hashes (SHA2 and SHA3) [bsc#1190698]
- FIPS: Provides interface for running library self tests on-demand [bsc#1198979]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2920-1
Released: Fri Aug 26 15:17:02 2022
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1195059,1201795
This update for systemd fixes the following issues:
- Don't replace /etc/systemd/system/tmp.mount symlink with a dangling one pointing to /usr/lib/systemd/ (bsc#1201795)
- Drop or soften some of the deprecation warnings (jsc#PED-944)
- Ensure root user can login even if systemd-user-sessions.service is not activated yet (bsc#1195059)
- Avoid applying presets to any services shipped by the experimental sub-package, as they aren't enabled by default
- analyze: Fix offline check for syscal filter
- calendarspec: Fix timer skipping the next elapse
- core: Allow command argument to be longer
- hwdb: Add AV production controllers to hwdb and add uaccess
- hwdb: Allow console users access to rfkill
- hwdb: Allow end-users root-less access to TL866 EPROM readers
- hwdb: Permit unsetting power/persist for USB devices
- hwdb: Tag IR cameras as such
- hwdb: Fix parsing issue
- hwdb: Make usb match patterns uppercase
- hwdb: Update the hardware database
- journal-file: Stop using the event loop if it's already shutting down
- journal-remote: Disable `--trust` option when gnutls is disabled and check_permission() should not be called
- journald: Ensure resources are properly allocated for SIGTERM handling
- kernel-install: Ensure modules.builtin.alias.bin is removed when no longer needed
- macro: Account for negative values in DECIMAL_STR_WIDTH()
- manager: Disallow clone3() function call in seccomp filters
- missing-syscall: Define MOVE_MOUNT_T_EMPTY_PATH if missing
- pid1,cgroup-show: Prevent failure if cgroup.procs in some subcgroups is not readable
- resolve: Fix typo in dns_class_is_pseudo()
- sd-event: Improve handling of process events and termination of processes
- sd-ipv4acd: Fix ARP packet conflicts occurring when sender hardware is one of the host's interfaces
- stdio-bridge: Improve the meaning of the error message
- tmpfiles: Check for the correct directory
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2925-1
Released: Mon Aug 29 03:16:48 2022
Summary: Recommended update for audit-secondary
Type: recommended
Severity: important
References: 1201519
This update for audit-secondary fixes the following issues:
- Create symbolic link from /sbin/audisp-syslog to /usr/sbin/audisp-syslog (bsc#1201519)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2929-1
Released: Mon Aug 29 11:21:47 2022
Summary: Recommended update for timezone
Type: recommended
Severity: important
References: 1202310
This update for timezone fixes the following issue:
- Reflect new Chile DST change (bsc#1202310)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2943-1
Released: Tue Aug 30 15:42:16 2022
Summary: Recommended update for python-iniconfig
Type: recommended
Severity: low
References: 1202498
This update for python-iniconfig provides the following fix:
- Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2944-1
Released: Wed Aug 31 05:39:14 2022
Summary: Recommended update for procps
Type: recommended
Severity: important
References: 1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:2947-1
Released: Wed Aug 31 09:16:21 2022
Summary: Security update for zlib
Type: security
Severity: important
References: 1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2973-1
Released: Thu Sep 1 11:37:02 2022
Summary: Recommended update for dracut
Type: recommended
Severity: important
References: 1198709,1201975
This update for dracut fixes the following issues:
- Include fixes to make network-manager module work properly with dracut (bsc#1201975)
- Add auto timeout to wicked DHCP test (bsc#1198709)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2977-1
Released: Thu Sep 1 12:30:19 2022
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1197178,1198731
This update for util-linux fixes the following issues:
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3003-1
Released: Fri Sep 2 15:01:44 2022
Summary: Security update for curl
Type: security
Severity: low
References: 1202593,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-35252: Fixed a potential injection of control characters
into cookies, which could be exploited by sister sites to cause a
denial of service (bsc#1202593).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3009-1
Released: Mon Sep 5 04:49:43 2022
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1199283
This update for rsyslog fixes the following issues:
-Fix memory access violation issue in qDeqLinkedList during shutdown (bsc#1199283)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3022-1
Released: Mon Sep 5 15:16:02 2022
Summary: Recommended update for python-pyOpenSSL
Type: recommended
Severity: moderate
References: 1200771
This update for python-pyOpenSSL fixes the following issues:
- Fixed checks for invalid ALPN lists before calling OpenSSL (gh#pyca/pyopenssl#1056).
python-pyOpenSSL was updated to 21.0.0 (bsc#1200771, jsc#SLE-24519):
- The minimum ``cryptography`` version is now 3.3.
- Raise an error when an invalid ALPN value is set.
- Added ``OpenSSL.SSL.Context.set_min_proto_version`` and ``OpenSSL.SSL.Context.set_max_proto_version``
- Updated ``to_cryptography`` and ``from_cryptography`` methods to support an upcoming release of ``cryptography`` without raising deprecation warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3028-1
Released: Mon Sep 5 16:31:24 2022
Summary: Recommended update for python-pytz
Type: recommended
Severity: low
References:
This update for python-pytz fixes the following issues:
- update to 2022.1:
matches tzdata 2022a
- declare python 3.10 compatibility
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3118-1
Released: Tue Sep 6 15:43:53 2022
Summary: Recommended update for lvm2
Type: recommended
Severity: moderate
References: 1202011
This update for lvm2 fixes the following issues:
- Do not use udev for device listing or device information (bsc#1202011)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3161-1
Released: Wed Sep 7 14:40:54 2022
Summary: Recommended update for hwinfo
Type: recommended
Severity: moderate
References: 1200975
This update for hwinfo fixes the following issue:
- improve treatment of NVME devices (bsc#1200975)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3162-1
Released: Wed Sep 7 15:07:31 2022
Summary: Security update for libyajl
Type: security
Severity: moderate
References: 1198405,CVE-2022-24795
This update for libyajl fixes the following issues:
- CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs (bsc#1198405).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3209-1
Released: Thu Sep 8 13:10:13 2022
Summary: Recommended update for open-iscsi
Type: recommended
Severity: moderate
References: 1200570
This update for open-iscsi fixes the following issues:
- Set the systemd unit files as non executable. (bsc#1200570)
- For openSUSE Tumbleweed, moved logrotate files from user-specific directory `/etc/logrotate.d` to
vendor-specific `/usr/etc/logrotate.d`
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3219-1
Released: Thu Sep 8 21:15:24 2022
Summary: Recommended update for sysconfig
Type: recommended
Severity: moderate
References: 1185882,1194557,1199093
This update for sysconfig fixes the following issues:
- netconfig: remove sed dependency
- netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093)
- netconfig: cleanup /var/run leftovers (bsc#1194557)
- netconfig: update ntp man page documentation, fix typos
- netconfig: revert NM default policy change change (bsc#1185882)
With the change to the default policy, netconfig with NetworkManager
as network.service accepted settings from all services/programs
directly instead only from NetworkManager, where plugins/services
have to deliver their settings to apply them.
- Also support service(network) provides
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3220-1
Released: Fri Sep 9 04:30:52 2022
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors
- Put signing key supplying repository name in quotes
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3229-1
Released: Fri Sep 9 14:46:01 2022
Summary: Security update for vim
Type: security
Severity: important
References: 1200270,1200697,1200698,1200700,1200701,1200732,1200884,1200902,1200903,1200904,1201132,1201133,1201134,1201135,1201136,1201150,1201151,1201152,1201153,1201154,1201155,1201249,1201356,1201359,1201363,1201620,1201863,1202046,1202049,1202050,1202051,1202414,1202420,1202421,1202511,1202512,1202515,1202552,1202599,1202687,1202689,1202862,CVE-2022-1720,CVE-2022-1968,CVE-2022-2124,CVE-2022-2125,CVE-2022-2126,CVE-2022-2129,CVE-2022-2175,CVE-2022-2182,CVE-2022-2183,CVE-2022-2206,CVE-2022-2207,CVE-2022-2208,CVE-2022-2210,CVE-2022-2231,CVE-2022-2257,CVE-2022-2264,CVE-2022-2284,CVE-2022-2285,CVE-2022-2286,CVE-2022-2287,CVE-2022-2304,CVE-2022-2343,CVE-2022-2344,CVE-2022-2345,CVE-2022-2522,CVE-2022-2571,CVE-2022-2580,CVE-2022-2581,CVE-2022-2598,CVE-2022-2816,CVE-2022-2817,CVE-2022-2819,CVE-2022-2845,CVE-2022-2849,CVE-2022-2862,CVE-2022-2874,CVE-2022-2889,CVE-2022-2923,CVE-2022-2946,CVE-2022-3016
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 0313:
- CVE-2022-2183: Fixed out-of-bounds read through get_lisp_indent() (bsc#1200902).
- CVE-2022-2182: Fixed heap-based buffer overflow through parse_cmd_address() (bsc#1200903).
- CVE-2022-2175: Fixed buffer over-read through cmdline_insert_reg() (bsc#1200904).
- CVE-2022-2304: Fixed stack buffer overflow in spell_dump_compl() (bsc#1201249).
- CVE-2022-2343: Fixed heap-based buffer overflow in GitHub repository vim prior to 9.0.0044 (bsc#1201356).
- CVE-2022-2344: Fixed another heap-based buffer overflow vim prior to 9.0.0045 (bsc#1201359).
- CVE-2022-2345: Fixed use after free in GitHub repository vim prior to 9.0.0046. (bsc#1201363).
- CVE-2022-2819: Fixed heap-based Buffer Overflow in compile_lock_unlock() (bsc#1202414).
- CVE-2022-2874: Fixed NULL Pointer Dereference in generate_loadvar() (bsc#1202552).
- CVE-2022-1968: Fixed use after free in utf_ptr2char (bsc#1200270).
- CVE-2022-2124: Fixed out of bounds read in current_quote() (bsc#1200697).
- CVE-2022-2125: Fixed out of bounds read in get_lisp_indent() (bsc#1200698).
- CVE-2022-2126: Fixed out of bounds read in suggest_trie_walk() (bsc#1200700).
- CVE-2022-2129: Fixed out of bounds write in vim_regsub_both() (bsc#1200701).
- CVE-2022-1720: Fixed out of bounds read in grab_file_name() (bsc#1200732).
- CVE-2022-2264: Fixed out of bounds read in inc() (bsc#1201132).
- CVE-2022-2284: Fixed out of bounds read in utfc_ptr2len() (bsc#1201133).
- CVE-2022-2285: Fixed negative size passed to memmove() due to integer overflow (bsc#1201134).
- CVE-2022-2286: Fixed out of bounds read in ins_bytes() (bsc#1201135).
- CVE-2022-2287: Fixed out of bounds read in suggest_trie_walk() (bsc#1201136).
- CVE-2022-2231: Fixed null pointer dereference skipwhite() (bsc#1201150).
- CVE-2022-2210: Fixed out of bounds read in ml_append_int() (bsc#1201151).
- CVE-2022-2208: Fixed null pointer dereference in diff_check() (bsc#1201152).
- CVE-2022-2207: Fixed out of bounds read in ins_bs() (bsc#1201153).
- CVE-2022-2257: Fixed out of bounds read in msg_outtrans_special() (bsc#1201154).
- CVE-2022-2206: Fixed out of bounds read in msg_outtrans_attr() (bsc#1201155).
- CVE-2022-2522: Fixed out of bounds read via nested autocommand (bsc#1201863).
- CVE-2022-2571: Fixed heap-based buffer overflow related to ins_comp_get_next_word_or_line() (bsc#1202046).
- CVE-2022-2580: Fixed heap-based buffer overflow related to eval_string() (bsc#1202049).
- CVE-2022-2581: Fixed out-of-bounds read related to cstrchr() (bsc#1202050).
- CVE-2022-2598: Fixed undefined behavior for Input to API related to diff_mark_adjust_tp() and ex_diffgetput() (bsc#1202051).
- CVE-2022-2817: Fixed use after gree in f_assert_fails() (bsc#1202420).
- CVE-2022-2816: Fixed out-of-bounds Read in check_vim9_unlet() (bsc#1202421).
- CVE-2022-2862: Fixed use-after-free in compile_nested_function() (bsc#1202511).
- CVE-2022-2849: Fixed invalid memory access related to mb_ptr2len() (bsc#1202512).
- CVE-2022-2845: Fixed buffer Over-read related to display_dollar() (bsc#1202515).
- CVE-2022-2889: Fixed use-after-free in find_var_also_in_script() in evalvars.c (bsc#1202599).
- CVE-2022-2923: Fixed NULL pointer dereference in GitHub repository vim/vim prior to 9.0.0240 (bsc#1202687).
- CVE-2022-2946: Fixed use after free in function vim_vsnprintf_typval (bsc#1202689).
- CVE-2022-3016: Fixed use after free in vim prior to 9.0.0285 (bsc#1202862).
Bugfixes:
- Fixing vim error on startup (bsc#1200884).
- Fixing vim SUSE Linux Enterprise Server 15 SP4 Basesystem plugin-tlib issue (bsc#1201620).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3241-1
Released: Mon Sep 12 07:21:04 2022
Summary: Recommended update for cups
Type: recommended
Severity: moderate
References: 1201511
This update for cups fixes the following issues:
- Stuck print jobs being cancelled immediately, despite MaxJobTime being set to 0 (bsc#1201511)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3244-1
Released: Mon Sep 12 09:00:27 2022
Summary: Security update for samba
Type: security
Severity: important
References: 1200102,1202803,1202976,CVE-2022-1615,CVE-2022-32743
This update for samba fixes the following issues:
- CVE-2022-1615: Fixed error handling in random number generation (bso#15103)(bsc#1202976).
- CVE-2022-32743: Implement validated dnsHostName write rights (bso#14833)(bsc#1202803).
Bugfixes:
- Fixed use after free when iterating smbd_server_connection->connections after tree disconnect failure (bso#15128)(bsc#1200102).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3293-1
Released: Fri Sep 16 17:30:01 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159,CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-
2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
- CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
- CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685).
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015).
The following non-security bugs were fixed:
- 9p: Fix refcounting during full path walks for fid lookups (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: VIOT: Fix ACS setup (git-fixes).
- ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: thermal: drop an always true check (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Add endianness annotations (git-fixes).
- ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
- ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
- ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
- ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
- ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
- ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
- ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
- ARM: dts: ast2500-evb: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb: fix board compatible (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes).
- ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes).
- ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
- ARM: dts: imx6ul: add missing properties for sram (git-fixes).
- ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
- ARM: dts: imx6ul: fix csi node compatible (git-fixes).
- ARM: dts: imx6ul: fix keypad compatible (git-fixes).
- ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
- ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
- ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
- ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
- ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
- ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
- ARM: findbit: fix overflowing offset (git-fixes).
- ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes).
- ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
- ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
- ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
- ASoC: imx-audmux: Silence a clang warning (git-fixes).
- ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
- ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
- ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes).
- ASoC: mt6359: Fix refcount leak bug (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes).
- ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
- ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes).
- ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
- ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
- ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
- ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
- Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
- Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
- Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes).
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes).
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
- Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
- Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
- HID: add Lenovo Yoga C630 battery quirk (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: amd_sfh: Add NULL check for hid device (git-fixes).
- HID: amd_sfh: Handle condition of 'no sensors' (git-fixes).
- HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- HID: hid-input: add Surface Go battery quirk (git-fixes).
- HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
- HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies).
- HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes).
- Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes).
- Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - merge quirk tables (git-fies).
- Input: i8042 - move __initconst to fix code styling warning (git-fies).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
- KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
- KVM: MMU: shadow nested paging does not have PKU (git-fixes).
- KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869).
- KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes).
- KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
- KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes).
- KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
- KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
- KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes).
- KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
- KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
- KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes).
- KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes).
- KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes).
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes).
- KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes).
- KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes).
- KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes).
- KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes).
- KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
- KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes).
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes).
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes).
- KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
- KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
- KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes).
- NFSD: Fix ia_size underflow (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI/AER: Iterate over error counters instead of error strings (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
- PM: hibernate: defer device probing when resuming from hibernation (git-fixes).
- SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- XArray: Update the LRU list in xas_split() (git-fixes).
- apparmor: Fix failed mount permission check error message (git-fixes).
- apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
- apparmor: fix aa_label_asxprint return check (git-fixes).
- apparmor: fix absroot causing audited secids to begin with = (git-fixes).
- apparmor: fix overlapping attachment computation (git-fixes).
- apparmor: fix quiet_denied for file rules (git-fixes).
- apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
- apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
- arm64: Do not forget syscall when starting a new thread (git-fixes).
- arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes).
- arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
- arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
- arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
- arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
- arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes).
- arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
- arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
- arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes).
- arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes).
- arm64: fix rodata=full (git-fixes).
- arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes).
- arm64: set UXN on swapper page tables (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
- arm64: tegra: Fixup SYSRAM references (git-fixes).
- arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
- arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes).
- arm_pmu: Validate single/group leader events (git-fixes).
- asm-generic: remove a broken and needless ifdef conditional (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ath11k: Fix incorrect debug_mask mappings (git-fixes).
- ath11k: fix netdev open race (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
- ax25: Fix ax25 session cleanup problems (git-fixes).
- bitfield.h: Fix 'type of reg too small for mask' test (git-fixes).
- block: Fix fsync always failed if once failed (bsc#1202779).
- block: Fix wrong offset in bio_truncate() (bsc#1202780).
- block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
- block: only mark bio as tracked if it really is tracked (bsc#1202782).
- bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
- bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
- btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: mcp251x: Fix race condition on receive interrupt (git-fixes).
- can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
- can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes).
- can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
- ceph: do not truncate file in atomic_open (bsc#1202824).
- ceph: use correct index when encoding client supported features (bsc#1202822).
- cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- cifs: fix reconnect on smb3 mount types (bsc#1201427).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: mediatek: reset: Fix written reset bit offset (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes).
- clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes).
- clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes).
- clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes).
- clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes).
- clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes).
- clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes).
- clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
- cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
- crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes).
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes).
- crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes).
- crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes).
- crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
- crypto: hisilicon/sec - fix auth key size error (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes).
- crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes).
- crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
- crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
- device property: Check fwnode->secondary when finding properties (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes).
- dma-debug: make things less spammy under memory pressure (git-fixes).
- dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
- dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
- dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes).
- dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes).
- dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes).
- docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes).
- docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
- docs: zh_CN: fix a broken reference (git-fixes).
- dpaa2-eth: fix ethtool statistics (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/iio: Remove all strcpy() uses (git-fixes).
- drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
- drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
- drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
- drm/amd/display: Avoid MPC infinite loop (git-fixes).
- drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
- drm/amd/display: Fix pixel clock programming (git-fixes).
- drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes).
- drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes).
- drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes).
- drm/amd/display: Optimize bandwidth on following fast update (git-fixes).
- drm/amd/display: Reset DMCUB before HW init (git-fixes).
- drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes).
- drm/amd/display: avoid doing vm_init multiple time (git-fixes).
- drm/amd/display: clear optc underflow before turn off odm clock (git-fixes).
- drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
- drm/amdgpu: Remove one duplicated ef removal (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
- drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes).
- drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/i915: fix null pointer dereference (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: Allow commands to be sent during video mode (git-fixes).
- drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
- drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
- drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes).
- drm/msm/dpu: Fix for non-visible planes (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
- drm/msm: Fix dirtyfb refcounting (git-fixes).
- drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes).
- drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
- drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/nouveau: recognise GA103 (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/shmem-helper: Add missing vunmap on error (git-fixes).
- drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
- drm/udl: Add parameter to set number of URBs (bsc#1195917).
- drm/udl: Add reset_resume (bsc#1195917)
- drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917).
- drm/udl: Drop unneeded alignment (bsc#1195917).
- drm/udl: Enable damage clipping (bsc#1195917).
- drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917).
- drm/udl: Fix potential URB leaks (bsc#1195917).
- drm/udl: Increase the default URB list size to 20 (bsc#1195917).
- drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
- drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
- drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
- drm/udl: Restore display mode on resume (bsc#1195917)
- drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917).
- drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
- drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
- drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes).
- drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
- drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
- dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
- dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes).
- dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
- dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
- dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes).
- eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes).
- erofs: fix deadlock when shrink erofs slab (git-fixes).
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies).
- exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
- exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725).
- exfat: Drop superfluous new line for error messages (bsc#1201725).
- exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix referencing wrong parent directory information after renaming (git-fixes).
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes).
- exfat: use updated exfat_chain directly during renaming (git-fixes).
- export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759).
- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771).
- ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769).
- ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757).
- ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768).
- ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix super block checksum incorrect after mount (bsc#1202773).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761).
- ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
- ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
- ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758).
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
- filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774).
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes).
- firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fix race between exit_itimers() and /proc/pid/timers (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- ftrace/x86: Add back ftrace_expected assignment (git-fixes).
- fuse: ioctl: translate ENOSYS (bsc#1203139).
- fuse: limit nsec (bsc#1203138).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- habanalabs/gaudi: fix shift out of bounds (git-fixes).
- habanalabs/gaudi: mask constant value before cast (git-fixes).
- hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes).
- hwmon: (drivetemp) Add module alias (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- i2c: mxs: Silence a clang warning (git-fixes).
- i2c: npcm: Capitalize the one-line comment (git-fixes).
- i2c: npcm: Correct slave role behavior (git-fixes).
- i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
- ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes).
- ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
- ieee80211: change HE nominal packet padding value defines (bsc#1202131).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
- iio: accel: bma400: Reordering of header files (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
- iio: ad7292: Prevent regulator double disable (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: common: ssp: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
- iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
- inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- interconnect: imx: fix max_node_id (git-fixes).
- io_uring: add a schedule point in io_add_buffers() (git-fixes).
- io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes).
- iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
- iommu/amd: Enable swiotlb in all cases (git-fixes).
- iommu/amd: Fix I/O page table memory leak (git-fixes).
- iommu/amd: Recover from event log overflow (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/dart: Add missing module owner to ops structure (git-fixes).
- iommu/dart: check return value after calling platform_get_resource() (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
- iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes).
- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes).
- iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Drop stop marker messages (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
- iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
- iommu/vt-d: Remove global g_iommus array (bsc#1200301).
- iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
- iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
- iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- iommu: Fix potential use-after-free during probe (git-fixes).
- iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
- iov_iter: fix build issue due to possible type mis-match (git-fixes).
- ipmi: fix initialization when workqueue allocation fails (git-fixes).
- irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes).
- irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
- iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
- iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
- iwlwifi: Add support for more BZ HWs (bsc#1202131).
- iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
- iwlwifi: BZ Family SW reset support (bsc#1202131).
- iwlwifi: Configure FW debug preset via module param (bsc#1202131).
- iwlwifi: Fix FW name for gl (bsc#1202131).
- iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
- iwlwifi: Fix syntax errors in comments (bsc#1202131).
- iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
- iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131).
- iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
- iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
- iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
- iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
- iwlwifi: add new Qu-Hr device (bsc#1202131).
- iwlwifi: add new ax1650 killer device (bsc#1202131).
- iwlwifi: add new device id 7F70 (bsc#1202131).
- iwlwifi: add new pci SoF with JF (bsc#1202131).
- iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
- iwlwifi: add support for BNJ HW (bsc#1202131).
- iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
- iwlwifi: add support for Bz-Z HW (bsc#1202131).
- iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
- iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
- iwlwifi: allow rate-limited error messages (bsc#1202131).
- iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
- iwlwifi: api: remove ttl field from TX command (bsc#1202131).
- iwlwifi: api: remove unused RX status bits (bsc#1202131).
- iwlwifi: avoid variable shadowing (bsc#1202131).
- iwlwifi: avoid void pointer arithmetic (bsc#1202131).
- iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
- iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
- iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
- iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
- iwlwifi: dbg: check trigger data before access (bsc#1202131).
- iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
- iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
- iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131).
- iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131).
- iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131).
- iwlwifi: de-const properly where needed (bsc#1202131).
- iwlwifi: debugfs: remove useless double condition (bsc#1202131).
- iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131).
- iwlwifi: do not use __unused as variable name (bsc#1202131).
- iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
- iwlwifi: dump CSR scratch from outer function (bsc#1202131).
- iwlwifi: dump RCM error tables (bsc#1202131).
- iwlwifi: dump both TCM error tables if present (bsc#1202131).
- iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
- iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: eeprom: clean up macros (bsc#1202131).
- iwlwifi: fix LED dependencies (bsc#1202131).
- iwlwifi: fix debug TLV parsing (bsc#1202131).
- iwlwifi: fix fw/img.c license statement (bsc#1202131).
- iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
- iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
- iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
- iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
- iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
- iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131).
- iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
- iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
- iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
- iwlwifi: fw: make dump_start callback void (bsc#1202131).
- iwlwifi: fw: remove dead error log code (bsc#1202131).
- iwlwifi: implement reset flow for Bz devices (bsc#1202131).
- iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
- iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
- iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
- iwlwifi: make some functions friendly to sparse (bsc#1202131).
- iwlwifi: move symbols into a separate namespace (bsc#1202131).
- iwlwifi: mvm/api: define system control command (bsc#1202131).
- iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
- iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
- iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131).
- iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
- iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
- iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
- iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
- iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131).
- iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131).
- iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131).
- iwlwifi: mvm: Remove antenna c references (bsc#1202131).
- iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131).
- iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131).
- iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
- iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131).
- iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
- iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
- iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
- iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131).
- iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
- iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
- iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
- iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
- iwlwifi: mvm: add some missing command strings (bsc#1202131).
- iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131).
- iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131).
- iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
- iwlwifi: mvm: add support for OCE scan (bsc#1202131).
- iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
- iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
- iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131).
- iwlwifi: mvm: always remove the session protection after association (bsc#1202131).
- iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131).
- iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
- iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
- iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131).
- iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
- iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
- iwlwifi: mvm: correctly set channel flags (bsc#1202131).
- iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
- iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
- iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
- iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
- iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
- iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131).
- iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131).
- iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
- iwlwifi: mvm: drop too short packets silently (bsc#1202131).
- iwlwifi: mvm: extend session protection on association (bsc#1202131).
- iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131).
- iwlwifi: mvm: fix a stray tab (bsc#1202131).
- iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131).
- iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
- iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
- iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131).
- iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
- iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
- iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
- iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131).
- iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
- iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
- iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
- iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
- iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
- iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131).
- iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
- iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
- iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131).
- iwlwifi: mvm: remove card state notification code (bsc#1202131).
- iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
- iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131).
- iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
- iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
- iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
- iwlwifi: mvm: remove session protection upon station removal (bsc#1202131).
- iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
- iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
- iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131).
- iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
- iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131).
- iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
- iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131).
- iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
- iwlwifi: mvm: support RLC configuration command (bsc#1202131).
- iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
- iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
- iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
- iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
- iwlwifi: mvm: update RFI TLV (bsc#1202131).
- iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
- iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131).
- iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
- iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
- iwlwifi: nvm: Correct HE capability (bsc#1202131).
- iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
- iwlwifi: parse error tables from debug TLVs (bsc#1202131).
- iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
- iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131).
- iwlwifi: pcie: add support for MS devices (bsc#1202131).
- iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
- iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
- iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
- iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
- iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
- iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131).
- iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
- iwlwifi: pcie: remove duplicate entry (bsc#1202131).
- iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
- iwlwifi: pcie: retake ownership after reset (bsc#1202131).
- iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
- iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
- iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
- iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
- iwlwifi: pnvm: print out the version properly (bsc#1202131).
- iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
- iwlwifi: propagate (const) type qualifier (bsc#1202131).
- iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
- iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
- iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
- iwlwifi: remove contact information (bsc#1202131).
- iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
- iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
- iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
- iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
- iwlwifi: remove unused macros (bsc#1202131).
- iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131).
- iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131).
- iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
- iwlwifi: scan: Modify return value of a function (bsc#1202131).
- iwlwifi: support 4-bits in MAC step value (bsc#1202131).
- iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
- iwlwifi: support new queue allocation command (bsc#1202131).
- iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
- iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131).
- iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
- iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
- iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
- iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
- iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
- iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
- iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
- iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
- iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131).
- iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131).
- iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
- iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
- iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
- iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
- kabi/severities: Exclude ppc kvm
- kabi/severities: add Qlogic qed symbols
- kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
- kabi/severities: add hisilicon hns3 symbols
- kabi/severities: add microchip dsa drivers
- kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules.
- kabi/severities: octeontx2 driver (jsc#SLE-24682)
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kbuild: fix the modules order between drivers and libs (git-fixes).
- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes).
- kcm: fix strp_init() order and cleanup (git-fies).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
- kselftest/vm: fix tests build with old libc (git-fixes).
- kselftest: Fix vdso_test_abi return status (git-fixes).
- kselftest: signal all child processes (git-fixes).
- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes).
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes).
- landlock: Add clang-format exceptions (git-fixes).
- landlock: Change landlock_add_rule(2) argument check ordering (git-fixes).
- landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
- landlock: Create find_rule() from unmask_layers() (git-fixes).
- landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes).
- landlock: Fix landlock_add_rule(2) documentation (git-fixes).
- landlock: Fix same-layer rule unions (git-fixes).
- landlock: Format with clang-format (git-fixes).
- landlock: Reduce the maximum number of layers to 16 (git-fixes).
- landlock: Use square brackets around 'landlock-ruleset' (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1190497).
- lockdep: Correct lock_classes index mapping (git-fixes).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
- locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes).
- loop: Check for overflow while configuring loop (git-fies).
- loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- mac80211: fix a memory leak where sta_info is not freed (git-fixes).
- mac80211: introduce channel switch disconnect function (bsc#1202131).
- macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
- macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
- macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
- macsec: limit replay window size with XPN (git-fixes).
- marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036).
- media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes).
- media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes).
- media: cedrus: h265: Fix flag name (git-fixes).
- media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
- media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes).
- media: hantro: postproc: Fix motion vector space size (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: hevc: Embedded indexes in RPS (git-fixes).
- media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
- media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
- media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
- media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes).
- mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- minix: fix bug when opening a file with O_DIRECT (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mmc: block: Add single read for 4k sector cards (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
- mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes).
- mmc: mxcmmc: Silence a clang warning (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mmc: tmio: avoid glitches when resetting (git-fixes).
- msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- mt76: mt7615: do not update pm stats in case of error (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
- mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
- mtd: dataflash: Add SPI ID table (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
- mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes).
- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes).
- mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
- n_gsm: remove unused parameters from gsm_error() (git-fixes).
- net: asix: fix 'can't send until first packet is send' issue (git-fixes).
- net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes).
- net: dsa: b53: Add SPI ID table (git-fixes).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes).
- net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies).
- net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
- net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
- net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes).
- net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
- net: dsa: microchip: implement multi-bridge support (git-fixes).
- net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes).
- net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes).
- net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
- net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes).
- net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes).
- net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes).
- net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes).
- net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
- net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes).
- net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes).
- net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
- net: dsa: qca8k: fix MTU calculation (git-fixes).
- net: dsa: seville: register the mdiobus under devres (git-fixes).
- net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: hns3: clean residual vf config after disable sriov (git-fixes).
- net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes).
- net: marvell: prestera: fix incorrect structure access (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes).
- net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes).
- net: mscc: ocelot: set up traps for PTP packets (git-fixes).
- net: openvswitch: do not send internal clone attribute to the userspace (git-fixes).
- net: openvswitch: fix leak of nested actions (git-fixes).
- net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes).
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
- net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes).
- net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
- net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes).
- net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmmac: clean up impossible condition (git-fixes).
- net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904).
- net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
- net: stmmac: fix off-by-one error in sanity check (git-fixes).
- net: usb: Correct PHY handling of smsc95xx (git-fixes).
- net: usb: Correct reset handling of smsc95xx (git-fixes).
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes).
- nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
- nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes).
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)).
- nouveau/svm: Fix to migrate all requested pages (git-fixes).
- nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
- nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
- nvme-auth: retry command if DNR bit is not set (bsc#1201675).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- nvme: implement In-Band authentication (jsc#SLE-20183).
- nvme: kabi fixes for in-band authentication (bsc#1199086).
- nvmet-auth: expire authentication sessions (jsc#SLE-20183).
- nvmet: Expose max queues to configfs (bsc#1201865).
- nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
- ocfs2: fix a deadlock when commit trans (bsc#1202776).
- octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682).
- octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682).
- octeontx2-af: Add SDP interface support (jsc#SLE-24682).
- octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
- octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
- octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
- octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682).
- octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
- octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
- octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
- octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682).
- octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682).
- octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
- octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
- octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
- octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
- octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
- octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682).
- octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
- octeontx2-af: Flow control resource management (jsc#SLE-24682).
- octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
- octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
- octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682).
- octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
- octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
- octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
- octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
- octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682).
- octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
- octeontx2-af: Priority flow control configuration support (jsc#SLE-24682).
- octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682).
- octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
- octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
- octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682).
- octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
- octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682).
- octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
- octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682).
- octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
- octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682).
- octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
- octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682).
- octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
- octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
- octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682).
- octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
- octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
- octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
- octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
- octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
- octeontx2-af: fix array bound error (jsc#SLE-24682).
- octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
- octeontx2-af: initialize action variable (jsc#SLE-24682).
- octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
- octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682).
- octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
- octeontx2-af: verify CQ context updates (jsc#SLE-24682).
- octeontx2-nic: fix mixed module build (jsc#SLE-24682).
- octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682).
- octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
- octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
- octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
- octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
- octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
- octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
- octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
- octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
- octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
- octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
- octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
- octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
- octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682).
- octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682).
- octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
- octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
- octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
- octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
- octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
- octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682).
- octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682).
- octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682).
- octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682).
- octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
- octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682).
- openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
- openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
- openvswitch: always update flow key after nat (git-fixes).
- optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
- perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
- phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes).
- phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
- pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes).
- pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
- pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes).
- pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes).
- pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/chrome: cros_ec: Always expose last resume result (git-fixes).
- platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- proc: fix a dentry lock race between release_task and lookup (git-fixes).
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
- pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes).
- pwm: lpc18xx: Fix period handling (git-fixes).
- qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
- r8152: fix the RX FIFO settings when suspending (git-fixes).
- r8152: fix the units of some registers for RTL8156A (git-fixes).
- random: remove useless header comment (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
- regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
- remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes).
- remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes).
- remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
- remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
- rose: check NULL rose_loopback_neigh->loopback (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
- rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
- rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
- s390/cpumf: Handle events cycles and instructions identical (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
- s390/stp: clock_delta should be signed (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- samples/landlock: Add clang-format exceptions (git-fixes).
- samples/landlock: Fix path_list memory leak (git-fixes).
- samples/landlock: Format with clang-format (git-fixes).
- sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)).
- sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)).
- sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
- sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)).
- sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)).
- sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh
- sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)).
- scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
- scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
- scripts/gdb: change kernel config dumping method (git-fixes).
- scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
- scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
- scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471).
- scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
- scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: ufs: core: Fix another task management completion race (git-fixes).
- scsi: ufs: core: Fix task management completion timeout race (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
- selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130).
- selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
- selftest/vm: verify mmap addr in mremap_test (git-fixes).
- selftest/vm: verify remap destination address in mremap_test (git-fixes).
- selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
- selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
- selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
- selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes).
- selftests/ftrace: make kprobe profile testcase description unique (git-fixes).
- selftests/landlock: Add clang-format exceptions (git-fixes).
- selftests/landlock: Add tests for O_PATH (git-fixes).
- selftests/landlock: Add tests for unknown access rights (git-fixes).
- selftests/landlock: Extend access right tests to directories (git-fixes).
- selftests/landlock: Extend tests for minimal valid attribute size (git-fixes).
- selftests/landlock: Format with clang-format (git-fixes).
- selftests/landlock: Fully test file rename with 'remove' access (git-fixes).
- selftests/landlock: Make tests build with old libc (git-fixes).
- selftests/landlock: Normalize array assignment (git-fixes).
- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes).
- selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
- selftests/memfd: remove unused variable (git-fixes).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes).
- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes).
- selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes).
- selftests/net: timestamping: Fix bind_phc check (git-fixes).
- selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
- selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes).
- selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
- selftests/resctrl: Fix null pointer dereference on open failed (git-fixes).
- selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes).
- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes).
- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes).
- selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes).
- selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
- selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
- selftests/rseq: Introduce thread pointer getters (git-fixes).
- selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes).
- selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
- selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes).
- selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
- selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes).
- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes).
- selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes).
- selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
- selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes).
- selftests/sgx: Treat CC as one argument (git-fixes).
- selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes).
- selftests/x86: Add validity check and allow field splitting (git-fixes).
- selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
- selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes).
- selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes).
- selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
- selftests: Fix IPv6 address bind tests (git-fixes).
- selftests: Fix raw socket bind tests with VRF (git-fixes).
- selftests: add ping test with ping_group_range tuned (git-fixes).
- selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes).
- selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes).
- selftests: cgroup: Test open-time credential usage for migration checks (git-fixes).
- selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
- selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
- selftests: forwarding: fix error message in learning_test (git-fixes).
- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes).
- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- selftests: gpio: fix gpio compiling error (git-fixes).
- selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes).
- selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
- selftests: kvm: set rax before vmcall (git-fixes).
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes).
- selftests: mlxsw: resource_scale: Fix return value (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
- selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes).
- selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
- selftests: mptcp: fix diag instability (git-fixes).
- selftests: mptcp: fix ipv6 routing setup (git-fixes).
- selftests: mptcp: more stable diag tests (git-fixes).
- selftests: net: Correct case name (git-fixes).
- selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
- selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
- selftests: net: tls: remove unused variable and code (git-fixes).
- selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes).
- selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
- selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes).
- selftests: netfilter: disable rp_filter on router (git-fixes).
- selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
- selftests: nft_concat_range: add test for reload with no element add/del (git-fixes).
- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes).
- selftests: openat2: Add missing dependency in Makefile (git-fixes).
- selftests: openat2: Print also errno in failure messages (git-fixes).
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
- selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes).
- selftests: rtc: Increase test timeout so that all tests run (git-fixes).
- selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes).
- selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
- selftests: timers: clocksource-switch: fix passing errors from child (git-fixes).
- selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes).
- selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
- selftests: vm: fix clang build error multiple output files (git-fixes).
- selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes).
- selinux: Add boundary check in put_entry() (git-fixes).
- selinux: access superblock_security_struct in LSM blob way (git-fixes).
- selinux: check return value of sel_make_avc_files (git-fixes).
- selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
- selinux: fix double free of cond_list on error paths (git-fixes).
- selinux: fix memleak in security_read_state_kernel() (git-fixes).
- selinux: fix misuse of mutex_is_locked() (git-fixes).
- selinux: use correct type for context length (git-fixes).
- serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes).
- serial: 8250: Export ICR access helpers for internal use (git-fixes).
- serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes).
- serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
- serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
- serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
- soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
- soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
- soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
- soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes).
- soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
- soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- soundwire: qcom: Check device status before reading devid (git-fixes).
- soundwire: qcom: fix device status array range (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: Fix simplification of devm_spi_register_controller (git-fixes).
- spi: dt-bindings: cadence: add missing 'required' (git-fixes).
- spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
- spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes).
- spi: spi-altera-dfl: Fix an error handling path (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: do not check memref size on return from Secure World (git-fixes).
- tee: tee_get_drvdata(): fix description of return value (git-fixes).
- testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes).
- testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
- testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
- tests: fix idmapped mount_setattr test (git-fixes).
- thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes).
- tools/nolibc: fix incorrect truncation of exit code (git-fixes).
- tools/nolibc: i386: fix initial stack alignment (git-fixes).
- tools/nolibc: x86-64: Fix startup code bug (git-fixes).
- tools/testing/scatterlist: add missing defines (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes).
- trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes).
- trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
- tracing: Have filter accept 'common_cpu' to be consistent (git-fixes).
- tracing: Use a struct alignof to determine trace event field alignment (git-fixes).
- tty: 8250: Add support for Brainboxes PX cards (git-fixes).
- tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes).
- tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes).
- tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes).
- tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
- tty: n_gsm: Modify cr bit value when config requester (git-fixes).
- tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes).
- tty: n_gsm: Save dlci address open status when config requester (git-fixes).
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes).
- tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes).
- tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
- tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes).
- tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
- tty: n_gsm: fix DM command (git-fixes).
- tty: n_gsm: fix broken virtual tty handling (git-fixes).
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
- tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes).
- tty: n_gsm: fix decoupled mux resource (git-fixes).
- tty: n_gsm: fix encoding of command/response bit (git-fixes).
- tty: n_gsm: fix flow control handling in tx path (git-fixes).
- tty: n_gsm: fix frame reception handling (git-fixes).
- tty: n_gsm: fix incorrect UA handling (git-fixes).
- tty: n_gsm: fix insufficient txframe size (git-fixes).
- tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
- tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
- tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
- tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
- tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
- tty: n_gsm: fix missing mux reset on config change at responder (git-fixes).
- tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes).
- tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes).
- tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
- tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
- tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
- tty: n_gsm: fix packet re-transmission without open control channel (git-fixes).
- tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
- tty: n_gsm: fix reset fifo race condition (git-fixes).
- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes).
- tty: n_gsm: fix restart handling via CLD command (git-fixes).
- tty: n_gsm: fix software flow control handling (git-fixes).
- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes).
- tty: n_gsm: fix tty registration before control channel open (git-fixes).
- tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes).
- tty: n_gsm: fix wrong DLCI release order (git-fixes).
- tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
- tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
- tty: n_gsm: fix wrong command retry handling (git-fixes).
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes).
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes).
- tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
- tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
- tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: fsl_lpuart: correct the count of break characters (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tun: avoid double free in tun_free_netdev (git-fixes).
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes).
- tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
- uaccess: fix type mismatch warnings from access_ok() (git-fixes).
- ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
- ucounts: Fix rlimit max values check (git-fixes).
- ucounts: Fix systemd LimitNPROC with private users regression (git-fixes).
- ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
- ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
- udmabuf: add back sanity check (git-fixes).
- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes).
- usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
- usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes).
- usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
- usb: cdns3: fix random warning message when driver load (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes).
- usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
- usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes).
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes).
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
- usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes).
- usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
- usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
- usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
- usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Run unregister_netdev() before unbind() again (git-fixes).
- usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes).
- usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes).
- userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
- venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- vfio: Clear the caps->buf to NULL after free (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
- vsock/virtio: read the negotiated features before using VQs (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes).
- watch-queue: remove spurious double semicolon (git-fixes).
- watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
- watch_queue: Fix missing rcu annotation (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes).
- watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies).
- wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
- wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
- x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
- x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497).
- x86/sev: Save the negotiated GHCB version (bsc#1190497).
- xen/gntdev: fix unmap notification order (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
- xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
- xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes).
- xfs: fix use-after-free in xattr node block inactivation (git-fixes).
- xfs: fold perag loop iteration logic into helper function (git-fixes).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: only bother with sync_filesystem during readonly remount (git-fixes).
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
- xfs: rename the next_agno perag iteration variable (git-fixes).
- xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
- xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes).
- xfs: terminate perag iteration reliably on agcount (git-fixes).
- xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xfs: use setattr_copy to set vfs inode attributes (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
- xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
- xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
- xhci: dbc: refactor xhci_dbc_init() (git-fixes).
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
- zonefs: Clear inode information flags on inode creation (git-fixes).
- zonefs: Fix management of open zones (git-fixes).
- zonefs: add MODULE_ALIAS_FS (git-fixes).
The following package changes have been done:
- audit-3.0.6-150400.4.3.1 updated
- cups-config-2.2.7-150000.3.35.1 updated
- curl-7.79.1-150400.5.6.1 updated
- dracut-mkinitrd-deprecated-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- dracut-055+suse.294.gc5bc4bb5-150400.3.8.1 updated
- elfutils-0.185-150400.5.3.1 updated
- hwinfo-21.83-150400.3.6.1 updated
- kernel-default-5.14.21-150400.24.21.2 updated
- libasm1-0.185-150400.5.3.1 updated
- libblkid1-2.37.2-150400.8.3.1 updated
- libcups2-2.2.7-150000.3.35.1 updated
- libcurl4-7.79.1-150400.5.6.1 updated
- libdevmapper1_03-1.02.163-150400.17.3.1 updated
- libdw1-0.185-150400.5.3.1 updated
- libelf1-0.185-150400.5.3.1 updated
- libfdisk1-2.37.2-150400.8.3.1 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libgnutls30-3.7.3-150400.4.10.1 updated
- libldap-2_4-2-2.4.46-150200.14.11.2 updated
- libldap-data-2.4.46-150200.14.11.2 updated
- libmount1-2.37.2-150400.8.3.1 updated
- libopeniscsiusr0_2_0-2.1.7-150400.39.8.1 updated
- libprocps7-3.3.15-150000.7.25.1 updated
- libsmartcols1-2.37.2-150400.8.3.1 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libsystemd0-249.12-150400.8.10.1 updated
- libtirpc-netconfig-1.2.6-150300.3.11.1 updated
- libtirpc3-1.2.6-150300.3.11.1 updated
- libudev1-249.12-150400.8.10.1 updated
- libuuid1-2.37.2-150400.8.3.1 updated
- libyajl2-2.1.0-150000.4.3.1 updated
- libz1-1.2.11-150000.3.33.1 updated
- libzypp-17.31.0-150400.3.6.1 updated
- open-iscsi-2.1.7-150400.39.8.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- perl-5.26.1-150300.17.11.1 updated
- procps-3.3.15-150000.7.25.1 updated
- python3-iniconfig-1.1.1-150000.1.7.1 updated
- python3-pyOpenSSL-21.0.0-150400.3.3.1 updated
- python3-pytz-2022.1-150300.3.6.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- rsyslog-8.2106.0-150400.5.6.1 updated
- samba-client-libs-4.15.8+git.527.8d0c05d313e-150400.3.14.1 updated
- sysconfig-netconfig-0.85.9-150200.12.1 updated
- sysconfig-0.85.9-150200.12.1 updated
- system-group-audit-3.0.6-150400.4.3.1 updated
- systemd-presets-common-SUSE-15-150100.8.17.1 updated
- systemd-sysvinit-249.12-150400.8.10.1 updated
- systemd-249.12-150400.8.10.1 updated
- timezone-2022a-150000.75.10.1 updated
- udev-249.12-150400.8.10.1 updated
- util-linux-systemd-2.37.2-150400.8.3.1 updated
- util-linux-2.37.2-150400.8.3.1 updated
- vim-data-common-9.0.0313-150000.5.25.1 updated
- vim-9.0.0313-150000.5.25.1 updated
- zypper-1.14.55-150400.3.6.1 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:40:18 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:40:18 +0200 (CEST)
Subject: SUSE-CU-2022:2300-1: Security update of suse/sle15
Message-ID: <20220921074018.22B80F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2300-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.198
Container Release : 9.5.198
Severity : moderate
Type : security
References : 1189802 1195773 1201783 CVE-2021-36690 CVE-2022-35737
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:46:40 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:46:40 +0200 (CEST)
Subject: SUSE-CU-2022:2301-1: Security update of bci/bci-init
Message-ID: <20220921074640.207F4F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2301-1
Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.19.44
Container Release : 19.44
Severity : important
Type : security
References : 1189802 1195773 1201680 1201783 CVE-2021-36690 CVE-2021-46828
CVE-2022-35737
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-17.20.41 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:50:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:50:13 +0200 (CEST)
Subject: SUSE-CU-2022:2303-1: Security update of bci/dotnet-aspnet
Message-ID: <20220921075013.39159F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2303-1
Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-26.1 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-26.1
Container Release : 26.1
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:51:33 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:51:33 +0200 (CEST)
Subject: SUSE-CU-2022:2304-1: Security update of bci/dotnet-aspnet
Message-ID: <20220921075133.283B6F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2304-1
Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-21.1 , bci/dotnet-aspnet:6.0.8 , bci/dotnet-aspnet:6.0.8-21.1 , bci/dotnet-aspnet:latest
Container Release : 21.1
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:52:41 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:52:41 +0200 (CEST)
Subject: SUSE-CU-2022:2305-1: Security update of bci/dotnet-sdk
Message-ID: <20220921075241.5A99DF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2305-1
Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-34.1 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-34.1
Container Release : 34.1
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:53:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:53:51 +0200 (CEST)
Subject: SUSE-CU-2022:2306-1: Security update of bci/dotnet-sdk
Message-ID: <20220921075351.D9558F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2306-1
Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-23.1 , bci/dotnet-sdk:6.0.8 , bci/dotnet-sdk:6.0.8-23.1 , bci/dotnet-sdk:latest
Container Release : 23.1
Severity : important
Type : security
References : 1047178 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:54:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:54:57 +0200 (CEST)
Subject: SUSE-CU-2022:2307-1: Security update of bci/dotnet-runtime
Message-ID: <20220921075457.7BCF2F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2307-1
Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-46.30 , bci/dotnet-runtime:3.1.28 , bci/dotnet-runtime:3.1.28-46.30
Container Release : 46.30
Severity : important
Type : security
References : 1047178 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:56:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:56:07 +0200 (CEST)
Subject: SUSE-CU-2022:2308-1: Security update of bci/dotnet-runtime
Message-ID: <20220921075607.84DCAF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2308-1
Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-33.1 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-33.1
Container Release : 33.1
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:57:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:57:12 +0200 (CEST)
Subject: SUSE-CU-2022:2309-1: Security update of bci/dotnet-runtime
Message-ID: <20220921075712.6D099F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2309-1
Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-20.1 , bci/dotnet-runtime:6.0.8 , bci/dotnet-runtime:6.0.8-20.1 , bci/dotnet-runtime:latest
Container Release : 20.1
Severity : important
Type : security
References : 1047178 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 07:58:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 09:58:59 +0200 (CEST)
Subject: SUSE-CU-2022:2310-1: Security update of bci/golang
Message-ID: <20220921075859.E624EF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2310-1
Container Tags : bci/golang:1.16 , bci/golang:1.16-30.37
Container Release : 30.37
Severity : important
Type : security
References : 1047178 1199140 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- libatomic1-11.3.0+git1637-150000.1.11.2 updated
- libgomp1-11.3.0+git1637-150000.1.11.2 updated
- libitm1-11.3.0+git1637-150000.1.11.2 updated
- liblsan0-11.3.0+git1637-150000.1.11.2 updated
- libtsan0-11.3.0+git1637-150000.1.11.2 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:00:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:00:45 +0200 (CEST)
Subject: SUSE-CU-2022:2311-1: Security update of bci/golang
Message-ID: <20220921080045.AC53FF7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2311-1
Container Tags : bci/golang:1.17 , bci/golang:1.17-29.37
Container Release : 29.37
Severity : important
Type : security
References : 1047178 1199140 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- libatomic1-11.3.0+git1637-150000.1.11.2 updated
- libgomp1-11.3.0+git1637-150000.1.11.2 updated
- libitm1-11.3.0+git1637-150000.1.11.2 updated
- liblsan0-11.3.0+git1637-150000.1.11.2 updated
- libtsan0-11.3.0+git1637-150000.1.11.2 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:01:49 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:01:49 +0200 (CEST)
Subject: SUSE-CU-2022:2312-1: Security update of bci/golang
Message-ID: <20220921080149.EBE97F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2312-1
Container Tags : bci/golang:1.19 , bci/golang:1.19-2.35 , bci/golang:latest
Container Release : 2.35
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:02:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:02:51 +0200 (CEST)
Subject: SUSE-CU-2022:2313-1: Security update of bci/nodejs
Message-ID: <20220921080251.B2FFDF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2313-1
Container Tags : bci/node:16 , bci/node:16-9.35 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.35 , bci/nodejs:latest
Container Release : 9.35
Severity : important
Type : security
References : 1047178 1199140 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:05:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:05:07 +0200 (CEST)
Subject: SUSE-CU-2022:2314-1: Security update of bci/openjdk-devel
Message-ID: <20220921080507.2EB13F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2314-1
Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.72 , bci/openjdk-devel:latest
Container Release : 34.72
Severity : important
Type : security
References : 1047178 1189802 1195773 1201680 1201783 CVE-2017-6512 CVE-2021-36690
CVE-2021-46828 CVE-2022-35737
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:bci-openjdk-11-15.4-30.33 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:07:01 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:07:01 +0200 (CEST)
Subject: SUSE-CU-2022:2315-1: Security update of bci/openjdk
Message-ID: <20220921080701.5EADBF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2315-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-30.33 , bci/openjdk:latest
Container Release : 30.33
Severity : important
Type : security
References : 1189802 1195773 1201680 1201783 CVE-2021-36690 CVE-2021-46828
CVE-2022-35737
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:08:01 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:08:01 +0200 (CEST)
Subject: SUSE-CU-2022:2316-1: Security update of bci/python
Message-ID: <20220921080801.2ACD1F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2316-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.31
Container Release : 28.31
Severity : important
Type : security
References : 1047178 1189802 1195773 1201680 1201783 CVE-2017-6512 CVE-2021-36690
CVE-2021-46828 CVE-2022-35737
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 08:08:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 10:08:58 +0200 (CEST)
Subject: SUSE-CU-2022:2317-1: Security update of bci/rust
Message-ID: <20220921080858.27814F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2317-1
Container Tags : bci/rust:1.60 , bci/rust:1.60-5.31
Container Release : 5.31
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Wed Sep 21 16:20:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 18:20:42 +0200 (CEST)
Subject: SUSE-SU-2022:3325-1: important: Security update for go1.18
Message-ID: <20220921162042.E5981F78E@maintenance.suse.de>
SUSE Security Update: Security update for go1.18
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3325-1
Rating: important
References: #1193742 #1203185
Cross-References: CVE-2022-27664
CVSS scores:
CVE-2022-27664 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27664 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for go1.18 fixes the following issues:
Update to go version 1.18.6 (bsc#1193742):
- CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors
after sending GOAWAY (bsc#1203185).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3325=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3325=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3325=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3325=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.18-race-1.18.6-150000.1.31.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.18-race-1.18.6-150000.1.31.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):
go1.18-race-1.18.6-150000.1.31.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
go1.18-1.18.6-150000.1.31.1
go1.18-doc-1.18.6-150000.1.31.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
go1.18-race-1.18.6-150000.1.31.1
References:
https://www.suse.com/security/cve/CVE-2022-27664.html
https://bugzilla.suse.com/1193742
https://bugzilla.suse.com/1203185
From sle-security-updates at lists.suse.com Wed Sep 21 16:22:49 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 18:22:49 +0200 (CEST)
Subject: SUSE-SU-2022:3327-1: important: Security update for oniguruma
Message-ID: <20220921162249.8F57FF78E@maintenance.suse.de>
SUSE Security Update: Security update for oniguruma
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3327-1
Rating: important
References: #1142847 #1150130 #1157805 #1164550 #1164569
#1177179
Cross-References: CVE-2019-13224 CVE-2019-16163 CVE-2019-19203
CVE-2019-19204 CVE-2019-19246 CVE-2020-26159
CVSS scores:
CVE-2019-13224 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-13224 (SUSE): 6.6 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2019-16163 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-16163 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2019-19203 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19203 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19204 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19204 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19246 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-19246 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-26159 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVE-2020-26159 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular expression
matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a crafted
regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a string
search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling a
crafted regular expression, which could lead to denial of service
(bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling multiple
different encodings (bsc#1142847).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3327=1
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3327=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3327=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3327=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3327=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3327=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3327=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3327=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3327=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3327=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3327=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3327=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3327=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3327=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3327=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3327=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3327=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3327=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3327=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3327=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3327=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3327=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Manager Proxy 4.1 (x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
- SUSE CaaS Platform 4.0 (x86_64):
libonig4-6.7.0-150000.3.3.1
libonig4-debuginfo-6.7.0-150000.3.3.1
oniguruma-debugsource-6.7.0-150000.3.3.1
oniguruma-devel-6.7.0-150000.3.3.1
References:
https://www.suse.com/security/cve/CVE-2019-13224.html
https://www.suse.com/security/cve/CVE-2019-16163.html
https://www.suse.com/security/cve/CVE-2019-19203.html
https://www.suse.com/security/cve/CVE-2019-19204.html
https://www.suse.com/security/cve/CVE-2019-19246.html
https://www.suse.com/security/cve/CVE-2020-26159.html
https://bugzilla.suse.com/1142847
https://bugzilla.suse.com/1150130
https://bugzilla.suse.com/1157805
https://bugzilla.suse.com/1164550
https://bugzilla.suse.com/1164569
https://bugzilla.suse.com/1177179
From sle-security-updates at lists.suse.com Wed Sep 21 16:24:38 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 18:24:38 +0200 (CEST)
Subject: SUSE-SU-2022:3326-1: important: Security update for go1.19
Message-ID: <20220921162438.18C50F78E@maintenance.suse.de>
SUSE Security Update: Security update for go1.19
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3326-1
Rating: important
References: #1200441 #1203185 #1203186
Cross-References: CVE-2022-27664 CVE-2022-32190
CVSS scores:
CVE-2022-27664 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27664 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32190 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for go1.19 fixes the following issues:
Update to go version 1.19.1 (bsc#1200441):
- CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors
after sending GOAWAY (bsc#1203185).
- CVE-2022-32190: Fixed missing stripping of relative path components in
net/url JoinPath (bsc#1203186).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3326=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3326=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3326=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3326=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.1-150000.1.9.1
go1.19-doc-1.19.1-150000.1.9.1
- openSUSE Leap 15.4 (aarch64 x86_64):
go1.19-race-1.19.1-150000.1.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.1-150000.1.9.1
go1.19-doc-1.19.1-150000.1.9.1
- openSUSE Leap 15.3 (aarch64 x86_64):
go1.19-race-1.19.1-150000.1.9.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.1-150000.1.9.1
go1.19-doc-1.19.1-150000.1.9.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64):
go1.19-race-1.19.1-150000.1.9.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
go1.19-1.19.1-150000.1.9.1
go1.19-doc-1.19.1-150000.1.9.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64):
go1.19-race-1.19.1-150000.1.9.1
References:
https://www.suse.com/security/cve/CVE-2022-27664.html
https://www.suse.com/security/cve/CVE-2022-32190.html
https://bugzilla.suse.com/1200441
https://bugzilla.suse.com/1203185
https://bugzilla.suse.com/1203186
From sle-security-updates at lists.suse.com Wed Sep 21 19:19:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 21 Sep 2022 21:19:17 +0200 (CEST)
Subject: SUSE-SU-2022:3331-1: important: Security update for libconfuse0
Message-ID: <20220921191917.04D79F7C9@maintenance.suse.de>
SUSE Security Update: Security update for libconfuse0
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3331-1
Rating: important
References: #1203326
Cross-References: CVE-2022-40320
CVSS scores:
CVE-2022-40320 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-40320 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for HPC 12
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libconfuse0 fixes the following issues:
- CVE-2022-40320: Fixed a heap-based buffer over-read in cfg_tilde_expand
in confuse.c (bsc#1203326).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for HPC 12:
zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3331=1
Package List:
- SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64):
libconfuse-devel-2.8-3.6.1
libconfuse0-2.8-3.6.1
libconfuse0-debuginfo-2.8-3.6.1
libconfuse0-debugsource-2.8-3.6.1
- SUSE Linux Enterprise Module for HPC 12 (noarch):
libconfuse0-lang-2.8-3.6.1
References:
https://www.suse.com/security/cve/CVE-2022-40320.html
https://bugzilla.suse.com/1203326
From sle-security-updates at lists.suse.com Thu Sep 22 07:24:20 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 09:24:20 +0200 (CEST)
Subject: SUSE-CU-2022:2322-1: Security update of bci/dotnet-sdk
Message-ID: <20220922072420.3EFF7F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2322-1
Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-46.1 , bci/dotnet-sdk:3.1.29 , bci/dotnet-sdk:3.1.29-46.1
Container Release : 46.1
Severity : important
Type : security
References : 1047178 1201680 CVE-2017-6512 CVE-2021-46828
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Thu Sep 22 07:32:48 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 09:32:48 +0200 (CEST)
Subject: SUSE-CU-2022:2328-1: Security update of bci/golang
Message-ID: <20220922073248.511FDF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2328-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-16.34
Container Release : 16.34
Severity : important
Type : security
References : 1193742 1201680 1203185 CVE-2021-46828 CVE-2022-27664
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3325-1
Released: Wed Sep 21 12:28:17 2022
Summary: Security update for go1.18
Type: security
Severity: important
References: 1193742,1203185,CVE-2022-27664
This update for go1.18 fixes the following issues:
Update to go version 1.18.6 (bsc#1193742):
- CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- go1.18-1.18.6-150000.1.31.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Thu Sep 22 07:33:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 09:33:55 +0200 (CEST)
Subject: SUSE-CU-2022:2317-1: Security update of bci/rust
Message-ID: <20220922073355.7FE61F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2317-1
Container Tags : bci/rust:1.60 , bci/rust:1.60-5.31
Container Release : 5.31
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Thu Sep 22 07:34:36 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 09:34:36 +0200 (CEST)
Subject: SUSE-CU-2022:2329-1: Security update of bci/rust
Message-ID: <20220922073436.F06BEF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2329-1
Container Tags : bci/rust:1.62 , bci/rust:1.62-2.30 , bci/rust:latest
Container Release : 2.30
Severity : important
Type : security
References : 1201680 CVE-2021-46828
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- container:sles15-image-15.0.0-27.11.25 updated
From sle-security-updates at lists.suse.com Thu Sep 22 10:20:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 12:20:06 +0200 (CEST)
Subject: SUSE-SU-2022:3335-1: important: Security update for
cdi-apiserver-container, cdi-cloner-container, cdi-controller-container,
cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container,
cdi-uploadserver-container, containerized-data-importer
Message-ID: <20220922102006.EAE69F78E@maintenance.suse.de>
SUSE Security Update: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3335-1
Rating: important
References: #1200528
Cross-References: CVE-2022-1996
CVSS scores:
CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Containers 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cdi-apiserver-container, cdi-cloner-container,
cdi-controller-container, cdi-importer-container, cdi-operator-container,
cdi-uploadproxy-container, cdi-uploadserver-container,
containerized-data-importer fixes the following issues:
Update to version 1.43.2
- Release notes
https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.43.
2
Security issues fixed:
- CVE-2022-1996: Fixed CORS bypass in go-restful vendored dependency
(bsc#1200528)
Other fixes:
- Include additional tools used by cdi-importer: cdi-containerimage-server
cdi-source-update-poller
- Pack only cdi-{cr,operator}.yaml into the manifests RPM
- Install tar package (used for cloning filesystem PVCs)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3335=1
- SUSE Linux Enterprise Module for Containers 15-SP3:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-3335=1
Package List:
- openSUSE Leap 15.3 (x86_64):
containerized-data-importer-api-1.43.2-150300.8.9.3
containerized-data-importer-api-debuginfo-1.43.2-150300.8.9.3
containerized-data-importer-cloner-1.43.2-150300.8.9.3
containerized-data-importer-cloner-debuginfo-1.43.2-150300.8.9.3
containerized-data-importer-controller-1.43.2-150300.8.9.3
containerized-data-importer-controller-debuginfo-1.43.2-150300.8.9.3
containerized-data-importer-importer-1.43.2-150300.8.9.3
containerized-data-importer-importer-debuginfo-1.43.2-150300.8.9.3
containerized-data-importer-manifests-1.43.2-150300.8.9.3
containerized-data-importer-operator-1.43.2-150300.8.9.3
containerized-data-importer-operator-debuginfo-1.43.2-150300.8.9.3
containerized-data-importer-uploadproxy-1.43.2-150300.8.9.3
containerized-data-importer-uploadproxy-debuginfo-1.43.2-150300.8.9.3
containerized-data-importer-uploadserver-1.43.2-150300.8.9.3
containerized-data-importer-uploadserver-debuginfo-1.43.2-150300.8.9.3
obs-service-cdi_containers_meta-1.43.2-150300.8.9.3
- SUSE Linux Enterprise Module for Containers 15-SP3 (x86_64):
containerized-data-importer-manifests-1.43.2-150300.8.9.3
References:
https://www.suse.com/security/cve/CVE-2022-1996.html
https://bugzilla.suse.com/1200528
From sle-security-updates at lists.suse.com Thu Sep 22 10:20:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 12:20:47 +0200 (CEST)
Subject: SUSE-SU-2022:3333-1: important: Security update for kubevirt,
virt-api-container, virt-controller-container, virt-handler-container,
virt-launcher-container, virt-libguestfs-tools-container,
virt-operator-container
Message-ID: <20220922102047.EB378F78E@maintenance.suse.de>
SUSE Security Update: Security update for kubevirt, virt-api-container, virt-controller-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3333-1
Rating: important
References: #1199392 #1199460 #1199603 #1200528 #1202516
Cross-References: CVE-2022-1798 CVE-2022-1996 CVE-2022-29162
CVSS scores:
CVE-2022-1798 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2022-1798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-29162 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29162 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This update for kubevirt, virt-api-container, virt-controller-container,
virt-handler-container, virt-launcher-container,
virt-libguestfs-tools-container, virt-operator-container fixes the
following issues:
The kubevirt stack was updated to version 0.54.0
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v0.54.0
Security fixes:
- CVE-2022-1798: Fix arbitrary file read on the host from KubeVirt VMs
(bsc#1202516)
Security fixes in vendored dependencies:
- CVE-2022-1996: Fixed go-restful CORS bypass bsc#1200528)
- CVE-2022-29162: Fixed runc incorrect handling of inheritable
capabilities in default configuration (bsc#1199460)
- Fix containerdisk unmount logic
- Support topology spread constraints
- Update libvirt-go to fix memory leak
- Pack nft rules and nsswitch.conf for virt-handler
- Only create 1MiB-aligned disk images (bsc#1199603)
- Avoid to return nil failure message
- Use semantic equality comparison
- Drop kubevirt-psp-caasp.yaml
- Allow to configure utility containers for update test
- Symlink nsswitch.conf and nft rules to proper locations
- Drop unused package libvirt-client
- Install vim-small instead of vim
- Remove unneeded libvirt-daemon-driver-storage-core
- Install missing packages ethtool and gawk. Fixes bsc#1199392
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3333=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3333=1
Package List:
- openSUSE Leap 15.4 (x86_64):
kubevirt-container-disk-0.54.0-150400.3.3.2
kubevirt-container-disk-debuginfo-0.54.0-150400.3.3.2
kubevirt-manifests-0.54.0-150400.3.3.2
kubevirt-tests-0.54.0-150400.3.3.2
kubevirt-tests-debuginfo-0.54.0-150400.3.3.2
kubevirt-virt-api-0.54.0-150400.3.3.2
kubevirt-virt-api-debuginfo-0.54.0-150400.3.3.2
kubevirt-virt-controller-0.54.0-150400.3.3.2
kubevirt-virt-controller-debuginfo-0.54.0-150400.3.3.2
kubevirt-virt-handler-0.54.0-150400.3.3.2
kubevirt-virt-handler-debuginfo-0.54.0-150400.3.3.2
kubevirt-virt-launcher-0.54.0-150400.3.3.2
kubevirt-virt-launcher-debuginfo-0.54.0-150400.3.3.2
kubevirt-virt-operator-0.54.0-150400.3.3.2
kubevirt-virt-operator-debuginfo-0.54.0-150400.3.3.2
kubevirt-virtctl-0.54.0-150400.3.3.2
kubevirt-virtctl-debuginfo-0.54.0-150400.3.3.2
obs-service-kubevirt_containers_meta-0.54.0-150400.3.3.2
- SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64):
kubevirt-manifests-0.54.0-150400.3.3.2
kubevirt-virtctl-0.54.0-150400.3.3.2
kubevirt-virtctl-debuginfo-0.54.0-150400.3.3.2
References:
https://www.suse.com/security/cve/CVE-2022-1798.html
https://www.suse.com/security/cve/CVE-2022-1996.html
https://www.suse.com/security/cve/CVE-2022-29162.html
https://bugzilla.suse.com/1199392
https://bugzilla.suse.com/1199460
https://bugzilla.suse.com/1199603
https://bugzilla.suse.com/1200528
https://bugzilla.suse.com/1202516
From sle-security-updates at lists.suse.com Thu Sep 22 10:21:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 12:21:47 +0200 (CEST)
Subject: SUSE-SU-2022:3334-1: important: Security update for
cdi-apiserver-container, cdi-cloner-container, cdi-controller-container,
cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container,
cdi-uploadserver-container, containerized-data-importer
Message-ID: <20220922102147.2C58AF78E@maintenance.suse.de>
SUSE Security Update: Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3334-1
Rating: important
References: #1200528
Cross-References: CVE-2022-1996
CVSS scores:
CVE-2022-1996 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2022-1996 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Containers 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for cdi-apiserver-container, cdi-cloner-container,
cdi-controller-container, cdi-importer-container, cdi-operator-container,
cdi-uploadproxy-container, cdi-uploadserver-container,
containerized-data-importer fixes the following issues:
Update to version 1.51.0
- Release notes
https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.51.
0
Security issues fixed in vendored dependencies:
- CVE-2022-1996: Fixed CORS bypass (bsc#1200528)
- Include additional tools used by cdi-importer: cdi-containerimage-server
cdi-image-size-detection cdi-source-update-poller
- Pack only cdi-operator and cdi-cr release manifests
- Install tar for cloning filesystem PVCs
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3334=1
- SUSE Linux Enterprise Module for Containers 15-SP4:
zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-3334=1
Package List:
- openSUSE Leap 15.4 (x86_64):
containerized-data-importer-api-1.51.0-150400.4.3.1
containerized-data-importer-api-debuginfo-1.51.0-150400.4.3.1
containerized-data-importer-cloner-1.51.0-150400.4.3.1
containerized-data-importer-cloner-debuginfo-1.51.0-150400.4.3.1
containerized-data-importer-controller-1.51.0-150400.4.3.1
containerized-data-importer-controller-debuginfo-1.51.0-150400.4.3.1
containerized-data-importer-importer-1.51.0-150400.4.3.1
containerized-data-importer-importer-debuginfo-1.51.0-150400.4.3.1
containerized-data-importer-manifests-1.51.0-150400.4.3.1
containerized-data-importer-operator-1.51.0-150400.4.3.1
containerized-data-importer-operator-debuginfo-1.51.0-150400.4.3.1
containerized-data-importer-uploadproxy-1.51.0-150400.4.3.1
containerized-data-importer-uploadproxy-debuginfo-1.51.0-150400.4.3.1
containerized-data-importer-uploadserver-1.51.0-150400.4.3.1
containerized-data-importer-uploadserver-debuginfo-1.51.0-150400.4.3.1
obs-service-cdi_containers_meta-1.51.0-150400.4.3.1
- SUSE Linux Enterprise Module for Containers 15-SP4 (x86_64):
containerized-data-importer-manifests-1.51.0-150400.4.3.1
References:
https://www.suse.com/security/cve/CVE-2022-1996.html
https://bugzilla.suse.com/1200528
From sle-security-updates at lists.suse.com Thu Sep 22 13:21:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 15:21:46 +0200 (CEST)
Subject: SUSE-SU-2022:3252-2: moderate: Security update for freetype2
Message-ID: <20220922132146.D7336F78E@maintenance.suse.de>
SUSE Security Update: Security update for freetype2
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3252-2
Rating: moderate
References: #1198823 #1198830 #1198832
Cross-References: CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
CVSS scores:
CVE-2022-27404 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27404 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H
CVE-2022-27405 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27405 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-27406 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-27406 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface
(bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface
(bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface
(bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3252=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3252=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3252=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3252=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3252=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3252=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3252=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3252=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3252=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3252=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3252=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3252=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3252=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3252=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3252=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3252=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3252=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3252=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3252=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Manager Server 4.1 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Manager Proxy 4.1 (x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server for SAP 15 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
ftdump-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Enterprise Storage 7 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
- SUSE Enterprise Storage 6 (x86_64):
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
- SUSE CaaS Platform 4.0 (x86_64):
freetype2-debugsource-2.10.4-150000.4.12.1
freetype2-devel-2.10.4-150000.4.12.1
libfreetype6-2.10.4-150000.4.12.1
libfreetype6-32bit-2.10.4-150000.4.12.1
libfreetype6-32bit-debuginfo-2.10.4-150000.4.12.1
libfreetype6-debuginfo-2.10.4-150000.4.12.1
References:
https://www.suse.com/security/cve/CVE-2022-27404.html
https://www.suse.com/security/cve/CVE-2022-27405.html
https://www.suse.com/security/cve/CVE-2022-27406.html
https://bugzilla.suse.com/1198823
https://bugzilla.suse.com/1198830
https://bugzilla.suse.com/1198832
From sle-security-updates at lists.suse.com Thu Sep 22 19:19:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 21:19:16 +0200 (CEST)
Subject: SUSE-SU-2022:3339-1: moderate: Security update for ardana-ansible,
ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates,
openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova,
python-Django1, rabbitmq-server, rubygem-puma
Message-ID: <20220922191916.F0E36F78E@maintenance.suse.de>
SUSE Security Update: Security update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server, rubygem-puma
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3339-1
Rating: moderate
References: #1157665 #1164139 #1191454 #1197818 #1198398
#1201186 SOC-11662 SOC-8764
Cross-References: CVE-2019-11287 CVE-2020-1734 CVE-2021-39226
CVE-2022-24790 CVE-2022-28346 CVE-2022-34265
CVSS scores:
CVE-2019-11287 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-11287 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-1734 (NVD) : 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CVE-2020-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-24790 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-24790 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-28346 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28346 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-34265 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34265 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes 6 vulnerabilities, contains two
features is now available.
Description:
This update for ardana-ansible, ardana-cobbler, ardana-tempest, grafana,
openstack-heat-templates, openstack-horizon-plugin-gbp-ui,
openstack-neutron-gbp, openstack-nova, python-Django1, rabbitmq-server,
rubygem-puma fixes the following issues:
Security fixes included in this update:
ardana-ansible:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in
a pipe lookup plugin subprocess (SOC-11662, bnc#1164139). grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
rabbitmq-server:
- CVE-2019-11287: Fixed DoS via "X-Reason" HTTP Header in malicious Erlang
format string (bsc#1157665). rubygem-puma:
- CVE-2022-24790: Fixed HTTP request smuggling (bsc#1197818).
python-Django1:
- CVE-2022-28346: Fixed vulnerability allowing SQL injection in
QuerySet.annotate(),aggregate() and extra() (bsc#1198398).
- CVE-2022-34265: Fixed vulnerability allowing SQL injection via
Trunc(kind) and Extract(lookup_name) arguments (bsc#1201186). Bugfixes:
- Disabled two barbican tests (SOC-8764).
Non-security fixes included on this update:
Changes in ardana-ansible:
- Update to version 9.0+git.1660748476.c118d23:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 9.0+git.1660747489.119efcd:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-tempest:
- Update to version 9.0+git.1651855288.a2341ad:
* Disable two barbican tests (SOC-8764)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a7:
* doc: Comment out language option
Changes in openstack-horizon-plugin-gbp-ui:
- Update to version group-based-policy-ui-14.0.1.dev4:
* remove legacy servicechain code
Changes in openstack-neutron-gbp:
- Update to version group-based-policy-14.0.1.dev46:
* Remove logs 2014.2.rc1
- Update to version group-based-policy-14.0.1.dev45:
* FIP Status active after dissociate
- Update to version group-based-policy-14.0.1.dev43:
* fixed apic synchronization state for multiple erspan session
- Update to version group-based-policy-14.0.1.dev41:
* Remove\_legacy\_service\_chain\_code(2)
- Update to version group-based-policy-14.0.1.dev39:
* data-migrations spelling fixes 2014.2rc1
- Update to version group-based-policy-14.0.1.dev38:
* Adding support for address group feature in upstream
- Update to version group-based-policy-14.0.1.dev36:
* Add support for yoga 2014.2.rc1
- Update to version group-based-policy-14.0.1.dev35:
* Removed\_legacy\_service\_chain\_code 2014.2rc1
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in openstack-nova:
- Update to version nova-18.3.1.dev92:
* [stable-only] Drop lower-constraints job
Changes in python-Djanjo1:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and
extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in rubygem-puma:
- Add CVE-2022-24790 patch (bsc#1197818, CVE-2022-24790).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3339=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3339=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (noarch):
openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1
openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1
openstack-neutron-gbp-14.0.1~dev46-3.34.1
openstack-nova-18.3.1~dev92-3.43.1
openstack-nova-api-18.3.1~dev92-3.43.1
openstack-nova-cells-18.3.1~dev92-3.43.1
openstack-nova-compute-18.3.1~dev92-3.43.1
openstack-nova-conductor-18.3.1~dev92-3.43.1
openstack-nova-console-18.3.1~dev92-3.43.1
openstack-nova-novncproxy-18.3.1~dev92-3.43.1
openstack-nova-placement-api-18.3.1~dev92-3.43.1
openstack-nova-scheduler-18.3.1~dev92-3.43.1
openstack-nova-serialproxy-18.3.1~dev92-3.43.1
openstack-nova-vncproxy-18.3.1~dev92-3.43.1
python-Django1-1.11.29-3.40.1
python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1
python-neutron-gbp-14.0.1~dev46-3.34.1
python-nova-18.3.1~dev92-3.43.1
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
grafana-6.7.4-3.29.1
grafana-debuginfo-6.7.4-3.29.1
rabbitmq-server-3.6.16-4.3.1
rabbitmq-server-plugins-3.6.16-4.3.1
ruby2.1-rubygem-puma-2.16.0-4.18.1
ruby2.1-rubygem-puma-debuginfo-2.16.0-4.18.1
rubygem-puma-debugsource-2.16.0-4.18.1
- SUSE OpenStack Cloud 9 (noarch):
ardana-ansible-9.0+git.1660748476.c118d23-3.32.1
ardana-cobbler-9.0+git.1660747489.119efcd-3.19.1
ardana-tempest-9.0+git.1651855288.a2341ad-3.22.1
openstack-heat-templates-0.0.0+git.1654529662.75fa04a7-3.15.1
openstack-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1
openstack-neutron-gbp-14.0.1~dev46-3.34.1
openstack-nova-18.3.1~dev92-3.43.1
openstack-nova-api-18.3.1~dev92-3.43.1
openstack-nova-cells-18.3.1~dev92-3.43.1
openstack-nova-compute-18.3.1~dev92-3.43.1
openstack-nova-conductor-18.3.1~dev92-3.43.1
openstack-nova-console-18.3.1~dev92-3.43.1
openstack-nova-novncproxy-18.3.1~dev92-3.43.1
openstack-nova-placement-api-18.3.1~dev92-3.43.1
openstack-nova-scheduler-18.3.1~dev92-3.43.1
openstack-nova-serialproxy-18.3.1~dev92-3.43.1
openstack-nova-vncproxy-18.3.1~dev92-3.43.1
python-Django1-1.11.29-3.40.1
python-horizon-plugin-gbp-ui-14.0.1~dev4-3.12.1
python-neutron-gbp-14.0.1~dev46-3.34.1
python-nova-18.3.1~dev92-3.43.1
venv-openstack-heat-x86_64-11.0.4~dev4-3.37.1
venv-openstack-horizon-x86_64-14.1.1~dev11-4.41.1
venv-openstack-neutron-x86_64-13.0.8~dev206-6.41.1
venv-openstack-nova-x86_64-18.3.1~dev92-3.41.1
- SUSE OpenStack Cloud 9 (x86_64):
grafana-6.7.4-3.29.1
grafana-debuginfo-6.7.4-3.29.1
rabbitmq-server-3.6.16-4.3.1
rabbitmq-server-plugins-3.6.16-4.3.1
References:
https://www.suse.com/security/cve/CVE-2019-11287.html
https://www.suse.com/security/cve/CVE-2020-1734.html
https://www.suse.com/security/cve/CVE-2021-39226.html
https://www.suse.com/security/cve/CVE-2022-24790.html
https://www.suse.com/security/cve/CVE-2022-28346.html
https://www.suse.com/security/cve/CVE-2022-34265.html
https://bugzilla.suse.com/1157665
https://bugzilla.suse.com/1164139
https://bugzilla.suse.com/1191454
https://bugzilla.suse.com/1197818
https://bugzilla.suse.com/1198398
https://bugzilla.suse.com/1201186
From sle-security-updates at lists.suse.com Thu Sep 22 19:20:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 22 Sep 2022 21:20:57 +0200 (CEST)
Subject: SUSE-SU-2022:3338-1: moderate: Security update for ardana-ansible,
ardana-cobbler, grafana, openstack-heat-templates, openstack-murano,
python-Django, rabbitmq-server, rubygem-puma
Message-ID: <20220922192057.CE740F78E@maintenance.suse.de>
SUSE Security Update: Security update for ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates, openstack-murano, python-Django, rabbitmq-server, rubygem-puma
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3338-1
Rating: moderate
References: #1157665 #1191454 #1193597 #1197818 #1198398
#1201186 SOC-11662
Cross-References: CVE-2019-11287 CVE-2020-1734 CVE-2021-39226
CVE-2021-44716 CVE-2022-24790 CVE-2022-28346
CVE-2022-34265
CVSS scores:
CVE-2019-11287 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-11287 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-1734 (NVD) : 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CVE-2020-1734 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-44716 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-44716 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24790 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-24790 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-28346 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-28346 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-34265 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-34265 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
HPE Helion Openstack 8
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
______________________________________________________________________________
An update that fixes 7 vulnerabilities, contains one
feature is now available.
Description:
This update for ardana-ansible, ardana-cobbler, grafana,
openstack-heat-templates, openstack-murano, python-Django,
rabbitmq-server, rubygem-puma fixes the following issues:
Security updates included on this update:
ardana-ansible, ardana-cobbler, grafana, openstack-heat-templates,
openstack-murano, rabbitmq-server:
- CVE-2020-1734: Fixed vulnerability where shell was enabled by default in
a pipe lookup plugin subprocess. (SOC-11662, bnc#1164139)
- CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http.
(bsc#1193597)
- CVE-2019-11287: Fixed DoS via "X-Reason" HTTP Header in malicious Erlang
format string. (bsc#1157665)
grafana:
- CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454).
- CVE-2021-44716: Fixed uncontrolled memory consumption in go's net/http
(bsc#1193597).
python-Django:
- CVE-2022-28346: Fixed vulnerability that could lead to SQL injection in
QuerySet.annotate(),aggregate() and extra(). (bsc#1198398)
- CVE-2022-34265: Fixed vulnerability that could lead to SQL injection via
Trunc(kind) and Extract(lookup_name) arguments. (bsc#1201186)
rubygem puma:
- CVE-2022-24790: Fixed HTTP request smuggling vulnerability. (bsc#1197818)
Additional information about the this update:
Changes in ardana-ansible:
- Update to version 8.0+git.1660773729.3789a6d:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in ardana-cobbler:
- Update to version 8.0+git.1660773402.d845a45:
* Mitigate CVE-2020-1734 (SOC-11662)
Changes in grafana:
- Add CVE-2021-39226 patch (bsc#1191454, CVE-2021-39226)
* snapshot authentication bypass
- Bump Go to 1.16 (bsc#1193597, CVE-2021-44716)
* Fix Go net/http: limit growth of header canonicalization cache.
Changes in openstack-heat-templates:
- Update to version 0.0.0+git.1654529662.75fa04a:
* doc: Comment out language option
Changes in openstack-murano:
- Update to version murano-4.0.2.dev3:
* [stable-only] Remove periodic-stable-jobs template
Changes in openstack-murano:
- Update to version murano-4.0.2.dev3:
* [stable-only] Remove periodic-stable-jobs template
Changes in rabbitmq-server:
- add explanation-format patch to fix CVE-2019-11287 (bsc#1157665)
Changes in python-Django:
- Rename Django-1.11.29.tar.gz.asc to Django-1.11.29.tar.gz.checksums.txt
to avoid source_validator incorrectly trying to use it as a detached
signature file for the sources tarball.
- Remove unnecessary project.diff file.
- Add CVE-2022-28346 patch (bsc#1198398, CVE-2022-28346)
* Potential SQL injection in QuerySet.annotate(),aggregate() and
extra()
- Add CVE-2022-34265 patch (bsc#1201186, CVE-2022-34265)
* SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Changes in rubygem-puma:
- Add CVE-2022-24790: Fixed HTTP request smuggling vulnerability
(bsc#1197818).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-3338=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2022-3338=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2022-3338=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (x86_64):
grafana-6.7.4-4.23.1
grafana-debuginfo-6.7.4-4.23.1
rabbitmq-server-3.6.16-3.13.1
rabbitmq-server-plugins-3.6.16-3.13.1
ruby2.1-rubygem-puma-2.16.0-3.18.1
ruby2.1-rubygem-puma-debuginfo-2.16.0-3.18.1
rubygem-puma-debugsource-2.16.0-3.18.1
- SUSE OpenStack Cloud Crowbar 8 (noarch):
openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1
openstack-murano-4.0.2~dev3-3.12.1
openstack-murano-api-4.0.2~dev3-3.12.1
openstack-murano-doc-4.0.2~dev3-3.12.1
openstack-murano-engine-4.0.2~dev3-3.12.1
python-Django-1.11.29-3.42.1
python-murano-4.0.2~dev3-3.12.1
- SUSE OpenStack Cloud 8 (noarch):
ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1
ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1
openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1
openstack-murano-4.0.2~dev3-3.12.1
openstack-murano-api-4.0.2~dev3-3.12.1
openstack-murano-doc-4.0.2~dev3-3.12.1
openstack-murano-engine-4.0.2~dev3-3.12.1
python-Django-1.11.29-3.42.1
python-murano-4.0.2~dev3-3.12.1
venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1
venv-openstack-horizon-x86_64-12.0.5~dev6-14.48.1
venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1
- SUSE OpenStack Cloud 8 (x86_64):
grafana-6.7.4-4.23.1
grafana-debuginfo-6.7.4-4.23.1
rabbitmq-server-3.6.16-3.13.1
rabbitmq-server-plugins-3.6.16-3.13.1
- HPE Helion Openstack 8 (noarch):
ardana-ansible-8.0+git.1660773729.3789a6d-3.85.1
ardana-cobbler-8.0+git.1660773402.d845a45-3.47.1
openstack-heat-templates-0.0.0+git.1654529662.75fa04a-3.27.1
openstack-murano-4.0.2~dev3-3.12.1
openstack-murano-api-4.0.2~dev3-3.12.1
openstack-murano-doc-4.0.2~dev3-3.12.1
openstack-murano-engine-4.0.2~dev3-3.12.1
python-Django-1.11.29-3.42.1
python-murano-4.0.2~dev3-3.12.1
venv-openstack-heat-x86_64-9.0.8~dev22-12.45.1
venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.48.1
venv-openstack-murano-x86_64-4.0.2~dev3-12.38.1
- HPE Helion Openstack 8 (x86_64):
grafana-6.7.4-4.23.1
grafana-debuginfo-6.7.4-4.23.1
rabbitmq-server-3.6.16-3.13.1
rabbitmq-server-plugins-3.6.16-3.13.1
References:
https://www.suse.com/security/cve/CVE-2019-11287.html
https://www.suse.com/security/cve/CVE-2020-1734.html
https://www.suse.com/security/cve/CVE-2021-39226.html
https://www.suse.com/security/cve/CVE-2021-44716.html
https://www.suse.com/security/cve/CVE-2022-24790.html
https://www.suse.com/security/cve/CVE-2022-28346.html
https://www.suse.com/security/cve/CVE-2022-34265.html
https://bugzilla.suse.com/1157665
https://bugzilla.suse.com/1191454
https://bugzilla.suse.com/1193597
https://bugzilla.suse.com/1197818
https://bugzilla.suse.com/1198398
https://bugzilla.suse.com/1201186
From sle-security-updates at lists.suse.com Fri Sep 23 07:16:56 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:16:56 +0200 (CEST)
Subject: SUSE-CU-2022:2331-1: Security update of suse/sles/15.4/cdi-apiserver
Message-ID: <20220923071656.DD57EF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-apiserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2331-1
Container Tags : suse/sles/15.4/cdi-apiserver:1.43.0 , suse/sles/15.4/cdi-apiserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-apiserver:1.43.0.16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-apiserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:17:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:17:12 +0200 (CEST)
Subject: SUSE-CU-2022:2332-1: Security update of suse/sles/15.4/cdi-cloner
Message-ID: <20220923071712.A0EF7F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-cloner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2332-1
Container Tags : suse/sles/15.4/cdi-cloner:1.43.0 , suse/sles/15.4/cdi-cloner:1.43.0-150400.2.4 , suse/sles/15.4/cdi-cloner:1.43.0.16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-cloner was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:17:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:17:28 +0200 (CEST)
Subject: SUSE-CU-2022:2333-1: Security update of suse/sles/15.4/cdi-controller
Message-ID: <20220923071728.DC1C4F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2333-1
Container Tags : suse/sles/15.4/cdi-controller:1.43.0 , suse/sles/15.4/cdi-controller:1.43.0-150400.2.4 , suse/sles/15.4/cdi-controller:1.43.0.16.30
Container Release : 16.30
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-controller was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:17:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:17:50 +0200 (CEST)
Subject: SUSE-CU-2022:2334-1: Security update of suse/sles/15.4/cdi-importer
Message-ID: <20220923071750.B6B92F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-importer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2334-1
Container Tags : suse/sles/15.4/cdi-importer:1.43.0 , suse/sles/15.4/cdi-importer:1.43.0-150400.2.4 , suse/sles/15.4/cdi-importer:1.43.0.16.31
Container Release : 16.31
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-importer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- libnettle8-3.8.1-150500.1.6 updated
- libhogweed6-3.8.1-150500.1.6 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:18:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:18:06 +0200 (CEST)
Subject: SUSE-CU-2022:2335-1: Security update of suse/sles/15.4/cdi-operator
Message-ID: <20220923071806.C1362F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2335-1
Container Tags : suse/sles/15.4/cdi-operator:1.43.0 , suse/sles/15.4/cdi-operator:1.43.0-150400.2.4 , suse/sles/15.4/cdi-operator:1.43.0.16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:18:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:18:23 +0200 (CEST)
Subject: SUSE-CU-2022:2336-1: Security update of suse/sles/15.4/cdi-uploadproxy
Message-ID: <20220923071823.9D377F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2336-1
Container Tags : suse/sles/15.4/cdi-uploadproxy:1.43.0 , suse/sles/15.4/cdi-uploadproxy:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadproxy:1.43.0.16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-uploadproxy was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:18:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:18:43 +0200 (CEST)
Subject: SUSE-CU-2022:2337-1: Security update of
suse/sles/15.4/cdi-uploadserver
Message-ID: <20220923071843.766B0F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2337-1
Container Tags : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.2.4 , suse/sles/15.4/cdi-uploadserver:1.43.0.16.30
Container Release : 16.30
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/cdi-uploadserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- libnettle8-3.8.1-150500.1.6 updated
- libhogweed6-3.8.1-150500.1.6 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:19:01 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:19:01 +0200 (CEST)
Subject: SUSE-CU-2022:2338-1: Security update of suse/sles/15.4/virt-api
Message-ID: <20220923071901.C2A0FF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2338-1
Container Tags : suse/sles/15.4/virt-api:0.49.0 , suse/sles/15.4/virt-api:0.49.0-150400.1.37 , suse/sles/15.4/virt-api:0.49.0.16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/virt-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:19:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:19:19 +0200 (CEST)
Subject: SUSE-CU-2022:2339-1: Security update of suse/sles/15.4/virt-controller
Message-ID: <20220923071919.CA46CF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2339-1
Container Tags : suse/sles/15.4/virt-controller:0.49.0 , suse/sles/15.4/virt-controller:0.49.0-150400.1.37 , suse/sles/15.4/virt-controller:0.49.0.16.30
Container Release : 16.30
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:19:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:19:39 +0200 (CEST)
Subject: SUSE-CU-2022:2340-1: Security update of suse/sles/15.4/virt-handler
Message-ID: <20220923071939.F1764F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2340-1
Container Tags : suse/sles/15.4/virt-handler:0.49.0 , suse/sles/15.4/virt-handler:0.49.0-150400.1.37 , suse/sles/15.4/virt-handler:0.49.0.17.32
Container Release : 17.32
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/virt-handler was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- libnettle8-3.8.1-150500.1.6 updated
- libhogweed6-3.8.1-150500.1.6 updated
- libvirt-libs-8.7.0-150500.1.1 updated
- libvirt-client-8.7.0-150500.1.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:20:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:20:14 +0200 (CEST)
Subject: SUSE-CU-2022:2341-1: Security update of suse/sles/15.4/virt-launcher
Message-ID: <20220923072014.4D1C4F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2341-1
Container Tags : suse/sles/15.4/virt-launcher:0.49.0 , suse/sles/15.4/virt-launcher:0.49.0-150400.1.37 , suse/sles/15.4/virt-launcher:0.49.0.18.32
Container Release : 18.32
Severity : moderate
Type : security
References : 1047178 1198823 1198830 1198832 1199140 CVE-2017-6512 CVE-2022-27404
CVE-2022-27405 CVE-2022-27406
-----------------------------------------------------------------
The container suse/sles/15.4/virt-launcher was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- libnettle8-3.8.1-150500.1.6 updated
- perl-5.26.1-150300.17.11.1 updated
- libhogweed6-3.8.1-150500.1.6 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libvirt-libs-8.7.0-150500.1.1 updated
- libvirt-client-8.7.0-150500.1.1 updated
- libvirt-daemon-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-core-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-secret-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-qemu-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-nwfilter-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-nodedev-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-network-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-interface-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-scsi-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-rbd-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-mpath-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-logical-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-iscsi-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-iscsi-direct-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-disk-8.7.0-150500.1.1 updated
- libvirt-daemon-driver-storage-8.7.0-150500.1.1 updated
- libvirt-daemon-qemu-8.7.0-150500.1.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:20:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:20:43 +0200 (CEST)
Subject: SUSE-CU-2022:2342-1: Security update of
suse/sles/15.4/libguestfs-tools
Message-ID: <20220923072043.B78F9F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2342-1
Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.37 , suse/sles/15.4/libguestfs-tools:0.49.0.16.31
Container Release : 16.31
Severity : important
Type : security
References : 1023051 1032323 1047178 1065729 1156395 1190497 1194592 1194869
1194904 1195480 1195917 1196616 1197158 1197391 1197755 1197756
1197757 1197763 1198410 1198823 1198830 1198832 1198971 1199086
1199140 1199364 1199670 1200313 1200431 1200465 1200544 1200845
1200868 1200869 1200870 1200871 1200872 1200873 1201019 1201308
1201427 1201442 1201455 1201489 1201610 1201675 1201725 1201768
1201940 1201956 1201958 1202096 1202097 1202113 1202131 1202154
1202262 1202265 1202312 1202346 1202347 1202385 1202393 1202447
1202471 1202558 1202564 1202623 1202636 1202672 1202681 1202710
1202711 1202712 1202713 1202715 1202716 1202757 1202758 1202759
1202761 1202762 1202763 1202764 1202765 1202766 1202767 1202768
1202769 1202770 1202771 1202773 1202774 1202775 1202776 1202778
1202779 1202780 1202781 1202782 1202783 1202822 1202823 1202824
1202860 1202867 1202874 1202898 1203036 1203041 1203063 1203107
1203117 1203138 1203139 1203159 CVE-2016-3695 CVE-2017-6512 CVE-2020-36516
CVE-2021-33135 CVE-2021-4037 CVE-2022-20368 CVE-2022-20369 CVE-2022-2588
CVE-2022-2639 CVE-2022-2663 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406
CVE-2022-28356 CVE-2022-28693 CVE-2022-2873 CVE-2022-2905 CVE-2022-2938
CVE-2022-2959 CVE-2022-2977 CVE-2022-3028 CVE-2022-3078 CVE-2022-32250
CVE-2022-36879 CVE-2022-36946 CVE-2022-39188 CVE-2022-39190
-----------------------------------------------------------------
The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3252-1
Released: Mon Sep 12 09:07:53 2022
Summary: Security update for freetype2
Type: security
Severity: moderate
References: 1198823,1198830,1198832,CVE-2022-27404,CVE-2022-27405,CVE-2022-27406
This update for freetype2 fixes the following issues:
- CVE-2022-27404 Fixed a segmentation fault via a crafted typeface (bsc#1198830).
- CVE-2022-27405 Fixed a buffer overflow via a crafted typeface (bsc#1198832).
- CVE-2022-27406 Fixed a segmentation fault via a crafted typeface (bsc#1198823).
Non-security fixes:
- Updated to version 2.10.4
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3293-1
Released: Fri Sep 16 17:30:01 2022
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1023051,1032323,1065729,1156395,1190497,1194592,1194869,1194904,1195480,1195917,1196616,1197158,1197391,1197755,1197756,1197757,1197763,1198410,1198971,1199086,1199364,1199670,1200313,1200431,1200465,1200544,1200845,1200868,1200869,1200870,1200871,1200872,1200873,1201019,1201308,1201427,1201442,1201455,1201489,1201610,1201675,1201725,1201768,1201940,1201956,1201958,1202096,1202097,1202113,1202131,1202154,1202262,1202265,1202312,1202346,1202347,1202385,1202393,1202447,1202471,1202558,1202564,1202623,1202636,1202672,1202681,1202710,1202711,1202712,1202713,1202715,1202716,1202757,1202758,1202759,1202761,1202762,1202763,1202764,1202765,1202766,1202767,1202768,1202769,1202770,1202771,1202773,1202774,1202775,1202776,1202778,1202779,1202780,1202781,1202782,1202783,1202822,1202823,1202824,1202860,1202867,1202874,1202898,1203036,1203041,1203063,1203107,1203117,1203138,1203139,1203159,CVE-2016-3695,CVE-2020-36516,CVE-2021-33135,CVE-2021-4037,CVE-2022-20368,CVE-2022-20369,CVE-2022-
2588,CVE-2022-2639,CVE-2022-2663,CVE-2022-28356,CVE-2022-28693,CVE-2022-2873,CVE-2022-2905,CVE-2022-2938,CVE-2022-2959,CVE-2022-2977,CVE-2022-3028,CVE-2022-3078,CVE-2022-32250,CVE-2022-36879,CVE-2022-36946,CVE-2022-39188,CVE-2022-39190
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39190: Fixed an issue that was discovered in net/netfilter/nf_tables_api.c and could cause a denial of service upon binding to an already bound chain (bnc#1203117).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where a device driver can free a page while it still has stale TLB entries (bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where the message handling could be confused and incorrectly matches the message (bnc#1202097).
- CVE-2022-3078: Fixed a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c (bnc#1203041).
- CVE-2022-28356: Fixed a refcount leak bug that was found in net/llc/af_llc.c (bnc#1197391).
- CVE-2022-3028: Fixed race condition that was found in the IP framework for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip (bsc#1202672).
- CVE-2022-2938: Fixed a flaw that was found inside the Pressure Stall Information implementation that could have been used to allow an attacker to crash the system or have other memory-corruption side effects (bnc#1202623).
- CVE-2022-28693: Fixed x86/speculation behavior by disabling RRSBA (bsc#1201455).
- CVE-2021-33135: Fixed uncontrolled resource consumption inside Intel(R) SGX that may have allowed an authenticated user to potentially enable denial of service via local access (bnc#1199515).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-2959: Fixed a race condition that was found inside the watch queue due to a missing lock in pipe_resize_ring() (bnc#1202681 bnc#1202685).
- CVE-2022-36946: Fixed a denial of service (panic) inside nfqnl_mangle in net/netfilter/nfnetlink_queue.c (bnc#1201940 bnc#1201941 bnc#1202312 bnc#1202874).
- CVE-2021-4037: Fixed function logic vulnerability that allowed local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set (bnc#1198702).
- CVE-2022-2873: Fixed an out-of-bounds memory access flaw that was found in iSMT SMBus host controller driver (bnc#1202558).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in net/xfrm/xfrm_policy.c where a refcount could be dropped twice (bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg() (bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of v4l2-mem2mem.c (bnc#1202347).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in drivers/acpi/apei/einj.c that allowed users to simulate hardware errors and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where an attacker was able to inject data into or terminate a victim's TCP session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in net/netfilter/nf_tables_api.c that allowed a local user to became root (bnc#1200015).
The following non-security bugs were fixed:
- 9p: Fix refcounting during full path walks for fid lookups (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (git-fixes).
- 9p: fix fid refcount leak in v9fs_vfs_get_link (git-fixes).
- ACPI: APEI: Better fix to avoid spamming the console with old error logs (git-fixes).
- ACPI: APEI: explicit init of HEST and GHES in apci_init() (git-fixes).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- ACPI: EC: Drop the EC_FLAGS_IGNORE_DSDT_GPE quirk (git-fixes).
- ACPI: EC: Remove duplicate ThinkPad X1 Carbon 6th entry from DMI quirks (git-fixes).
- ACPI: LPSS: Fix missing check in register_device_clock() (git-fixes).
- ACPI: PM: save NVS memory for Lenovo G40-45 (git-fixes).
- ACPI: VIOT: Fix ACS setup (git-fixes).
- ACPI: processor/idle: Annotate more functions to live in cpuidle section (git-fixes).
- ACPI: processor: Remove freq Qos request for all CPUs (git-fixes).
- ACPI: property: Return type of acpi_add_nondev_subnodes() should be bool (git-fixes).
- ACPI: thermal: drop an always true check (git-fixes).
- ACPI: video: Force backlight native for some TongFang devices (git-fixes).
- ACPI: video: Shortening quirk list by identifying Clevo by board_name only (git-fixes).
- ALSA: bcd2000: Fix a UAF bug on the error path of probing (git-fixes).
- ALSA: hda/cirrus - support for iMac 12,1 model (git-fixes).
- ALSA: hda/conexant: Add quirk for LENOVO 20149 Notebook model (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6140 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP OMEN 15 (8786) mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50PU, NS70PU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NV45PZ (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Spectre x360 15-eb0xxx (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo Yoga9 14IAP7 (git-fixes).
- ALSA: hda/realtek: Add quirk for another Asus K42JZ model (git-fixes).
- ALSA: hda/realtek: Add speaker AMP init for Samsung laptops with ALC298 (git-fixes).
- ALSA: hda/sigmatel: Keep power up while beep is enabled (bsc#1200544).
- ALSA: hda: intel-nhlt: Correct the handling of fmt_config flexible array (git-fixes).
- ALSA: info: Fix llseek return value when using callback (git-fixes).
- ALSA: seq: Fix data-race at module auto-loading (git-fixes).
- ALSA: seq: oss: Fix data-race for max_midi_devs access (git-fixes).
- ALSA: usb-audio: Add endianness annotations (git-fixes).
- ALSA: usb-audio: Add quirk for Behringer UMC202HD (git-fixes).
- ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 (git-fixes).
- ALSA: usb-audio: More comprehensive mixer map for ASUS ROG Zenith II (git-fixes).
- ALSA: usb-audio: Support jack detection on Dell dock (git-fixes).
- ALSA: usb-audio: Turn off 'manual mode' on Dell dock (git-fixes).
- ARM: 9216/1: Fix MAX_DMA_ADDRESS overflow (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omap3xxx_prm_late_init (git-fixes).
- ARM: OMAP2+: Fix refcount leak in omapdss_init_of (git-fixes).
- ARM: OMAP2+: display: Fix refcount leak bug (git-fixes).
- ARM: OMAP2+: pdata-quirks: Fix refcount leak bug (git-fixes).
- ARM: bcm: Fix refcount leak in bcm_kona_smc_init (git-fixes).
- ARM: dts: BCM5301X: Add DT for Meraki MR26 (git-fixes).
- ARM: dts: ast2500-evb: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb-a1: fix board compatible (git-fixes).
- ARM: dts: ast2600-evb: fix board compatible (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: do not keep ldo2 enabled all the time (git-fixes).
- ARM: dts: at91: sama5d27_wlsom1: specify proper regulator output ranges (git-fixes).
- ARM: dts: at91: sama5d2_icp: do not keep vdd_other enabled all the time (git-fixes).
- ARM: dts: at91: sama5d2_icp: specify proper regulator output ranges (git-fixes).
- ARM: dts: imx6qdl-kontron-samx6i: remove duplicated node (git-fixes).
- ARM: dts: imx6ul: add missing properties for sram (git-fixes).
- ARM: dts: imx6ul: change operating-points to uint32-matrix (git-fixes).
- ARM: dts: imx6ul: fix csi node compatible (git-fixes).
- ARM: dts: imx6ul: fix keypad compatible (git-fixes).
- ARM: dts: imx6ul: fix lcdif node compatible (git-fixes).
- ARM: dts: imx6ul: fix qspi node compatible (git-fixes).
- ARM: dts: imx7d-colibri-emmc: add cpu1 supply (git-fixes).
- ARM: dts: qcom: mdm9615: add missing PMIC GPIO reg (git-fixes).
- ARM: dts: qcom: pm8841: add required thermal-sensor-cells (git-fixes).
- ARM: dts: qcom: sdx55: Fix the IRQ trigger type for UART (git-fixes).
- ARM: dts: uniphier: Fix USB interrupts for PXs2 SoC (git-fixes).
- ARM: findbit: fix overflowing offset (git-fixes).
- ARM: shmobile: rcar-gen2: Increase refcount for new reference (git-fixes).
- ASoC: SOF: debug: Fix potential buffer overflow by snprintf() (git-fixes).
- ASoC: audio-graph-card: Add of_node_put() in fail path (git-fixes).
- ASoC: codec: tlv320aic32x4: fix mono playback via I2S (git-fixes).
- ASoC: codecs: da7210: add check for i2c_add_driver (git-fixes).
- ASoC: codecs: msm8916-wcd-digital: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: codecs: wcd9335: move gains from SX_TLV to S8_TLV (git-fixes).
- ASoC: cros_ec_codec: Fix refcount leak in cros_ec_codec_platform_probe (git-fixes).
- ASoC: fsl-asoc-card: force cast the asrc_format type (git-fixes).
- ASoC: fsl_asrc: force cast the asrc_format type (git-fixes).
- ASoC: fsl_easrc: use snd_pcm_format_t type for sample_format (git-fixes).
- ASoC: imx-audmux: Silence a clang warning (git-fixes).
- ASoC: imx-card: Fix DSD/PDM mclk frequency (git-fixes).
- ASoC: imx-card: use snd_pcm_format_t type for asrc_format (git-fixes).
- ASoC: mchp-spdifrx: disable end of block interrupt on failures (git-fixes).
- ASoC: mt6359: Fix refcount leak bug (git-fixes).
- ASoC: mt6797-mt6351: Fix refcount leak in mt6797_mt6351_dev_probe (git-fixes).
- ASoC: qcom: Fix missing of_node_put() in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: q6dsp: Fix an off-by-one in q6adm_alloc_copp() (git-fixes).
- ASoC: rsnd: care default case on rsnd_ssiu_busif_err_irq_ctrl() (git-fixes).
- ASoC: samsung: Fix error handling in aries_audio_probe (git-fixes).
- ASoC: samsung: change gpiod_speaker_power and rx1950_audio from global to static variables (git-fixes).
- ASoC: samsung: change neo1973_audio from a global to static (git-fixes).
- ASoC: samsung: h1940_uda1380: include proepr GPIO consumer header (git-fixes).
- ASoC: tas2770: Allow mono streams (git-fixes).
- ASoC: tas2770: Drop conflicting set_bias_level power setting (git-fixes).
- ASoC: tas2770: Fix handling of mute/unmute (git-fixes).
- ASoC: tas2770: Set correct FSYNC polarity (git-fixes).
- Bluetooth: Add bt_skb_sendmmsg helper (git-fixes).
- Bluetooth: Add bt_skb_sendmsg helper (git-fixes).
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (git-fixes).
- Bluetooth: Fix passing NULL to PTR_ERR (git-fixes).
- Bluetooth: L2CAP: Fix build errors in some archs (git-fixes).
- Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put (git-fixes).
- Bluetooth: MGMT: Fixes build warnings with C=1 (git-fixes).
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (git-fixes).
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (git-fixes).
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04C5:0x1675 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x04CA:0x4007 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0CB8:0xC558 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3586 (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x13D3:0x3587 (git-fixes).
- Bluetooth: btusb: Add support of IMC Networks PID 0x3568 (git-fixes).
- Bluetooth: hci_bcm: Add BCM4349B1 variant (git-fixes).
- Bluetooth: hci_bcm: Add DT compatible for CYW55572 (git-fixes).
- Bluetooth: hci_intel: Add check for platform_driver_register (git-fixes).
- EDAC/ghes: Set the DIMM label unconditionally (bsc#1201768).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- HID: AMD_SFH: Add a DMI quirk entry for Chromebooks (git-fixes).
- HID: add Lenovo Yoga C630 battery quirk (git-fixes).
- HID: alps: Declare U1_UNICORN_LEGACY support (git-fixes).
- HID: amd_sfh: Add NULL check for hid device (git-fixes).
- HID: amd_sfh: Handle condition of 'no sensors' (git-fixes).
- HID: asus: ROG NKey: Ignore portion of 0x5a report (git-fixes).
- HID: cp2112: prevent a buffer overflow in cp2112_xfer() (git-fixes).
- HID: hid-input: add Surface Go battery quirk (git-fixes).
- HID: mcp2221: prevent a buffer overflow in mcp_smbus_write() (git-fixes).
- HID: multitouch: new device class fix Lenovo X12 trackpad sticky (git-fixes).
- HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report (git-fies).
- HID: thrustmaster: Add sparco wheel and fix array length (git-fixes).
- HID: wacom: Do not register pad_input for touch switch (git-fixes).
- HID: wacom: Only report rotation for art pen (git-fixes).
- Input: exc3000 - fix return value check of wait_for_completion_timeout (git-fixes).
- Input: gscps2 - check return value of ioremap() in gscps2_probe() (git-fixes).
- Input: i8042 - add TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - add additional TUXEDO devices to i8042 quirk tables (git-fies).
- Input: i8042 - merge quirk tables (git-fies).
- Input: i8042 - move __initconst to fix code styling warning (git-fies).
- Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag (git-fixes).
- Input: rk805-pwrkey - fix module autoloading (git-fixes).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KEYS: asymmetric: enforce SM2 signature use pkey algo (git-fixes).
- KVM: LAPIC: Also cancel preemption timer during SET_LAPIC (git-fixes).
- KVM: MMU: shadow nested paging does not have PKU (git-fixes).
- KVM: PPC: Book3S HV: Check return value of kvmppc_radix_init (bsc#1194869).
- KVM: PPC: Book3S HV: Prevent POWER7/8 TLB flush flushing SLB (bsc#1156395).
- KVM: PPC: Book3S HV: Remove kvmhv_p9_[set,restore]_lpcr declarations (bsc#1194869).
- KVM: PPC: Book3S HV: Use GLOBAL_TOC for kvmppc_h_set_dabr/xdabr() (bsc#1156395).
- KVM: PPC: Book3S HV: fix incorrect NULL check on list iterator (bsc#1194869).
- KVM: PPC: Book3s HV: Remove unused function kvmppc_bad_interrupt (bsc#1194869).
- KVM: PPC: Fix vmx/vsx mixup in mmio emulation (bsc#1156395).
- KVM: PPC: Use arch_get_random_seed_long instead of powernv variant (bsc#1156395).
- KVM: SVM: Do not BUG if userspace injects an interrupt with GIF=0 (git-fixes).
- KVM: SVM: Do not intercept #GP for SEV guests (git-fixes).
- KVM: SVM: Unwind 'speculative' RIP advancement if INTn injection 'fails' (git-fixes).
- KVM: SVM: fix panic on out-of-bounds guest IRQ (git-fixes).
- KVM: VMX: Print VM-instruction error as unsigned (git-fixes).
- KVM: VMX: prepare sync_pir_to_irr for running with APICv disabled (git-fixes).
- KVM: VMX: switch blocked_vcpu_on_cpu_lock to raw spinlock (git-fixes).
- KVM: X86: Use vcpu->arch.walk_mmu for kvm_mmu_invlpg() (git-fixes).
- KVM: X86: avoid uninitialized 'fault.async_page_fault' from fixed-up #PF (git-fixes).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 (bsc#1201442)
- KVM: nVMX: Defer APICv updates while L2 is active until L1 is active (git-fixes).
- KVM: nVMX: Inject #UD if VMXON is attempted with incompatible CR0/CR4 (git-fixes).
- KVM: nVMX: Let userspace set nVMX MSR to any _host_ supported value (git-fixes).
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter BNDCFGS for !nested_run_pending case (git-fixes).
- KVM: nVMX: Snapshot pre-VM-Enter DEBUGCTL for !nested_run_pending case (git-fixes).
- KVM: nVMX: Synthesize TRIPLE_FAULT for L2 if emulation is required (git-fixes).
- KVM: nVMX: do not use vcpu->arch.efer when checking host state on nested state load (git-fixes).
- KVM: selftests: Make sure kvm_create_max_vcpus test won't hit RLIMIT_NOFILE (git-fixes).
- KVM: selftests: Silence compiler warning in the kvm_page_table_test (git-fixes).
- KVM: x86/mmu: Do not freak out if pml5_root is NULL on 4-level host (git-fixes).
- KVM: x86/mmu: Move 'invalid' check out of kvm_tdp_mmu_get_root() (git-fixes).
- KVM: x86/mmu: Zap _all_ roots when unmapping gfn range in TDP MMU (git-fixes).
- KVM: x86/mmu: include EFER.LMA in extended mmu role (git-fixes).
- KVM: x86/mmu: make apf token non-zero to fix bug (git-fixes).
- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (git-fixes).
- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (git-fixes).
- KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated (git-fixes).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks (git-fixes).
- KVM: x86: SVM: do not passthrough SMAP/SMEP/PKE bits in !NPT && !gCR0.PG case (git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical #GP (git-fixes).
- KVM: x86: check PIR even for vCPUs with disabled APICv (git-fixes).
- KVM: x86: hyper-v: Drop redundant 'ex' parameter from kvm_hv_flush_tlb() (git-fixes).
- KVM: x86: ignore APICv if LAPIC is not enabled (git-fixes).
- KVM: x86: remove PMU FIXED_CTR3 from msrs_to_save_all (git-fixes).
- KVM: x86: revalidate steal time cache if MSR value changes (git-fixes).
- NFSD: Clamp WRITE offsets (git-fixes).
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (git-fixes).
- NFSD: Fix ia_size underflow (git-fixes).
- NFSD: Fix possible sleep during nfsd4_release_lockowner() (git-fixes).
- NFSD: prevent integer overflow on 32 bit systems (git-fixes).
- NFSD: prevent underflow in nfssvc_decode_writeargs() (git-fixes).
- NTB: ntb_tool: uninitialized heap data in tool_fn_write() (git-fixes).
- PCI/ACPI: Guard ARM64-specific mcfg_quirks (git-fixes).
- PCI/AER: Iterate over error counters instead of error strings (git-fixes).
- PCI/portdrv: Do not disable AER reporting in get_port_device_capability() (git-fixes).
- PCI: Add ACS quirk for Broadcom BCM5750x NICs (git-fixes).
- PCI: aardvark: Fix reporting Slot capabilities on emulated bridge (git-fixes).
- PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() (git-fixes).
- PCI: dwc: Always enable CDM check if 'snps,enable-cdm-check' exists (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- PCI: dwc: Disable outbound windows only for controllers using iATU (git-fixes).
- PCI: dwc: Set INCREASE_REGION_SIZE flag based on limit address (git-fixes).
- PCI: dwc: Stop link on host_init errors and de-initialization (git-fixes).
- PCI: endpoint: Do not stop controller when unbinding endpoint function (git-fixes).
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (bsc#1200845).
- PCI: microchip: Fix refcount leak in mc_pcie_init_irq_domains() (git-fixes).
- PCI: qcom: Power on PHY before IPQ8074 DBI register accesses (git-fixes).
- PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks (git-fixes).
- PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() (git-fixes).
- PCI: tegra194: Fix Root Port interrupt handling (git-fixes).
- PCI: tegra194: Fix link up retry sequence (git-fixes).
- PM: domains: Ensure genpd_debugfs_dir exists before remove (git-fixes).
- PM: hibernate: defer device probing when resuming from hibernation (git-fixes).
- SUNRPC: Fix NFSD's request deferral on RDMA transports (git-fixes).
- SUNRPC: Fix READ_PLUS crasher (git-fixes).
- SUNRPC: Prevent immediate close+reconnect (git-fixes).
- USB: Follow-up to SPDX GPL-2.0+ identifiers addition - remove now useless comments (git-fixes).
- USB: Follow-up to SPDX identifiers addition - remove now useless comments (git-fixes).
- USB: serial: ch314: use usb_control_msg_recv() (git-fixes).
- USB: serial: ch341: fix disabled rx timer on older devices (git-fixes).
- USB: serial: ch341: fix lost character on LCR updates (git-fixes).
- USB: serial: fix tty-port initialized comments (git-fixes).
- XArray: Update the LRU list in xas_split() (git-fixes).
- apparmor: Fix failed mount permission check error message (git-fixes).
- apparmor: Fix memleak in aa_simple_write_to_buffer() (git-fixes).
- apparmor: fix aa_label_asxprint return check (git-fixes).
- apparmor: fix absroot causing audited secids to begin with = (git-fixes).
- apparmor: fix overlapping attachment computation (git-fixes).
- apparmor: fix quiet_denied for file rules (git-fixes).
- apparmor: fix reference count leak in aa_pivotroot() (git-fixes).
- apparmor: fix setting unconfined mode on a loaded profile (git-fixes).
- arm64: Do not forget syscall when starting a new thread (git-fixes).
- arm64: Fix match_list for erratum 1286807 on Arm Cortex-A76 (git-fixes).
- arm64: cpufeature: Allow different PMU versions in ID_DFR0_EL1 (git-fixes).
- arm64: dts: allwinner: a64: orangepi-win: Fix LED node name (git-fixes).
- arm64: dts: mt7622: fix BPI-R64 WPS button (git-fixes).
- arm64: dts: mt8192: Fix idle-states entry-method (git-fixes).
- arm64: dts: mt8192: Fix idle-states nodes naming scheme (git-fixes).
- arm64: dts: qcom: ipq8074: fix NAND node name (git-fixes).
- arm64: dts: qcom: msm8916: Fix typo in pronto remoteproc node (git-fixes).
- arm64: dts: qcom: qcs404: Fix incorrect USB2 PHYs assignment (git-fixes).
- arm64: dts: qcom: sm8250: add missing PCIe PHY clock-cells (git-fixes).
- arm64: dts: renesas: Fix thermal-sensors on single-zone sensors (git-fixes).
- arm64: dts: renesas: beacon: Fix regulator node names (git-fixes).
- arm64: dts: uniphier: Fix USB interrupts for PXs3 SoC (git-fixes).
- arm64: fix oops in concurrently setting insn_emulation sysctls (git-fixes).
- arm64: fix rodata=full (git-fixes).
- arm64: kasan: Revert 'arm64: mte: reset the page tag in page->flags' (git-fixes).
- arm64: set UXN on swapper page tables (git-fixes).
- arm64: tegra: Fix SDMMC1 CD on P2888 (git-fixes).
- arm64: tegra: Fixup SYSRAM references (git-fixes).
- arm64: tegra: Mark BPMP channels as no-memory-wc (git-fixes).
- arm64: tegra: Update Tegra234 BPMP channel addresses (git-fixes).
- arm_pmu: Validate single/group leader events (git-fixes).
- asm-generic: remove a broken and needless ifdef conditional (git-fixes).
- asm-generic: sections: refactor memory_intersects (git-fixes).
- ata: libata-eh: Add missing command name (git-fixes).
- ath10k: do not enforce interrupt trigger type (git-fixes).
- ath11k: Fix incorrect debug_mask mappings (git-fixes).
- ath11k: fix netdev open race (git-fixes).
- atm: idt77252: fix use-after-free bugs caused by tst_timer (git-fixes).
- audit: fix potential double free on error path from fsnotify_add_inode_mark (git-fixes).
- ax25: Fix ax25 session cleanup problems (git-fixes).
- bitfield.h: Fix 'type of reg too small for mask' test (git-fixes).
- block: Fix fsync always failed if once failed (bsc#1202779).
- block: Fix wrong offset in bio_truncate() (bsc#1202780).
- block: fix rq-qos breakage from skipping rq_qos_done_bio() (bsc#1202781).
- block: only mark bio as tracked if it really is tracked (bsc#1202782).
- bnx2x: Invalidate fastpath HSI version for VFs (git-fixes).
- bnx2x: Utilize firmware 7.13.21.0 (git-fixes).
- btrfs: properly flag filesystem with BTRFS_FEATURE_INCOMPAT_BIG_METADATA (git-fixes).
- bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() (git-fixes).
- can: Break loopback loop on loopback documentation (git-fixes).
- can: ems_usb: fix clang's -Wunaligned-access warning (git-fixes).
- can: error: specify the values of data[5..7] of CAN error frames (git-fixes).
- can: hi311x: do not report txerr and rxerr during bus-off (git-fixes).
- can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once() (git-fixes).
- can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off (git-fixes).
- can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off (git-fixes).
- can: mcp251x: Fix race condition on receive interrupt (git-fixes).
- can: mcp251xfd: mcp251xfd_dump(): fix comment (git-fixes).
- can: netlink: allow configuring of fixed bit rates without need for do_set_bittiming callback (git-fixes).
- can: netlink: allow configuring of fixed data bit rates without need for do_set_data_bittiming callback (git-fixes).
- can: pch_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: pch_can: pch_can_error(): initialize errc before using it (git-fixes).
- can: rcar_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: sja1000: do not report txerr and rxerr during bus-off (git-fixes).
- can: sun4i_can: do not report txerr and rxerr during bus-off (git-fixes).
- can: usb_8dev: do not report txerr and rxerr during bus-off (git-fixes).
- ceph: do not leak snap_rwsem in handle_cap_grant (bsc#1202823).
- ceph: do not truncate file in atomic_open (bsc#1202824).
- ceph: use correct index when encoding client supported features (bsc#1202822).
- cfg80211/mac80211: assume CHECKSUM_COMPLETE includes SNAP (bsc#1202131).
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (bsc#1201610).
- cifs: fix reconnect on smb3 mount types (bsc#1201427).
- clk: bcm: rpi: Fix error handling of raspberrypi_fw_get_rate (git-fixes).
- clk: core: Fix runtime PM sequence in clk_core_unprepare() (git-fixes).
- clk: core: Honor CLK_OPS_PARENT_ENABLE for clk gate ops (git-fixes).
- clk: mediatek: reset: Fix written reset bit offset (git-fixes).
- clk: qcom: camcc-sdm845: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: camcc-sm8250: Fix halt on boot by reducing driver's init level (git-fixes).
- clk: qcom: camcc-sm8250: Fix topology around titan_top power domain (git-fixes).
- clk: qcom: clk-alpha-pll: fix clk_trion_pll_configure description (git-fixes).
- clk: qcom: clk-krait: unlock spin after mux completion (git-fixes).
- clk: qcom: clk-rcg2: Fail Duty-Cycle configuration if MND divider is not enabled (git-fixes).
- clk: qcom: clk-rcg2: Make sure to not write d=0 to the NMD register (git-fixes).
- clk: qcom: gcc-msm8939: Add missing SYSTEM_MM_NOC_BFDCD_CLK_SRC (git-fixes).
- clk: qcom: gcc-msm8939: Add missing system_mm_noc_bfdcd_clk_src (git-fixes).
- clk: qcom: gcc-msm8939: Fix bimc_ddr_clk_src rcgr base address (git-fixes).
- clk: qcom: gcc-msm8939: Fix weird field spacing in ftbl_gcc_camss_cci_clk (git-fixes).
- clk: qcom: gcc-msm8939: Point MM peripherals to system_mm_noc clock (git-fixes).
- clk: qcom: ipq8074: SW workaround for UBI32 PLL lock (git-fixes).
- clk: qcom: ipq8074: dont disable gcc_sleep_clk_src (git-fixes).
- clk: qcom: ipq8074: fix NSS core PLL-s (git-fixes).
- clk: qcom: ipq8074: fix NSS port frequency tables (git-fixes).
- clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks (git-fixes).
- clk: renesas: r9a06g032: Fix UART clkgrp bitsel (git-fixes).
- clk: ti: Stop using legacy clkctrl names for omap4 and 5 (git-fixes).
- configfs: fix a race in configfs_{,un}register_subsystem() (git-fixes).
- cpufreq: zynq: Fix refcount leak in zynq_get_revision (git-fixes).
- crypto: arm64/poly1305 - fix a read out-of-bound (git-fixes).
- crypto: ccp - During shutdown, check SEV data pointer before using (git-fixes).
- crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak (git-fixes).
- crypto: hisilicon - Kunpeng916 crypto driver do not sleep when in softirq (git-fixes).
- crypto: hisilicon/hpre - do not use GFP_KERNEL to alloc mem during softirq (git-fixes).
- crypto: hisilicon/sec - do not sleep when in softirq (git-fixes).
- crypto: hisilicon/sec - fix auth key size error (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of (git-fixes).
- crypto: sun8i-ss - do not allocate memory when handling hash requests (git-fixes).
- crypto: sun8i-ss - fix error codes in allocate_flows() (git-fixes).
- crypto: sun8i-ss - fix infinite loop in sun8i_ss_setup_ivs() (git-fixes).
- device property: Check fwnode->secondary when finding properties (git-fixes).
- devlink: Fix use-after-free after a failed reload (git-fixes).
- dm raid: fix KASAN warning in raid5_add_disks (git-fixes).
- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (git-fixes).
- dma-debug: make things less spammy under memory pressure (git-fixes).
- dmaengine: dw-axi-dmac: do not print NULL LLI during error (git-fixes).
- dmaengine: dw-axi-dmac: ignore interrupt if no descriptor (git-fixes).
- dmaengine: dw-edma: Fix eDMA Rd/Wr-channels and DMA-direction semantics (git-fixes).
- dmaengine: imx-dma: Cast of_device_get_match_data() with (uintptr_t) (git-fixes).
- dmaengine: sf-pdma: Add multithread support for a DMA channel (git-fixes).
- dmaengine: sprd: Cleanup in .remove() after pm_runtime_get_sync() failed (git-fixes).
- dmaengine: stm32-mdma: Remove dead code in stm32_mdma_irq_handler() (git-fixes).
- docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (git-fixes).
- docs: i2c: i2c-sysfs: fix hyperlinks (git-fixes).
- docs: zh_CN: fix a broken reference (git-fixes).
- dpaa2-eth: fix ethtool statistics (git-fixes).
- driver core: Do not probe devices after bus_type.match() probe deferral (git-fixes).
- driver core: fix potential deadlock in __driver_attach (git-fixes).
- drivers/iio: Remove all strcpy() uses (git-fixes).
- drivers: usb: dwc3-qcom: Add sdm660 compatible (git-fixes).
- drm/amd/amd_shared.h: Add missing doc for PP_GFX_DCS_MASK (git-fixes).
- drm/amd/display: Add option to defer works of hpd_rx_irq (git-fixes).
- drm/amd/display: Avoid MPC infinite loop (git-fixes).
- drm/amd/display: Check correct bounds for stream encoder instances for DCN303 (git-fixes).
- drm/amd/display: Enable building new display engine with KCOV enabled (git-fixes).
- drm/amd/display: Fix HDMI VSIF V3 incorrect issue (git-fixes).
- drm/amd/display: Fix pixel clock programming (git-fixes).
- drm/amd/display: Fix surface optimization regression on Carrizo (git-fixes).
- drm/amd/display: For stereo keep 'FLIP_ANY_FRAME' (git-fixes).
- drm/amd/display: Ignore First MST Sideband Message Return Error (git-fixes).
- drm/amd/display: Optimize bandwidth on following fast update (git-fixes).
- drm/amd/display: Reset DMCUB before HW init (git-fixes).
- drm/amd/display: Revert 'drm/amd/display: turn DPMS off on connector unplug' (git-fixes).
- drm/amd/display: avoid doing vm_init multiple time (git-fixes).
- drm/amd/display: clear optc underflow before turn off odm clock (git-fixes).
- drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid (git-fixes).
- drm/amdgpu: Check BO's requested pinning domains against its preferred_domains (git-fixes).
- drm/amdgpu: Increase tlb flush timeout for sriov (git-fixes).
- drm/amdgpu: Remove one duplicated ef removal (git-fixes).
- drm/amdgpu: remove useless condition in amdgpu_job_stop_all_jobs_on_sched() (git-fixes).
- drm/bridge: lt9611uxc: Cancel only driver's work (git-fixes).
- drm/bridge: tc358767: Fix (e)DP bridge endpoint parsing in dedicated function (git-fixes).
- drm/bridge: tc358767: Make sure Refclk clock are enabled (git-fixes).
- drm/bridge: tc358767: Move (e)DP bridge endpoint parsing into dedicated function (git-fixes).
- drm/doc: Fix comment typo (git-fixes).
- drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed (git-fixes).
- drm/gem: Properly annotate WW context on drm_gem_lock_reservations() error (git-fixes).
- drm/i915/display: avoid warnings when registering dual panel backlight (git-fixes).
- drm/i915/gt: Skip TLB invalidations once wedged (git-fixes).
- drm/i915/reg: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- drm/i915: fix null pointer dereference (git-fixes).
- drm/mcde: Fix refcount leak in mcde_dsi_bind (git-fixes).
- drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function (git-fixes).
- drm/mediatek: Allow commands to be sent during video mode (git-fixes).
- drm/mediatek: Keep dsi as LP00 before dcs cmds transfer (git-fixes).
- drm/mediatek: Modify dsi funcs to atomic operations (git-fixes).
- drm/mediatek: Separate poweron/poweroff from enable/disable and define new funcs (git-fixes).
- drm/mediatek: dpi: Only enable dpi after the bridge is enabled (git-fixes).
- drm/mediatek: dpi: Remove output format of YUV (git-fixes).
- drm/meson: Fix overflow implicit truncation warnings (git-fixes).
- drm/meson: Fix refcount bugs in meson_vpu_has_available_connectors() (git-fixes).
- drm/mipi-dbi: align max_chunk to 2 in spi_transfer (git-fixes).
- drm/msm/dp: delete DP_RECOVERED_CLOCK_OUT_EN to fix tps4 (git-fixes).
- drm/msm/dpu: Fix for non-visible planes (git-fixes).
- drm/msm/dsi: Fix number of regulators for SDM660 (git-fixes).
- drm/msm/dsi: Fix number of regulators for msm8996_dsi_cfg (git-fixes).
- drm/msm/dsi: fix the inconsistent indenting (git-fixes).
- drm/msm/hdmi: drop empty 'none' regulator lists (git-fixes).
- drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform (git-fixes).
- drm/msm/mdp5: Fix global state lock backoff (git-fixes).
- drm/msm: Avoid dirtyfb stalls on video mode displays (v2) (git-fixes).
- drm/msm: Fix dirtyfb refcounting (git-fixes).
- drm/nouveau/acpi: Do not print error when we get -EINPROGRESS from pm_runtime (git-fixes).
- drm/nouveau/kms: Fix failure path for creating DP connectors (git-fixes).
- drm/nouveau: Do not pm_runtime_put_sync(), only pm_runtime_put_autosuspend() (git-fixes).
- drm/nouveau: fix another off-by-one in nvbios_addr (git-fixes).
- drm/nouveau: recognise GA103 (git-fixes).
- drm/radeon: fix incorrrect SPDX-License-Identifiers (git-fixes).
- drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() (git-fixes).
- drm/rockchip: Fix an error handling path rockchip_dp_probe() (git-fixes).
- drm/rockchip: vop: Do not crash for invalid duplicate_state() (git-fixes).
- drm/shmem-helper: Add missing vunmap on error (git-fixes).
- drm/simpledrm: Fix return type of simpledrm_simple_display_pipe_mode_valid() (git-fixes).
- drm/st7735r: Fix module autoloading for Okaya RH128128T (git-fixes).
- drm/sun4i: dsi: Prevent underflow when computing packet sizes (git-fixes).
- drm/ttm: Fix dummy res NULL ptr deref bug (git-fixes).
- drm/udl: Add parameter to set number of URBs (bsc#1195917).
- drm/udl: Add reset_resume (bsc#1195917)
- drm/udl: Do not re-initialize stuff at retrying the URB list allocation (bsc#1195917).
- drm/udl: Drop unneeded alignment (bsc#1195917).
- drm/udl: Enable damage clipping (bsc#1195917).
- drm/udl: Fix inconsistent urbs.count value during udl_free_urb_list() (bsc#1195917).
- drm/udl: Fix potential URB leaks (bsc#1195917).
- drm/udl: Increase the default URB list size to 20 (bsc#1195917).
- drm/udl: Kill pending URBs at suspend and disconnect (bsc#1195917).
- drm/udl: Replace BUG_ON() with WARN_ON() (bsc#1195917).
- drm/udl: Replace semaphore with a simple wait queue (bsc#1195917).
- drm/udl: Restore display mode on resume (bsc#1195917)
- drm/udl: Suppress error print for -EPROTO at URB completion (bsc#1195917).
- drm/udl: Sync pending URBs at suspend / disconnect (bsc#1195917).
- drm/udl: Sync pending URBs at the end of suspend (bsc#1195917).
- drm/vc4: change vc4_dma_range_matches from a global to static (git-fixes).
- drm/vc4: drv: Adopt the dma configuration from the HVS or V3D component (git-fixes).
- drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration (git-fixes).
- drm/vc4: dsi: Correct DSI divider calculations (git-fixes).
- drm/vc4: dsi: Correct pixel order for DSI0 (git-fixes).
- drm/vc4: dsi: Fix dsi0 interrupt support (git-fixes).
- drm/vc4: dsi: Register dsi0 as the correct vc4 encoder type (git-fixes).
- drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes (git-fixes).
- drm/vc4: hdmi: Disable audio if dmas property is present but empty (git-fixes).
- drm/vc4: hdmi: Fix timings for interlaced modes (git-fixes).
- drm/vc4: hdmi: Reset HDMI MISC_CONTROL register (git-fixes).
- drm/vc4: plane: Fix margin calculations for the right/bottom edges (git-fixes).
- drm/vc4: plane: Remove subpixel positioning check (git-fixes).
- drm: adv7511: override i2c address of cec before accessing it (git-fixes).
- drm: bridge: adv7511: Add check for mipi_dsi_driver_register (git-fixes).
- drm: bridge: sii8620: fix possible off-by-one (git-fixes).
- dsa: mv88e6xxx: fix debug print for SPEED_UNFORCED (git-fixes).
- dt-bindings: arm: qcom: fix MSM8916 MTP compatibles (git-fixes).
- dt-bindings: arm: qcom: fix MSM8994 boards compatibles (git-fixes).
- dt-bindings: bluetooth: broadcom: Add BCM4349B1 DT binding (git-fixes).
- dt-bindings: clock: qcom,gcc-msm8996: add more GCC clock sources (git-fixes).
- dt-bindings: gpio: zynq: Add missing compatible strings (git-fixes).
- dt-bindings: iio: accel: Add DT binding doc for ADXL355 (git-fixes).
- dt-bindings: usb: mtk-xhci: Allow wakeup interrupt-names to be optional (git-fixes).
- eeprom: idt_89hpesx: uninitialized data in idt_dbgfs_csr_write() (git-fixes).
- erofs: fix deadlock when shrink erofs slab (git-fixes).
- ethernet: rocker: fix sleep in atomic context bug in neigh_timer_handler (git-fies).
- exfat: Define NLS_NAME_* as bit flags explicitly (bsc#1201725).
- exfat: Downgrade ENAMETOOLONG error message to debug messages (bsc#1201725).
- exfat: Drop superfluous new line for error messages (bsc#1201725).
- exfat: Expand exfat_err() and co directly to pr_*() macro (bsc#1201725).
- exfat: Return ENAMETOOLONG consistently for oversized paths (bsc#1201725).
- exfat: fix i_blocks for files truncated over 4 GiB (git-fixes).
- exfat: fix referencing wrong parent directory information after renaming (git-fixes).
- exfat: reuse exfat_inode_info variable instead of calling EXFAT_I() (git-fixes).
- exfat: use updated exfat_chain directly during renaming (git-fixes).
- export: fix string handling of namespace in EXPORT_SYMBOL_NS (git-fixes).
- ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755).
- ext4: add new helper interface ext4_try_to_trim_range() (bsc#1202783).
- ext4: add reserved GDT blocks check (bsc#1202712).
- ext4: do not use the orphan list when migrating an inode (bsc#1197756).
- ext4: fast commit may miss tracking unwritten range during ftruncate (bsc#1202759).
- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (bsc#1202771).
- ext4: fix a possible ABBA deadlock due to busy PA (bsc#1202762).
- ext4: fix bug_on in ext4_writepages (bsc#1200872).
- ext4: fix error handling in ext4_fc_record_modified_inode() (bsc#1202767).
- ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757).
- ext4: fix fallocate to use file_modified to update permissions consistently (bsc#1202769).
- ext4: fix fast commit may miss tracking range for FALLOC_FL_ZERO_RANGE (bsc#1202757).
- ext4: fix fs corruption when tring to remove a non-empty directory with IO error (bsc#1202768).
- ext4: fix incorrect type issue during replay_del_range (bsc#1202867).
- ext4: fix null-ptr-deref in '__ext4_journal_ensure_credits' (bsc#1202764).
- ext4: fix overhead calculation to account for the reserved gdt blocks (bsc#1200869).
- ext4: fix race when reusing xattr blocks (bsc#1198971).
- ext4: fix super block checksum incorrect after mount (bsc#1202773).
- ext4: fix symlink file size not match to file content (bsc#1200868).
- ext4: fix use-after-free in ext4_rename_dir_prepare (bsc#1200871).
- ext4: fix use-after-free in ext4_search_dir (bsc#1202710).
- ext4: fix warning in ext4_handle_inode_extension (bsc#1202711).
- ext4: force overhead calculation if the s_overhead_cluster makes no sense (bsc#1200870).
- ext4: initialize err_blk before calling __ext4_get_inode_loc (bsc#1202763).
- ext4: make sure quota gets properly shutdown on error (bsc#1195480).
- ext4: make sure to reset inode lockdep class when quota enabling fails (bsc#1202761).
- ext4: mark group as trimmed only if it was fully scanned (bsc#1202770).
- ext4: modify the logic of ext4_mb_new_blocks_simple (bsc#1202766).
- ext4: prevent used blocks from being allocated during fast commit replay (bsc#1202765).
- ext4: recover csum seed of tmp_inode after migrating to extents (bsc#1202713).
- ext4: remove EA inode entry from mbcache on inode eviction (bsc#1198971).
- ext4: unindent codeblock in ext4_xattr_block_set() (bsc#1198971).
- ext4: use ext4_ext_remove_space() for fast commit replay delete range (bsc#1202758).
- fat: add ratelimit to fat*_ent_bread() (git-fixes).
- fbcon: Fix boundary checks for fbcon=vc:n1-n2 parameters (git-fixes).
- fbdev: fb_pm2fb: Avoid potential divide by zero error (git-fixes).
- fbdev: fbcon: Properly revert changes when vc_resize() failed (git-fies).
- filemap: Handle sibling entries in filemap_get_read_batch() (bsc#1202774).
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (git-fixes).
- firmware: tegra: Fix error check return value of debugfs_create_file() (git-fixes).
- firmware: tegra: bpmp: Do only aligned access to IPC memory area (git-fixes).
- fix race between exit_itimers() and /proc/pid/timers (git-fixes).
- fpga: altera-pr-ip: fix unsigned comparison with less than zero (git-fixes).
- fs-writeback: writeback_sb_inodes: Recalculate 'wrote' according skipped pages (bsc#1200873).
- ftrace/x86: Add back ftrace_expected assignment (git-fixes).
- fuse: ioctl: translate ENOSYS (bsc#1203139).
- fuse: limit nsec (bsc#1203138).
- gadgetfs: ep_io - wait until IRQ finishes (git-fixes).
- geneve: do not use RT_TOS for IPv6 flowlabel (git-fixes).
- geneve: fix TOS inheriting for ipv4 (git-fixes).
- gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() (git-fixes).
- gpio: pca953x: Add mutex_lock for regcache sync in PM (git-fixes).
- habanalabs/gaudi: fix shift out of bounds (git-fixes).
- habanalabs/gaudi: mask constant value before cast (git-fixes).
- hwmon: (dell-smm) Add Dell XPS 13 7390 to fan control whitelist (git-fixes).
- hwmon: (drivetemp) Add module alias (git-fixes).
- hwmon: (gpio-fan) Fix array out of bounds access (git-fixes).
- hwmon: (sht15) Fix wrong assumptions in device remove callback (git-fixes).
- i2c: Fix a potential use after free (git-fixes).
- i2c: cadence: Support PEC for SMBus block read (git-fixes).
- i2c: imx: Make sure to unregister adapter on remove() (git-fixes).
- i2c: mux-gpmux: Add of_node_put() when breaking out of loop (git-fixes).
- i2c: mxs: Silence a clang warning (git-fixes).
- i2c: npcm: Capitalize the one-line comment (git-fixes).
- i2c: npcm: Correct slave role behavior (git-fixes).
- i2c: npcm: Remove own slave addresses 2:10 (git-fixes).
- ice: fix 'scheduling while atomic' on aux critical err interrupt (git-fixes).
- ieee80211: add EHT 1K aggregation definitions (bsc#1202131).
- ieee80211: change HE nominal packet padding value defines (bsc#1202131).
- ieee802154/adf7242: defer destroy_workqueue call (git-fixes).
- iio: accel: bma220: Fix alignment for DMA safety (git-fixes).
- iio: accel: bma400: Fix the scale min and max macro values (git-fixes).
- iio: accel: bma400: Reordering of header files (git-fixes).
- iio: accel: sca3000: Fix alignment for DMA safety (git-fixes).
- iio: accel: sca3300: Fix alignment for DMA safety (git-fixes).
- iio: ad7292: Prevent regulator double disable (git-fixes).
- iio: adc: ad7266: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7292: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7298: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7476: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7766: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7768-1: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7887: Fix alignment for DMA safety (git-fixes).
- iio: adc: ad7923: Fix alignment for DMA safety (git-fixes).
- iio: adc: hi8435: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2496: Fix alignment for DMA safety (git-fixes).
- iio: adc: ltc2497: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1027: Fix alignment for DMA safety (git-fixes).
- iio: adc: max11100: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1118: Fix alignment for DMA safety (git-fixes).
- iio: adc: max1241: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp320x: Fix alignment for DMA safety (git-fixes).
- iio: adc: mcp3911: make use of the sign bit (git-fixes).
- iio: adc: mcp3911: use correct formula for AD conversion (git-fixes).
- iio: adc: ti-adc0832: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc084s021: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc108s102: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc12138: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc128s052: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-adc161s626: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads124s08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads131e08: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads7950: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8344: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-ads8688: Fix alignment for DMA safety (git-fixes).
- iio: adc: ti-tlc4541: Fix alignment for DMA safety (git-fixes).
- iio: amplifiers: ad8366: Fix alignment for DMA safety (git-fixes).
- iio: common: ssp: Fix alignment for DMA safety (git-fixes).
- iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large (git-fixes).
- iio: dac: ad5064: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5360: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5421: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5449: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5504: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5755: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5761: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5764: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5766: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5770r: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad5791: Fix alignment for DMA saftey (git-fixes).
- iio: dac: ad7303: Fix alignment for DMA safety (git-fixes).
- iio: dac: ad8801: Fix alignment for DMA safety (git-fixes).
- iio: dac: mcp4922: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac082s085: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac5571: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7311: Fix alignment for DMA safety (git-fixes).
- iio: dac: ti-dac7612: Fix alignment for DMA safety (git-fixes).
- iio: fix iio_format_avail_range() printing for none IIO_VAL_INT (git-fixes).
- iio: frequency: ad9523: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4350: Fix alignment for DMA safety (git-fixes).
- iio: frequency: adf4371: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16080: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adis16130: Fix alignment for DMA safety (git-fixes).
- iio: gyro: adxrs450: Fix alignment for DMA safety (git-fixes).
- iio: gyro: fxas210002c: Fix alignment for DMA safety (git-fixes).
- iio: imu: fxos8700: Fix alignment for DMA safety (git-fixes).
- iio: light: isl29028: Fix the warning in isl29028_remove() (git-fixes).
- iio: potentiometer: ad5272: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: max5481: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp41010: Fix alignment for DMA safety (git-fixes).
- iio: potentiometer: mcp4131: Fix alignment for DMA safety (git-fixes).
- iio: proximity: as3935: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s1200: Fix alignment for DMA safety (git-fixes).
- iio: resolver: ad2s90: Fix alignment for DMA safety (git-fixes).
- iio: temp: ltc2983: Fix alignment for DMA safety (git-fixes).
- iio: temp: maxim_thermocouple: Fix alignment for DMA safety (git-fixes).
- inet_diag: fix kernel-infoleak for UDP sockets (git-fixes).
- intel_th: Fix a resource leak in an error handling path (git-fixes).
- intel_th: msu-sink: Potential dereference of null pointer (git-fixes).
- intel_th: msu: Fix vmalloced buffers (git-fixes).
- intel_th: pci: Add Meteor Lake-P support (git-fixes).
- intel_th: pci: Add Raptor Lake-S CPU support (git-fixes).
- intel_th: pci: Add Raptor Lake-S PCH support (git-fixes).
- interconnect: imx: fix max_node_id (git-fixes).
- io_uring: add a schedule point in io_add_buffers() (git-fixes).
- io_uring: terminate manual loop iterator loop correctly for non-vecs (git-fixes).
- iommu/amd: Clarify AMD IOMMUv2 initialization messages (git-fixes).
- iommu/amd: Enable swiotlb in all cases (git-fixes).
- iommu/amd: Fix I/O page table memory leak (git-fixes).
- iommu/amd: Recover from event log overflow (git-fixes).
- iommu/amd: Simplify and Consolidate Virtual APIC (AVIC) Enablement (git-fixes).
- iommu/arm-smmu-v3-sva: Fix mm use-after-free (git-fixes).
- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (git-fixes).
- iommu/arm-smmu: qcom_iommu: Add of_node_put() when breaking out of loop (git-fixes).
- iommu/dart: Add missing module owner to ops structure (git-fixes).
- iommu/dart: check return value after calling platform_get_resource() (git-fixes).
- iommu/exynos: Handle failed IOMMU device registration properly (git-fixes).
- iommu/iova: Improve 32-bit free space estimate (git-fixes).
- iommu/ipmmu-vmsa: Check for error num after setting mask (git-fixes).
- iommu/mediatek: Add list_del in mtk_iommu_remove (git-fixes).
- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (git-fixes).
- iommu/mediatek: Fix 2 HW sharing pgtable issue (git-fixes).
- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (git-fixes).
- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (git-fixes).
- iommu/msm: Fix an incorrect NULL check on list iterator (git-fixes).
- iommu/omap: Fix regression in probe for NULL pointer dereference (git-fixes).
- iommu/tegra-smmu: Fix missing put_device() call in tegra_smmu_find (git-fixes).
- iommu/vt-d: Acquiring lock in domain ID allocation helpers (bsc#1200301).
- iommu/vt-d: Calculate mask for non-aligned flushes (git-fixes).
- iommu/vt-d: Drop stop marker messages (git-fixes).
- iommu/vt-d: Fix PCI bus rescan device hot add (git-fixes).
- iommu/vt-d: Fix RID2PASID setup/teardown failure (git-fixes).
- iommu/vt-d: Make DMAR_UNITS_SUPPORTED default 1024 (bsc#1200301).
- iommu/vt-d: Refactor iommu information of each domain (bsc#1200301).
- iommu/vt-d: Remove global g_iommus array (bsc#1200301).
- iommu/vt-d: Remove intel_iommu::domains (bsc#1200301).
- iommu/vt-d: Remove unnecessary check in intel_iommu_add() (bsc#1200301).
- iommu/vt-d: Use IDA interface to manage iommu sequence id (bsc#1200301).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) (git-fixes).
- iommu: Fix potential use-after-free during probe (git-fixes).
- iov_iter: Fix iter_xarray_get_pages{,_alloc}() (git-fixes).
- iov_iter: fix build issue due to possible type mis-match (git-fixes).
- ipmi: fix initialization when workqueue allocation fails (git-fixes).
- irqchip/sifive-plic: Add missing thead,c900-plic match string (git-fixes).
- irqchip/tegra: Fix overflow implicit truncation warnings (git-fixes).
- iwlwifi/fw: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: ACPI: support revision 3 WGDS tables (bsc#1202131).
- iwlwifi: Add support for getting rf id with blank otp (bsc#1202131).
- iwlwifi: Add support for more BZ HWs (bsc#1202131).
- iwlwifi: BZ Family BUS_MASTER_DISABLE_REQ code duplication (bsc#1202131).
- iwlwifi: BZ Family SW reset support (bsc#1202131).
- iwlwifi: Configure FW debug preset via module param (bsc#1202131).
- iwlwifi: Fix FW name for gl (bsc#1202131).
- iwlwifi: Fix missing error code in iwl_pci_probe() (bsc#1202131).
- iwlwifi: Fix syntax errors in comments (bsc#1202131).
- iwlwifi: Make use of the helper macro LIST_HEAD() (bsc#1202131).
- iwlwifi: Read the correct addresses when getting the crf id (bsc#1202131).
- iwlwifi: Start scratch debug register for Bz family (bsc#1202131).
- iwlwifi: acpi: fix wgds rev 3 size (bsc#1202131).
- iwlwifi: acpi: move ppag code from mvm to fw/acpi (bsc#1202131).
- iwlwifi: add missing entries for Gf4 with So and SoF (bsc#1202131).
- iwlwifi: add new Qu-Hr device (bsc#1202131).
- iwlwifi: add new ax1650 killer device (bsc#1202131).
- iwlwifi: add new device id 7F70 (bsc#1202131).
- iwlwifi: add new pci SoF with JF (bsc#1202131).
- iwlwifi: add some missing kernel-doc in struct iwl_fw (bsc#1202131).
- iwlwifi: add support for BNJ HW (bsc#1202131).
- iwlwifi: add support for BZ-U and BZ-L HW (bsc#1202131).
- iwlwifi: add support for Bz-Z HW (bsc#1202131).
- iwlwifi: add vendor specific capabilities for some RFs (bsc#1202131).
- iwlwifi: advertise support for HE - DCM BPSK RX/TX (bsc#1202131).
- iwlwifi: allow rate-limited error messages (bsc#1202131).
- iwlwifi: api: fix struct iwl_wowlan_status_v7 kernel-doc (bsc#1202131).
- iwlwifi: api: remove ttl field from TX command (bsc#1202131).
- iwlwifi: api: remove unused RX status bits (bsc#1202131).
- iwlwifi: avoid variable shadowing (bsc#1202131).
- iwlwifi: avoid void pointer arithmetic (bsc#1202131).
- iwlwifi: bump FW API to 67 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 68 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 69 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 70 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 71 for AX devices (bsc#1202131).
- iwlwifi: bump FW API to 72 for AX devices (bsc#1202131).
- iwlwifi: cfg: add support for 1K BA queue (bsc#1202131).
- iwlwifi: dbg-tlv: clean up iwl_dbg_tlv_update_drams() (bsc#1202131).
- iwlwifi: dbg: add infra for tracking free buffer size (bsc#1202131).
- iwlwifi: dbg: check trigger data before access (bsc#1202131).
- iwlwifi: dbg: disable ini debug in 8000 family and below (bsc#1202131).
- iwlwifi: dbg: in sync mode do not call schedule (bsc#1202131).
- iwlwifi: dbg: treat dbgc allocation failure when tlv is missing (bsc#1202131).
- iwlwifi: dbg: treat non active regions as unsupported regions (bsc#1202131).
- iwlwifi: dbg_ini: Split memcpy() to avoid multi-field write (bsc#1202131).
- iwlwifi: de-const properly where needed (bsc#1202131).
- iwlwifi: debugfs: remove useless double condition (bsc#1202131).
- iwlwifi: do not dump_stack() when we get an unexpected interrupt (bsc#1202131).
- iwlwifi: do not use __unused as variable name (bsc#1202131).
- iwlwifi: drv: load tlv debug data earlier (bsc#1202131).
- iwlwifi: dump CSR scratch from outer function (bsc#1202131).
- iwlwifi: dump RCM error tables (bsc#1202131).
- iwlwifi: dump both TCM error tables if present (bsc#1202131).
- iwlwifi: dump host monitor data when NIC does not init (bsc#1202131).
- iwlwifi: dvm: use struct_size over open coded arithmetic (bsc#1202131).
- iwlwifi: eeprom: clean up macros (bsc#1202131).
- iwlwifi: fix LED dependencies (bsc#1202131).
- iwlwifi: fix debug TLV parsing (bsc#1202131).
- iwlwifi: fix fw/img.c license statement (bsc#1202131).
- iwlwifi: fix iwl_legacy_rate_to_fw_idx (bsc#1202131).
- iwlwifi: fix small doc mistake for iwl_fw_ini_addr_val (bsc#1202131).
- iwlwifi: fix various more -Wcast-qual warnings (bsc#1202131).
- iwlwifi: fw dump: add infrastructure for dump scrubbing (bsc#1202131).
- iwlwifi: fw: add support for splitting region type bits (bsc#1202131).
- iwlwifi: fw: api: add link to PHY context command struct v1 (bsc#1202131).
- iwlwifi: fw: correctly detect HW-SMEM region subtype (bsc#1202131).
- iwlwifi: fw: fix some scan kernel-doc (bsc#1202131).
- iwlwifi: fw: init SAR GEO table only if data is present (bsc#1202131).
- iwlwifi: fw: make dump_start callback void (bsc#1202131).
- iwlwifi: fw: remove dead error log code (bsc#1202131).
- iwlwifi: implement reset flow for Bz devices (bsc#1202131).
- iwlwifi: iwl-eeprom-parse: mostly dvm only (bsc#1202131).
- iwlwifi: make iwl_fw_lookup_cmd_ver() take a cmd_id (bsc#1202131).
- iwlwifi: make iwl_txq_dyn_alloc_dma() return the txq (bsc#1202131).
- iwlwifi: make some functions friendly to sparse (bsc#1202131).
- iwlwifi: move symbols into a separate namespace (bsc#1202131).
- iwlwifi: mvm/api: define system control command (bsc#1202131).
- iwlwifi: mvm: Add RTS and CTS flags to iwl_tx_cmd_flags (bsc#1202131).
- iwlwifi: mvm: Add list of OEMs allowed to use TAS (bsc#1202131).
- iwlwifi: mvm: Add support for a new version of scan request command (bsc#1202131).
- iwlwifi: mvm: Add support for new rate_n_flags in tx_cmd (bsc#1202131).
- iwlwifi: mvm: Consider P2P GO operation during scan (bsc#1202131).
- iwlwifi: mvm: Disable WiFi bands selectively with BIOS (bsc#1202131).
- iwlwifi: mvm: Do not fail if PPAG isn't supported (bsc#1202131).
- iwlwifi: mvm: Fix wrong documentation for scan request command (bsc#1202131).
- iwlwifi: mvm: Passively scan non PSC channels only when requested so (bsc#1202131).
- iwlwifi: mvm: Read acpi dsm to get channel activation bitmap (bsc#1202131).
- iwlwifi: mvm: Remove antenna c references (bsc#1202131).
- iwlwifi: mvm: Support new TX_RSP and COMPRESSED_BA_RES versions (bsc#1202131).
- iwlwifi: mvm: Support new rate_n_flags for REPLY_RX_MPDU_CMD and RX_NO_DATA_NOTIF (bsc#1202131).
- iwlwifi: mvm: Support new version of BEACON_TEMPLATE_CMD (bsc#1202131).
- iwlwifi: mvm: Support new version of ranging response notification (bsc#1202131).
- iwlwifi: mvm: Support version 3 of tlc_update_notif (bsc#1202131).
- iwlwifi: mvm: Unify the scan iteration functions (bsc#1202131).
- iwlwifi: mvm: Use all Rx chains for roaming scan (bsc#1202131).
- iwlwifi: mvm: add US/CA to TAS block list if OEM isn't allowed (bsc#1202131).
- iwlwifi: mvm: add a flag to reduce power command (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add additional info for boot info failures (bsc#1202131).
- iwlwifi: mvm: add dbg_time_point to debugfs (bsc#1202131).
- iwlwifi: mvm: add definitions for new rate & flags (bsc#1202131).
- iwlwifi: mvm: add lmac/umac PC info in case of error (bsc#1202131).
- iwlwifi: mvm: add missing min_size to kernel-doc (bsc#1202131).
- iwlwifi: mvm: add some missing command strings (bsc#1202131).
- iwlwifi: mvm: add support for 160Mhz in ranging measurements (bsc#1202131).
- iwlwifi: mvm: add support for CT-KILL notification version 2 (bsc#1202131).
- iwlwifi: mvm: add support for IMR based on platform (bsc#1202131).
- iwlwifi: mvm: add support for OCE scan (bsc#1202131).
- iwlwifi: mvm: add support for PHY context command v4 (bsc#1202131).
- iwlwifi: mvm: add support for statistics update version 15 (bsc#1202131).
- iwlwifi: mvm: allow enabling UHB TAS in the USA via ACPI setting (bsc#1202131).
- iwlwifi: mvm: always remove the session protection after association (bsc#1202131).
- iwlwifi: mvm: always store the PPAG table as the latest version (bsc#1202131).
- iwlwifi: mvm: always use 4K RB size by default (bsc#1202131).
- iwlwifi: mvm: change old-SN drop threshold (bsc#1202131).
- iwlwifi: mvm: clean up indenting in iwl_mvm_tlc_update_notif() (bsc#1202131).
- iwlwifi: mvm: convert old rate & flags to the new format (bsc#1202131).
- iwlwifi: mvm: correct sta-state logic for TDLS (bsc#1202131).
- iwlwifi: mvm: correctly set channel flags (bsc#1202131).
- iwlwifi: mvm: correctly set schedule scan profiles (bsc#1202131).
- iwlwifi: mvm: d3: move GTK rekeys condition (bsc#1202131).
- iwlwifi: mvm: d3: support v12 wowlan status (bsc#1202131).
- iwlwifi: mvm: d3: use internal data representation (bsc#1202131).
- iwlwifi: mvm: demote non-compliant kernel-doc header (bsc#1202131).
- iwlwifi: mvm: do not get address of mvm->fwrt just to dereference as a pointer (bsc#1202131).
- iwlwifi: mvm: do not send BAID removal to the FW during hw_restart (bsc#1202131).
- iwlwifi: mvm: do not trust hardware queue number (bsc#1202131).
- iwlwifi: mvm: drop too short packets silently (bsc#1202131).
- iwlwifi: mvm: extend session protection on association (bsc#1202131).
- iwlwifi: mvm: fix WGDS table print in iwl_mvm_chub_update_mcc() (bsc#1202131).
- iwlwifi: mvm: fix a stray tab (bsc#1202131).
- iwlwifi: mvm: fix condition which checks the version of rate_n_flags (bsc#1202131).
- iwlwifi: mvm: fix delBA vs. NSSN queue sync race (bsc#1202131).
- iwlwifi: mvm: fix ieee80211_get_he_iftype_cap() iftype (bsc#1202131).
- iwlwifi: mvm: fix off by one in iwl_mvm_stat_iterator_all_macs() (bsc#1202131).
- iwlwifi: mvm: fw: clean up hcmd struct creation (bsc#1202131).
- iwlwifi: mvm: handle RX checksum on Bz devices (bsc#1202131).
- iwlwifi: mvm: improve log when processing CSA (bsc#1202131).
- iwlwifi: mvm: isolate offload assist (checksum) calculation (bsc#1202131).
- iwlwifi: mvm: make iwl_mvm_reconfig_scd() static (bsc#1202131).
- iwlwifi: mvm: offload channel switch timing to FW (bsc#1202131).
- iwlwifi: mvm: only enable HE DCM if we also support TX (bsc#1202131).
- iwlwifi: mvm: optionally suppress assert log (bsc#1202131).
- iwlwifi: mvm: parse firmware alive message version 6 (bsc#1202131).
- iwlwifi: mvm: read 6E enablement flags from DSM and pass to FW (bsc#1202131).
- iwlwifi: mvm: reduce WARN_ON() in TX status path (bsc#1202131).
- iwlwifi: mvm: refactor iwl_mvm_sta_rx_agg() (bsc#1202131).
- iwlwifi: mvm: refactor setting PPE thresholds in STA_HE_CTXT_CMD (bsc#1202131).
- iwlwifi: mvm: remove card state notification code (bsc#1202131).
- iwlwifi: mvm: remove cipher scheme support (bsc#1202131).
- iwlwifi: mvm: remove csi from iwl_mvm_pass_packet_to_mac80211() (bsc#1202131).
- iwlwifi: mvm: remove iwl_mvm_disable_txq() flags argument (bsc#1202131).
- iwlwifi: mvm: remove session protection after auth/assoc (bsc#1202131).
- iwlwifi: mvm: remove session protection on disassoc (bsc#1202131).
- iwlwifi: mvm: remove session protection upon station removal (bsc#1202131).
- iwlwifi: mvm: rfi: handle deactivation notification (bsc#1202131).
- iwlwifi: mvm: rfi: update rfi table (bsc#1202131).
- iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (bsc#1202131).
- iwlwifi: mvm: scrub key material in firmware dumps (bsc#1202131).
- iwlwifi: mvm: set BT-coex high priority for 802.1X/4-way-HS (bsc#1202131).
- iwlwifi: mvm: set inactivity timeouts also for PS-poll (bsc#1202131).
- iwlwifi: mvm: starting from 22000 we have 32 Rx AMPDU sessions (bsc#1202131).
- iwlwifi: mvm: support Bz TX checksum offload (bsc#1202131).
- iwlwifi: mvm: support RLC configuration command (bsc#1202131).
- iwlwifi: mvm: support new BAID allocation command (bsc#1202131).
- iwlwifi: mvm: support revision 1 of WTAS table (bsc#1202131).
- iwlwifi: mvm: support v3 of station HE context command (bsc#1202131).
- iwlwifi: mvm: update BAID allocation command again (bsc#1202131).
- iwlwifi: mvm: update RFI TLV (bsc#1202131).
- iwlwifi: mvm: update definitions due to new rate & flags (bsc#1202131).
- iwlwifi: mvm: update rate scale in moving back to assoc state (bsc#1202131).
- iwlwifi: mvm: use a define for checksum flags mask (bsc#1202131).
- iwlwifi: mvm: use debug print instead of WARN_ON() (bsc#1202131).
- iwlwifi: nvm: Correct HE capability (bsc#1202131).
- iwlwifi: parse debug exclude data from firmware file (bsc#1202131).
- iwlwifi: parse error tables from debug TLVs (bsc#1202131).
- iwlwifi: pcie: Adapt rx queue write pointer for Bz family (bsc#1202131).
- iwlwifi: pcie: add jacket bit to device configuration parsing (bsc#1202131).
- iwlwifi: pcie: add support for MS devices (bsc#1202131).
- iwlwifi: pcie: adjust to Bz completion descriptor (bsc#1202131).
- iwlwifi: pcie: fix SW error MSI-X mapping (bsc#1202131).
- iwlwifi: pcie: fix constant-conversion warning (bsc#1202131).
- iwlwifi: pcie: fix killer name matching for AX200 (bsc#1202131).
- iwlwifi: pcie: iwlwifi: fix device id 7F70 struct (bsc#1202131).
- iwlwifi: pcie: make sure iwl_rx_packet_payload_len() will not underflow (bsc#1202131).
- iwlwifi: pcie: refactor dev_info lookup (bsc#1202131).
- iwlwifi: pcie: remove duplicate entry (bsc#1202131).
- iwlwifi: pcie: remove two duplicate PNJ device entries (bsc#1202131).
- iwlwifi: pcie: retake ownership after reset (bsc#1202131).
- iwlwifi: pcie: simplify iwl_pci_find_dev_info() (bsc#1202131).
- iwlwifi: pcie: support Bz suspend/resume trigger (bsc#1202131).
- iwlwifi: pcie: try to grab NIC access early (bsc#1202131).
- iwlwifi: pcie: update sw error interrupt for BZ family (bsc#1202131).
- iwlwifi: pnvm: print out the version properly (bsc#1202131).
- iwlwifi: prefer WIDE_ID() over iwl_cmd_id() (bsc#1202131).
- iwlwifi: propagate (const) type qualifier (bsc#1202131).
- iwlwifi: recognize missing PNVM data and then log filename (bsc#1202131).
- iwlwifi: remove MODULE_AUTHOR() statements (bsc#1202131).
- iwlwifi: remove command ID argument from queue allocation (bsc#1202131).
- iwlwifi: remove contact information (bsc#1202131).
- iwlwifi: remove deprecated broadcast filtering feature (bsc#1202131).
- iwlwifi: remove redundant iwl_finish_nic_init() argument (bsc#1202131).
- iwlwifi: remove unused DC2DC_CONFIG_CMD definitions (bsc#1202131).
- iwlwifi: remove unused iwlax210_2ax_cfg_so_hr_a0 structure (bsc#1202131).
- iwlwifi: remove unused macros (bsc#1202131).
- iwlwifi: rename CHANNEL_SWITCH_NOA_NOTIF to CHANNEL_SWITCH_START_NOTIF (bsc#1202131).
- iwlwifi: rename GEO_TX_POWER_LIMIT to PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1202131).
- iwlwifi: rs: add support for TLC config command ver 4 (bsc#1202131).
- iwlwifi: scan: Modify return value of a function (bsc#1202131).
- iwlwifi: support 4-bits in MAC step value (bsc#1202131).
- iwlwifi: support SAR GEO Offset Mapping override via BIOS (bsc#1202131).
- iwlwifi: support new queue allocation command (bsc#1202131).
- iwlwifi: swap 1650i and 1650s killer struct names (bsc#1202131).
- iwlwifi: tlc: Add logs in rs_fw_rate_init func to print TLC configuration (bsc#1202131).
- iwlwifi: use 4k queue size for Bz A-step (bsc#1202131).
- iwlwifi: yoyo: Avoid using dram data if allocation failed (bsc#1202131).
- iwlwifi: yoyo: add IMR DRAM dump support (bsc#1202131).
- iwlwifi: yoyo: disable IMR DRAM region if IMR is disabled (bsc#1202131).
- iwlwifi: yoyo: dump IMR DRAM only for HW and FW error (bsc#1202131).
- iwlwifi: yoyo: fix DBGC allocation flow (bsc#1202131).
- iwlwifi: yoyo: fix DBGI_SRAM ini dump header (bsc#1202131).
- iwlwifi: yoyo: fix issue with new DBGI_SRAM region read (bsc#1202131).
- iwlwifi: yoyo: fw debug config from context info and preset (bsc#1202131).
- iwlwifi: yoyo: send hcmd to fw after dump collection completes (bsc#1202131).
- iwlwifi: yoyo: support TLV-based firmware reset (bsc#1202131).
- iwlwifi: yoyo: support dump policy for the dump size (bsc#1202131).
- iwlwifi: yoyo: support for DBGC4 for dram (bsc#1202131).
- iwlwifi: yoyo: support for ROM usniffer (bsc#1202131).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1202775).
- jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted (bsc#1202716).
- jbd2: fix outstanding credits assert in jbd2_journal_commit_transaction() (bsc#1202715).
- kABI: scsi: libiscsi: fix removal of iscsi_create_conn (bsc#1198410).
- kabi/severities: Exclude ppc kvm
- kabi/severities: add Qlogic qed symbols
- kabi/severities: add drivers/scsi/hisi_sas for bsc#1202471
- kabi/severities: add hisilicon hns3 symbols
- kabi/severities: add microchip dsa drivers
- kabi/severities: ignore kABI changes in mwifiex drivers Those symbols are used only locally in mwifiex (sub-)modules.
- kabi/severities: octeontx2 driver (jsc#SLE-24682)
- kbuild: dummy-tools: avoid tmpdir leak in dummy gcc (git-fixes).
- kbuild: fix the modules order between drivers and libs (git-fixes).
- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (git-fixes).
- kcm: fix strp_init() order and cleanup (git-fies).
- kernel-binary: move @NOSOURCE@ to @SOURCES@ as in other packages
- kfifo: fix kfifo_to_user() return type (git-fixes).
- kselftest/cgroup: fix test_stress.sh to use OUTPUT dir (git-fixes).
- kselftest/vm: fix tests build with old libc (git-fixes).
- kselftest: Fix vdso_test_abi return status (git-fixes).
- kselftest: signal all child processes (git-fixes).
- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (git-fixes).
- l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu (git-fixes).
- landlock: Add clang-format exceptions (git-fixes).
- landlock: Change landlock_add_rule(2) argument check ordering (git-fixes).
- landlock: Change landlock_restrict_self(2) check ordering (git-fixes).
- landlock: Create find_rule() from unmask_layers() (git-fixes).
- landlock: Define access_mask_t to enforce a consistent access mask size (git-fixes).
- landlock: Fix landlock_add_rule(2) documentation (git-fixes).
- landlock: Fix same-layer rule unions (git-fixes).
- landlock: Format with clang-format (git-fixes).
- landlock: Reduce the maximum number of layers to 16 (git-fixes).
- landlock: Use square brackets around 'landlock-ruleset' (git-fixes).
- lib/list_debug.c: Detect uninitialized lists (git-fixes).
- lib/raid6/test: fix multiple definition linking error (git-fixes).
- lib/smp_processor_id: fix imbalanced instrumentation_end() call (git-fixes).
- lkdtm: Disable return thunks in rodata.c (bsc#1190497).
- lockdep: Correct lock_classes index mapping (git-fixes).
- locking/lockdep: Avoid potential access of invalid memory in lock_class (git-fixes).
- locking/lockdep: Fix lockdep_init_map_*() confusion (git-fixes).
- locking/lockdep: Iterate lock_classes directly when reading lockdep files (git-fixes).
- loop: Check for overflow while configuring loop (git-fies).
- loop: Use pr_warn_once() for loop_control_remove() warning (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- mac80211: fix a memory leak where sta_info is not freed (git-fixes).
- mac80211: introduce channel switch disconnect function (bsc#1202131).
- macsec: always read MACSEC_SA_ATTR_PN as a u64 (git-fixes).
- macsec: fix NULL deref in macsec_add_rxsa (git-fixes).
- macsec: fix error message in macsec_add_rxsa and _txsa (git-fixes).
- macsec: limit replay window size with XPN (git-fixes).
- marvell: octeontx2: build error: unknown type name 'u64' (jsc#SLE-24682).
- mbcache: add functions to delete entry if unused (bsc#1198971).
- mbcache: do not reclaim used entries (bsc#1198971).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- md/raid0: Ignore RAID0 layout if the second zone has only one device (git-fixes).
- md/raid1: fix missing bitmap update w/o WriteMostly devices (bsc#1203036).
- media: [PATCH] pci: atomisp_cmd: fix three missing checks on list iterator (git-fixes).
- media: atmel: atmel-sama7g5-isc: fix warning in configs without OF (git-fixes).
- media: cedrus: h265: Fix flag name (git-fixes).
- media: cedrus: hevc: Add check for invalid timestamp (git-fixes).
- media: driver/nxp/imx-jpeg: fix a unexpected return value problem (git-fixes).
- media: hantro: postproc: Fix motion vector space size (git-fixes).
- media: hdpvr: fix error value returns in hdpvr_read (git-fixes).
- media: hevc: Embedded indexes in RPS (git-fixes).
- media: imx-jpeg: Add pm-runtime support for imx-jpeg (git-fixes).
- media: imx-jpeg: use NV12M to represent non contiguous NV12 (git-fixes).
- media: pvrusb2: fix memory leak in pvr_probe (git-fixes).
- media: tw686x: Fix memory leak in tw686x_video_init (git-fixes).
- media: tw686x: Register the irq at the end of probe (git-fixes).
- media: v4l2-mem2mem: prevent pollerr when last_buffer_dequeued is set (git-fixes).
- mediatek: mt76: eeprom: fix missing of_node_put() in mt76_find_power_limits_node() (git-fixes).
- mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() (git-fixes).
- memstick/ms_block: Fix a memory leak (git-fixes).
- memstick/ms_block: Fix some incorrect memory allocation (git-fixes).
- meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init (git-fixes).
- mfd: max77620: Fix refcount leak in max77620_initialise_fps (git-fixes).
- mfd: t7l66xb: Drop platform disable callback (git-fixes).
- minix: fix bug when opening a file with O_DIRECT (git-fixes).
- misc: fastrpc: fix memory corruption on open (git-fixes).
- misc: fastrpc: fix memory corruption on probe (git-fixes).
- misc: rtsx: Fix an error handling path in rtsx_pci_probe() (git-fixes).
- mkspec: eliminate @NOSOURCE@ macro This should be alsways used with @SOURCES@, just include the content there.
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse (git-fixes).
- mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763).
- mm: memcontrol: fix potential oom_lock recursion deadlock (bsc#1202447).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes, bsc#1203159).
- mmc: block: Add single read for 4k sector cards (git-fixes).
- mmc: cavium-octeon: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: cavium-thunderx: Add of_node_put() when breaking out of loop (git-fixes).
- mmc: core: Fix UHS-I SD 1.8V workaround branch (git-fixes).
- mmc: meson-gx: Fix an error handling path in meson_mmc_probe() (git-fixes).
- mmc: mxcmmc: Silence a clang warning (git-fixes).
- mmc: pxamci: Fix an error handling path in pxamci_probe() (git-fixes).
- mmc: pxamci: Fix another error handling path in pxamci_probe() (git-fixes).
- mmc: renesas_sdhi: Get the reset handle early in the probe (git-fixes).
- mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R (git-fixes).
- mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch (git-fixes).
- mmc: tmio: avoid glitches when resetting (git-fixes).
- msft-hv-2570-hv_netvsc: Add support for XDP_REDIRECT (bsc#1199364).
- mt76: mt7615: do not update pm stats in case of error (git-fixes).
- mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg (git-fixes).
- mt76: mt7921: enlarge maximum VHT MPDU length to 11454 (git-fixes).
- mt76: mt7921: fix aggregation subframes setting to HE max (git-fixes).
- mtd: dataflash: Add SPI ID table (git-fixes).
- mtd: maps: Fix refcount leak in ap_flash_init (git-fixes).
- mtd: maps: Fix refcount leak in of_flash_probe_versatile (git-fixes).
- mtd: parsers: ofpart: Fix refcount leak in bcm4908_partitions_fw_offset (git-fixes).
- mtd: partitions: Fix refcount leak in parse_redboot_of (git-fixes).
- mtd: rawnand: arasan: Fix clock rate in NV-DDR (git-fixes).
- mtd: rawnand: arasan: Update NAND bus clock instead of system clock (git-fixes).
- mtd: rawnand: gpmi: Set WAIT_FOR_READY timeout based on program/erase times (git-fixes).
- mtd: rawnand: gpmi: validate controller clock rate (git-fixes).
- mtd: rawnand: meson: Fix a potential double free issue (git-fixes).
- mtd: sm_ftl: Fix deadlock caused by cancel_work_sync in sm_release (git-fixes).
- mtd: spi-nor: fix spi_nor_spimem_setup_op() call in spi_nor_erase_{sector,chip}() (git-fixes).
- mtd: st_spi_fsm: Add a clk_disable_unprepare() in .probe()'s error path (git-fixes).
- musb: fix USB_MUSB_TUSB6010 dependency (git-fixes).
- mwifiex: Ignore BTCOEX events from the 88W8897 firmware (git-fixes).
- n_gsm: remove unused parameters from gsm_error() (git-fixes).
- net: asix: fix 'can't send until first packet is send' issue (git-fixes).
- net: bcmgenet: Use stronger register read/writes to assure ordering (git-fixes).
- net: dsa: b53: Add SPI ID table (git-fixes).
- net: dsa: felix: Fix memory leak in felix_setup_mmio_filtering (git-fixes).
- net: dsa: felix: purge skb from TX timestamping queue if it cannot be sent (git-fies).
- net: dsa: hellcreek: Add STP forwarding rule (git-fixes).
- net: dsa: hellcreek: Add missing PTP via UDP rules (git-fixes).
- net: dsa: hellcreek: Allow PTP P2P measurements on blocked ports (git-fixes).
- net: dsa: hellcreek: Fix insertion of static FDB entries (git-fixes).
- net: dsa: microchip: implement multi-bridge support (git-fixes).
- net: dsa: mv88e6xxx: Add fix for erratum 5.2 of 88E6393X family (git-fixes).
- net: dsa: mv88e6xxx: Drop unnecessary check in mv88e6393x_serdes_erratum_4_6() (git-fixes).
- net: dsa: mv88e6xxx: Enable port policy support on 6097 (git-fixes).
- net: dsa: mv88e6xxx: Fix application of erratum 4.8 for 88E6393X (git-fixes).
- net: dsa: mv88e6xxx: Fix inband AN for 2500base-x on 88E6393X family (git-fixes).
- net: dsa: mv88e6xxx: Link in pcs_get_state() if AN is bypassed (git-fixes).
- net: dsa: mv88e6xxx: Save power by disabling SerDes trasmitter and receiver (git-fixes).
- net: dsa: mv88e6xxx: Unforce speed & duplex in mac_link_down() (git-fixes).
- net: dsa: mv88e6xxx: allow use of PHYs on CPU and DSA ports (git-fixes).
- net: dsa: mv88e6xxx: error handling for serdes_power functions (git-fixes).
- net: dsa: mv88e6xxx: fix 'do not use PHY_DETECT on internal PHY's' (git-fixes).
- net: dsa: ocelot: seville: utilize of_mdiobus_register (git-fixes).
- net: dsa: qca8k: fix MTU calculation (git-fixes).
- net: dsa: seville: register the mdiobus under devres (git-fixes).
- net: dsa: tag_ocelot_8021q: break circular dependency with ocelot switch lib (git-fies).
- net: enetc: report software timestamping via SO_TIMESTAMPING (git-fixes).
- net: hns3: clean residual vf config after disable sriov (git-fixes).
- net: macsec: fix potential resource leak in macsec_add_rxsa() and macsec_add_txsa() (git-fixes).
- net: marvell: prestera: fix incorrect structure access (git-fixes).
- net: mscc: ocelot: correctly report the timestamping RX filters in ethtool (git-fixes).
- net: mscc: ocelot: create a function that replaces an existing VCAP filter (git-fixes).
- net: mscc: ocelot: do not dereference NULL pointers with shared tc filters (git-fixes).
- net: mscc: ocelot: do not downgrade timestamping RX filters in SIOCSHWTSTAMP (git-fixes).
- net: mscc: ocelot: fix incorrect balancing with down LAG ports (git-fixes).
- net: mscc: ocelot: set up traps for PTP packets (git-fixes).
- net: openvswitch: do not send internal clone attribute to the userspace (git-fixes).
- net: openvswitch: fix leak of nested actions (git-fixes).
- net: openvswitch: fix misuse of the cached connection on tuple changes (git-fixes).
- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (git-fixes).
- net: phy: Do not WARN for PHY_READY state in mdio_bus_phy_resume() (git-fixes).
- net: phy: Warn about incorrect mdio_bus_phy_resume() state (git-fixes).
- net: phy: smsc: Disable Energy Detect Power-Down in interrupt mode (git-fixes).
- net: ptp: add a definition for the UDP port for IEEE 1588 general messages (git-fixes).
- net: rose: fix netdev reference changes (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (git-fixes).
- net: stmmac: clean up impossible condition (git-fixes).
- net: stmmac: disable Split Header (SPH) for Intel platforms (bsc#1194904).
- net: stmmac: dwc-qos: Disable split header for Tegra194 (bsc#1194904).
- net: stmmac: fix off-by-one error in sanity check (git-fixes).
- net: usb: Correct PHY handling of smsc95xx (git-fixes).
- net: usb: Correct reset handling of smsc95xx (git-fixes).
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (git-fixes).
- net: usb: ax88179_178a: add Allied Telesis AT-UMCs (git-fixes).
- net: usb: make USB_RTL8153_ECM non user configurable (git-fixes).
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (bsc#1200431).
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (bsc#1200431).
- net: vmxnet3: remove multiple false checks in vmxnet3_ethtool.c (bsc#1200431).
- net:enetc: allocate CBD ring data memory using DMA coherent methods (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout (git-fixes).
- nfsd: fix use-after-free due to delegation race (git-fixes).
- nilfs2: fix incorrect masking of permission flags for symlinks (git-fixes).
- nilfs2: fix lockdep warnings during disk space reclamation (git-fixes).
- nilfs2: fix lockdep warnings in page operations for btree nodes (git-fixes).
- nohz/full, sched/rt: Fix missed tick-reenabling bug in dequeue_task_rt() (bnc#1189999 (Scheduler functional and performance backports)).
- nouveau/svm: Fix to migrate all requested pages (git-fixes).
- nouveau: explicitly wait on the fence in nouveau_bo_move_m2mf (git-fies).
- ntb_hw_amd: Add NTB PCI ID for new gen CPU (bsc#1202113).
- nvme-auth: align to pre-upstream FFDHE implementation (bsc#1202265).
- nvme-auth: retry command if DNR bit is not set (bsc#1201675).
- nvme-fabrics: parse nvme connect Linux error codes (bsc#1201865).
- nvme-rdma: Handle number of queue changes (bsc#1201865).
- nvme-tcp: Handle number of queue changes (bsc#1201865).
- nvme-tcp: fix UAF when detecting digest errors (bsc#1200313 bsc#1201489).
- nvme: consider also host_iface when checking ip options (bsc#1199670).
- nvme: fix RCU hole that allowed for endless looping in multipath round robin (bsc#1202636).
- nvme: implement In-Band authentication (jsc#SLE-20183).
- nvme: kabi fixes for in-band authentication (bsc#1199086).
- nvmet-auth: expire authentication sessions (jsc#SLE-20183).
- nvmet: Expose max queues to configfs (bsc#1201865).
- nvmet: implement basic In-Band Authentication (jsc#SLE-20183).
- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (bsc#1202778).
- ocfs2: fix a deadlock when commit trans (bsc#1202776).
- octeontx2-af: Add KPU changes to parse NGIO as separate layer (jsc#SLE-24682).
- octeontx2-af: Add PTP device id for CN10K and 95O silcons (jsc#SLE-24682).
- octeontx2-af: Add SDP interface support (jsc#SLE-24682).
- octeontx2-af: Add debug messages for failures (jsc#SLE-24682).
- octeontx2-af: Add external ptp input clock (jsc#SLE-24682).
- octeontx2-af: Add free rsrc count mbox msg (jsc#SLE-24682).
- octeontx2-af: Add mbox to retrieve bandwidth profile free count (jsc#SLE-24682).
- octeontx2-af: Add support to flush full CPT CTX cache (jsc#SLE-24682).
- octeontx2-af: Adjust LA pointer for cpt parse header (jsc#SLE-24682).
- octeontx2-af: Allocate low priority entries for PF (jsc#SLE-24682).
- octeontx2-af: Allow to configure flow tag LSB byte as RSS adder (jsc#SLE-24682).
- octeontx2-af: Change the order of queue work and interrupt disable (jsc#SLE-24682).
- octeontx2-af: Do not enable Pause frames by default (jsc#SLE-24682).
- octeontx2-af: Enable CPT HW interrupts (jsc#SLE-24682).
- octeontx2-af: Enhance mailbox trace entry (jsc#SLE-24682).
- octeontx2-af: Fix LBK backpressure id count (jsc#SLE-24682).
- octeontx2-af: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-af: Fix interrupt name strings (jsc#SLE-24682).
- octeontx2-af: Fix spelling mistake 'Makesure' -> 'Make sure' (jsc#SLE-24682).
- octeontx2-af: Fix uninitialized variable val (jsc#SLE-24682).
- octeontx2-af: Flow control resource management (jsc#SLE-24682).
- octeontx2-af: Handle return value in block reset (jsc#SLE-24682).
- octeontx2-af: Hardware configuration for inline IPsec (jsc#SLE-24682).
- octeontx2-af: Increase link credit restore polling timeout (jsc#SLE-24682).
- octeontx2-af: Increase number of reserved entries in KPU (jsc#SLE-24682).
- octeontx2-af: Increment ptp refcount before use (jsc#SLE-24682).
- octeontx2-af: Limit KPU parsing for GTPU packets (jsc#SLE-24682).
- octeontx2-af: Modify install flow error codes (jsc#SLE-24682).
- octeontx2-af: Optimize KPU1 processing for variable-length headers (jsc#SLE-24682).
- octeontx2-af: Perform cpt lf teardown in non FLR path (jsc#SLE-24682).
- octeontx2-af: Priority flow control configuration support (jsc#SLE-24682).
- octeontx2-af: Remove channel verification while installing MCAM rules (jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable blkaddr (jsc#SLE-24682).
- octeontx2-af: Remove redundant initialization of variable pin (jsc#SLE-24682).
- octeontx2-af: Reset PTP config in FLR handler (jsc#SLE-24682).
- octeontx2-af: Retry until RVU block reset complete (jsc#SLE-24682).
- octeontx2-af: Use DMA_ATTR_FORCE_CONTIGUOUS attribute in DMA alloc (jsc#SLE-24682).
- octeontx2-af: Use NDC TX for transmit packet data (jsc#SLE-24682).
- octeontx2-af: Use ptp input clock info from firmware data (jsc#SLE-24682).
- octeontx2-af: Wait for TX link idle for credits change (jsc#SLE-24682).
- octeontx2-af: add proper return codes for AF mailbox handlers (jsc#SLE-24682).
- octeontx2-af: cn10K: Get NPC counters value (jsc#SLE-24682).
- octeontx2-af: cn10K: support for sched lmtst and other features (jsc#SLE-24682).
- octeontx2-af: cn10k: DWRR MTU configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: RPM hardware timestamp configuration (jsc#SLE-24682).
- octeontx2-af: cn10k: Set cache lines for NPA batch alloc (jsc#SLE-24682).
- octeontx2-af: cn10k: Use appropriate register for LMAC enable (jsc#SLE-24682).
- octeontx2-af: cn10k: add workaround for ptp errata (jsc#SLE-24682).
- octeontx2-af: cn10k: debugfs for dumping LMTST map table (jsc#SLE-24682).
- octeontx2-af: configure npc for cn10k to allow packets from cpt (jsc#SLE-24682).
- octeontx2-af: debugfs: Add channel and channel mask (jsc#SLE-24682).
- octeontx2-af: debugfs: Minor changes (jsc#SLE-24682).
- octeontx2-af: debugfs: do not corrupt user memory (jsc#SLE-24682).
- octeontx2-af: debugfs: fix error return of allocations (jsc#SLE-24682).
- octeontx2-af: enable tx shaping feature for 96xx C0 (jsc#SLE-24682).
- octeontx2-af: fix array bound error (jsc#SLE-24682).
- octeontx2-af: fix error code in is_valid_offset() (jsc#SLE-24682).
- octeontx2-af: initialize action variable (jsc#SLE-24682).
- octeontx2-af: nix and lbk in loop mode in 98xx (jsc#SLE-24682).
- octeontx2-af: remove redudant second error check on variable err (jsc#SLE-24682).
- octeontx2-af: use swap() to make code cleaner (jsc#SLE-24682).
- octeontx2-af: verify CQ context updates (jsc#SLE-24682).
- octeontx2-nic: fix mixed module build (jsc#SLE-24682).
- octeontx2-nicvf: Add PTP hardware clock support to NIX VF (jsc#SLE-24682).
- octeontx2-nicvf: Free VF PTP resources (jsc#SLE-24682).
- octeontx2-pf: Add TC feature for VFs (jsc#SLE-24682).
- octeontx2-pf: Add XDP support to netdev PF (jsc#SLE-24682).
- octeontx2-pf: Add check for non zero mcam flows (jsc#SLE-24682).
- octeontx2-pf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
- octeontx2-pf: Add vlan-etype to ntuple filters (jsc#SLE-24682).
- octeontx2-pf: Allow VLAN priority also in ntuple filters (jsc#SLE-24682).
- octeontx2-pf: CN10K: Hide RPM stats over ethtool (jsc#SLE-24682).
- octeontx2-pf: Do not mask out supported link modes (jsc#SLE-24682).
- octeontx2-pf: Enable NETIF_F_RXALL support for VF driver (jsc#SLE-24682).
- octeontx2-pf: Fix inconsistent license text (jsc#SLE-24682).
- octeontx2-pf: Ntuple filters support for VF netdev (jsc#SLE-24682).
- octeontx2-pf: PFC config support with DCBx (jsc#SLE-24682).
- octeontx2-pf: Remove unnecessary synchronize_irq() before free_irq() (jsc#SLE-24682).
- octeontx2-pf: Simplify the receive buffer size calculation (jsc#SLE-24682).
- octeontx2-pf: Sort the allocated MCAM entry indices (jsc#SLE-24682).
- octeontx2-pf: Unify flow management variables (jsc#SLE-24682).
- octeontx2-pf: Use hardware register for CQE count (jsc#SLE-24682).
- octeontx2-pf: cn10K: Reserve LMTST lines per core (jsc#SLE-24682).
- octeontx2-pf: cn10k: Config DWRR weight based on MTU (jsc#SLE-24682).
- octeontx2-pf: cn10k: Ensure valid pointers are freed to aura (jsc#SLE-24682).
- octeontx2-pf: cn10k: add support for new ptp timestamp format (jsc#SLE-24682).
- octeontx2-pf: devlink params support to set mcam entry count (jsc#SLE-24682).
- octeontx2-pf: replace bitmap_weight with bitmap_empty where appropriate (jsc#SLE-24682).
- octeontx2-pf: select CONFIG_NET_DEVLINK (jsc#SLE-24682).
- octeontx2-vf: Add support for adaptive interrupt coalescing (jsc#SLE-24682).
- octeontx2: Move devlink registration to be last devlink command (jsc#SLE-24682).
- openvswitch: Fix setting ipv6 fields causing hw csum failure (git-fixes).
- openvswitch: Fixed nd target mask field in the flow dump (git-fixes).
- openvswitch: always update flow key after nat (git-fixes).
- optee: add error checks in optee_ffa_do_call_with_arg() (git-fixes).
- perf bench futex: Fix memory leak of perf_cpu_map__new() (git-fixes).
- phy: samsung: phy-exynos-pcie: sanitize init/power_on callbacks (git-fixes).
- phy: stm32: fix error return in stm32_usbphyc_phy_init (git-fixes).
- pinctrl: amd: Do not save/restore interrupt status and wake status bits (git-fixes).
- pinctrl: armada-37xx: Convert to use dev_err_probe() (git-fixes).
- pinctrl: armada-37xx: Make use of the devm_platform_ioremap_resource() (git-fixes).
- pinctrl: armada-37xx: Use temporary variable for struct device (git-fixes).
- pinctrl: intel: Check against matching data instead of ACPI companion (git-fixes).
- pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map (git-fixes).
- pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed (git-fixes).
- pinctrl: qcom: sm8250: Fix PDC map (git-fixes).
- pinctrl: sunxi: Add I/O bias setting for H6 R-PIO (git-fixes).
- platform/chrome: cros_ec: Always expose last resume result (git-fixes).
- platform/chrome: cros_ec_proto: do not show MKBP version if unsupported (git-fixes).
- platform/olpc: Fix uninitialized data in debugfs write (git-fixes).
- platform/x86: pmc_atom: Fix SLP_TYPx bitfield mask (git-fixes).
- platform/x86: pmc_atom: Match all Lex BayTrail boards with critclk_systems DMI table (git-fixes).
- powerpc/perf: Optimize clearing the pending PMI and remove WARN_ON for PMI check in power_pmu_disable (bsc#1156395).
- powerpc/powernv/kvm: Use darn for H_RANDOM on Power9 (bsc#1065729).
- powerpc/powernv: Avoid crashing if rng is NULL (bsc#1065729).
- powerpc/powernv: delay rng platform device creation until later in boot (bsc#1065729).
- powerpc/powernv: rename remaining rng powernv_ functions to pnv_ (bsc#1065729).
- powerpc/powernv: wire up rng during setup_arch (bsc#1065729).
- powerpc/pseries: Interface to represent PAPR firmware attributes (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: Rename TYPE1_AFFINITY to FORM1_AFFINITY (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: rename min_common_depth to primary_domain_index (bsc#1200465 ltc#197256 jsc#SLE-18130).
- powerpc/pseries: wire up rng during setup_arch() (bsc#1065729).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Avoid discarding flags in system_call_exception() (bsc#1194869).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: powernv: kABI: add back powernv_get_random_long (bsc#1065729).
- proc: fix a dentry lock race between release_task and lookup (git-fixes).
- proc: fix dentry/inode overinstantiating under /proc/${pid}/net (git-fixes).
- profiling: fix shift too large makes kernel panic (git-fixes).
- pwm: lpc18xx-sct: Reduce number of devm memory allocations (git-fixes).
- pwm: lpc18xx-sct: Simplify driver by not using pwm_[gs]et_chip_data() (git-fixes).
- pwm: lpc18xx: Fix period handling (git-fixes).
- qed: validate and restrict untrusted VFs vlan promisc mode (git-fixes).
- r8152: fix the RX FIFO settings when suspending (git-fixes).
- r8152: fix the units of some registers for RTL8156A (git-fixes).
- random: remove useless header comment (git-fixes).
- ratelimit: Fix data-races in ___ratelimit() (git-fixes).
- regulator: of: Fix refcount leak bug in of_get_regulation_constraints() (git-fixes).
- regulator: pca9450: Remove restrictions for regulator-name (git-fixes).
- regulator: qcom_smd: Fix pm8916_pldo range (git-fixes).
- remoteproc: imx_rproc: Fix refcount leak in imx_rproc_addr_init (git-fixes).
- remoteproc: k3-r5: Fix refcount leak in k3_r5_cluster_of_init (git-fixes).
- remoteproc: qcom: pas: Check if coredump is enabled (git-fixes).
- remoteproc: qcom: pas: Mark devices as wakeup capable (git-fixes).
- remoteproc: qcom: q6v5-mss: add powerdomains to MSM8996 config (git-fixes).
- remoteproc: qcom: wcnss: Fix handling of IRQs (git-fixes).
- remoteproc: sysmon: Wait for SSCTL service to come up (git-fixes).
- rose: check NULL rose_loopback_neigh->loopback (git-fixes).
- rpm/kernel-binary.spec.in: move vdso to a separate package (bsc#1202385)
- rpmsg: char: Add mutex protection for rpmsg_eptdev_open() (git-fixes).
- rpmsg: mtk_rpmsg: Fix circular locking dependency (git-fixes).
- rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge (git-fixes).
- s390/cpumf: Handle events cycles and instructions identical (git-fixes).
- s390/crash: fix incorrect number of bytes to copy to user space (git-fixes).
- s390/crash: make copy_oldmem_page() return number of bytes copied (git-fixes).
- s390/hugetlb: fix prepare_hugepage_range() check for 2 GB hugepages (git-fixes).
- s390/hypfs: avoid error message under KVM (bsc#1032323).
- s390/kexec: handle R_390_PLT32DBL rela in arch_kexec_apply_relocations_add() (git-fixes).
- s390/mm: do not trigger write fault when vma does not allow VM_WRITE (git-fixes).
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (git-fixes).
- s390/qeth: cache link_info for ethtool (bsc#1202262 LTC#199322).
- s390/stp: clock_delta should be signed (git-fixes).
- s390/zcore: fix race when reading from hardware system area (git-fixes).
- samples/landlock: Add clang-format exceptions (git-fixes).
- samples/landlock: Fix path_list memory leak (git-fixes).
- samples/landlock: Format with clang-format (git-fixes).
- sched/core: Always flush pending blk_plug (bnc#1189999 (Scheduler functional and performance backports)).
- sched/deadline: Fix BUG_ON condition for deboosted tasks (git-fixes)
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (bnc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq -kabi (git fixes (sched/fair)).
- sched/fair: Remove redundant word ' *' (bnc#1189999 (Scheduler functional and performance backports)).
- sched/uclamp: Fix iowait boost escaping uclamp restriction (git-fixes)
- sched/uclamp: Fix rq->uclamp_max not set on first enqueue (git-fixes)
- sched: Allow newidle balancing to bail out of load_balance (bnc#1189999 (Scheduler functional and performance backports)).
- sched: Fix the check of nr_running at queue wakelist (bnc#1189999 (Scheduler functional and performance backports)).
- sched: Remove the limitation of WF_ON_CPU on wakelist if wakee cpu is idle (bnc#1189999 (Scheduler functional and performance backports)). Refresh
- sched: Remove unused function group_first_cpu() (bnc#1189999 (Scheduler functional and performance backports)).
- scripts/dtc: Call pkg-config POSIXly correct (git-fixes).
- scripts/faddr2line: Fix vmlinux detection on arm64 (git-fixes).
- scripts/gdb: change kernel config dumping method (git-fixes).
- scripts: sphinx-pre-install: Fix ctex support on Debian (git-fixes).
- scripts: sphinx-pre-install: add required ctex dependency (git-fixes).
- scsi: hisi_sas: Keep controller active between ISR of phyup and the event being processed (bsc#1202471).
- scsi: hisi_sas: Use autosuspend for the host controller (bsc#1202471).
- scsi: libiscsi: Add iscsi_cls_conn to sysfs after initialization (bsc#1198410).
- scsi: lpfc: Add warning notification period to CMF_SYNC_WQE (bsc#1203063).
- scsi: lpfc: Check the return value of alloc_workqueue() (bsc#1203063).
- scsi: lpfc: Copyright updates for 14.2.0.5 patches (bsc#1201956).
- scsi: lpfc: Copyright updates for 14.2.0.6 patches (bsc#1203063).
- scsi: lpfc: Fix attempted FA-PWWN usage after feature disable (bsc#1201956).
- scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test (bsc#1201956).
- scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID (bsc#1203063).
- scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE (bsc#1201956).
- scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() (bsc#1201956).
- scsi: lpfc: Fix unsolicited FLOGI receive handling during PT2PT discovery (bsc#1203063).
- scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input (bsc#1201956).
- scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into lpfc_sli_prep_abort_xri() (bsc#1201956).
- scsi: lpfc: Remove Menlo/Hornet related code (bsc#1201956).
- scsi: lpfc: Remove SANDiags related code (bsc#1203063).
- scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand after VMID (bsc#1201956).
- scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved configuration (bsc#1201956).
- scsi: lpfc: Rework MIB Rx Monitor debug info logic (bsc#1203063).
- scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX iocb (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.5 (bsc#1201956).
- scsi: lpfc: Update lpfc version to 14.2.0.6 (bsc#1203063).
- scsi: megaraid: Clear READ queue map's nr_queues (git-fixes).
- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (git-fixes).
- scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() (bsc#1201958).
- scsi: qla2xxx: Fix discovery issues in FC-AL topology (bsc#1201958).
- scsi: qla2xxx: Fix imbalance vha->vref_count (bsc#1201958).
- scsi: qla2xxx: Fix incorrect display of max frame size (bsc#1201958).
- scsi: qla2xxx: Fix response queue handler reading stale packets (bsc#1201958).
- scsi: qla2xxx: Fix sparse warning for dport_data (bsc#1201958).
- scsi: qla2xxx: Update manufacturer details (bsc#1201958).
- scsi: qla2xxx: Update version to 10.02.07.800-k (bsc#1201958).
- scsi: qla2xxx: Zero undefined mailbox IN registers (bsc#1201958).
- scsi: qla2xxx: edif: Fix dropped IKE message (bsc#1201958).
- scsi: sg: Allow waiting for commands to complete on removed device (git-fixes).
- scsi: smartpqi: Fix DMA direction for RAID requests (git-fixes).
- scsi: ufs: core: Fix another task management completion race (git-fixes).
- scsi: ufs: core: Fix task management completion timeout race (git-fixes).
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (git-fixes).
- seccomp: Invalidate seccomp mode to catch death failures (git-fixes).
- selftest/net/forwarding: declare NETIFS p9 p10 (git-fixes).
- selftest/powerpc: Add PAPR sysfs attributes sniff test (bsc#1200465 ltc#197256 jsc#SLE-18130).
- selftest/vm: fix map_fixed_noreplace test failure (git-fixes).
- selftest/vm: verify mmap addr in mremap_test (git-fixes).
- selftest/vm: verify remap destination address in mremap_test (git-fixes).
- selftests, x86: fix how check_cc.sh is being invoked (git-fixes).
- selftests/exec: Add non-regular to TEST_GEN_PROGS (git-fixes).
- selftests/exec: Remove pipe from TEST_GEN_FILES (git-fixes).
- selftests/fib_tests: Rework fib_rp_filter_test() (git-fixes).
- selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT (git-fixes).
- selftests/ftrace: make kprobe profile testcase description unique (git-fixes).
- selftests/landlock: Add clang-format exceptions (git-fixes).
- selftests/landlock: Add tests for O_PATH (git-fixes).
- selftests/landlock: Add tests for unknown access rights (git-fixes).
- selftests/landlock: Extend access right tests to directories (git-fixes).
- selftests/landlock: Extend tests for minimal valid attribute size (git-fixes).
- selftests/landlock: Format with clang-format (git-fixes).
- selftests/landlock: Fully test file rename with 'remove' access (git-fixes).
- selftests/landlock: Make tests build with old libc (git-fixes).
- selftests/landlock: Normalize array assignment (git-fixes).
- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (git-fixes).
- selftests/memfd: clean up mapping in mfd_fail_write (git-fixes).
- selftests/memfd: remove unused variable (git-fixes).
- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (git-fixes).
- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (git-fixes).
- selftests/net: so_txtime: usage(): fix documentation of default clock (git-fixes).
- selftests/net: timestamping: Fix bind_phc check (git-fixes).
- selftests/net: udpgso_bench_tx: fix dst ip argument (git-fixes).
- selftests/powerpc/spectre_v2: Return skip code when miss_percent is high (git-fixes).
- selftests/powerpc: Add a test of sigreturning to the kernel (git-fixes).
- selftests/resctrl: Fix null pointer dereference on open failed (git-fixes).
- selftests/rseq: Change type of rseq_offset to ptrdiff_t (git-fixes).
- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (git-fixes).
- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (git-fixes).
- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (git-fixes).
- selftests/rseq: Fix warnings about #if checks of undefined tokens (git-fixes).
- selftests/rseq: Fix: work-around asm goto compiler bugs (git-fixes).
- selftests/rseq: Introduce rseq_get_abi() helper (git-fixes).
- selftests/rseq: Introduce thread pointer getters (git-fixes).
- selftests/rseq: Remove arm/mips asm goto compiler work-around (git-fixes).
- selftests/rseq: Remove useless assignment to cpu variable (git-fixes).
- selftests/rseq: Remove volatile from __rseq_abi (git-fixes).
- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (git-fixes).
- selftests/rseq: introduce own copy of rseq uapi header (git-fixes).
- selftests/rseq: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (git-fixes).
- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (git-fixes).
- selftests/seccomp: Do not call read() on TTY from background pgrp (git-fixes).
- selftests/seccomp: Fix compile warning when CC=clang (git-fixes).
- selftests/seccomp: Fix seccomp failure by adding missing headers (git-fixes).
- selftests/sgx: Treat CC as one argument (git-fixes).
- selftests/vm/transhuge-stress: fix ram size thinko (git-fixes).
- selftests/vm: make charge_reserved_hugetlb.sh work with existing cgroup setting (git-fixes).
- selftests/x86: Add validity check and allow field splitting (git-fixes).
- selftests/zram01.sh: Fix compression ratio calculation (git-fixes).
- selftests/zram: Adapt the situation that /dev/zram0 is being used (git-fixes).
- selftests/zram: Skip max_comp_streams interface on newer kernel (git-fixes).
- selftests: Add duplicate config only for MD5 VRF tests (git-fixes).
- selftests: Fix IPv6 address bind tests (git-fixes).
- selftests: Fix raw socket bind tests with VRF (git-fixes).
- selftests: add ping test with ping_group_range tuned (git-fixes).
- selftests: cgroup: Make cg_create() use 0755 for permission instead of 0644 (git-fixes).
- selftests: cgroup: Test open-time cgroup namespace usage for migration checks (git-fixes).
- selftests: cgroup: Test open-time credential usage for migration checks (git-fixes).
- selftests: clone3: clone3: add case CLONE3_ARGS_NO_TEST (git-fixes).
- selftests: fixup build warnings in pidfd / clone3 tests (git-fixes).
- selftests: forwarding: fix error message in learning_test (git-fixes).
- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (git-fixes).
- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (git-fixes).
- selftests: futex: Use variable MAKE instead of make (git-fixes).
- selftests: gpio: fix gpio compiling error (git-fixes).
- selftests: harness: avoid false negatives if test has no ASSERTs (git-fixes).
- selftests: icmp_redirect: pass xfail=0 to log_test() (git-fixes).
- selftests: kvm: set rax before vmcall (git-fixes).
- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (git-fixes).
- selftests: mlxsw: resource_scale: Fix return value (git-fixes).
- selftests: mlxsw: tc_police_scale: Make test more robust (git-fixes).
- selftests: mlxsw: vxlan_flooding: Prevent flooding of unwanted packets (git-fixes).
- selftests: mptcp: add csum mib check for mptcp_connect (git-fixes).
- selftests: mptcp: fix diag instability (git-fixes).
- selftests: mptcp: fix ipv6 routing setup (git-fixes).
- selftests: mptcp: more stable diag tests (git-fixes).
- selftests: net: Correct case name (git-fixes).
- selftests: net: Correct ping6 expected rc from 2 to 1 (git-fixes).
- selftests: net: Fix a typo in udpgro_fwd.sh (git-fixes).
- selftests: net: tls: remove unused variable and code (git-fixes).
- selftests: net: udpgro_fwd.sh: explicitly checking the available ping feature (git-fixes).
- selftests: net: using ping6 for IPv6 in udpgro_fwd.sh (git-fixes).
- selftests: netfilter: add a vrf+conntrack testcase (git-fixes).
- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (git-fixes).
- selftests: netfilter: disable rp_filter on router (git-fixes).
- selftests: netfilter: fix exit value for nft_concat_range (git-fixes).
- selftests: nft_concat_range: add test for reload with no element add/del (git-fixes).
- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (git-fixes).
- selftests: openat2: Add missing dependency in Makefile (git-fixes).
- selftests: openat2: Print also errno in failure messages (git-fixes).
- selftests: openat2: Skip testcases that fail with EOPNOTSUPP (git-fixes).
- selftests: pmtu.sh: Kill nettest processes launched in subshell (git-fixes).
- selftests: pmtu.sh: Kill tcpdump processes launched by subshell (git-fixes).
- selftests: rtc: Increase test timeout so that all tests run (git-fixes).
- selftests: skip mincore.check_file_mmap when fs lacks needed support (git-fixes).
- selftests: test_vxlan_under_vrf: Fix broken test case (git-fixes).
- selftests: timers: clocksource-switch: fix passing errors from child (git-fixes).
- selftests: timers: valid-adjtimex: build fix for newer toolchains (git-fixes).
- selftests: vm: Makefile: rename TARGETS to VMTARGETS (git-fixes).
- selftests: vm: fix clang build error multiple output files (git-fixes).
- selftests: x86: fix [-Wstringop-overread] warn in test_process_vm_readv() (git-fixes).
- selinux: Add boundary check in put_entry() (git-fixes).
- selinux: access superblock_security_struct in LSM blob way (git-fixes).
- selinux: check return value of sel_make_avc_files (git-fixes).
- selinux: fix bad cleanup on error in hashtab_duplicate() (git-fixes).
- selinux: fix double free of cond_list on error paths (git-fixes).
- selinux: fix memleak in security_read_state_kernel() (git-fixes).
- selinux: fix misuse of mutex_is_locked() (git-fixes).
- selinux: use correct type for context length (git-fixes).
- serial: 8250: Add proper clock handling for OxSemi PCIe devices (git-fixes).
- serial: 8250: Export ICR access helpers for internal use (git-fixes).
- serial: 8250: Fold EndRun device support into OxSemi Tornado code (git-fixes).
- serial: 8250_bcm7271: Save/restore RTS in suspend/resume (git-fixes).
- serial: 8250_dw: Store LSR into lsr_saved_flags in dw8250_tx_wait_empty() (git-fixes).
- serial: 8250_fsl: Do not report FE, PE and OE twice (git-fixes).
- serial: 8250_pci: Refactor the loop in pci_ite887x_init() (git-fixes).
- serial: 8250_pci: Replace dev_*() by pci_*() macros (git-fixes).
- serial: fsl_lpuart: RS485 RTS polariy is inverse (git-fixes).
- serial: mvebu-uart: uart2 error bits clearing (git-fixes).
- smsc95xx: Ignore -ENODEV errors when device is unplugged (git-fixes).
- soc: amlogic: Fix refcount leak in meson-secure-pwrc.c (git-fixes).
- soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs (git-fixes).
- soc: fsl: guts: machine variable might be unset (git-fixes).
- soc: fsl: select FSL_GUTS driver for DPIO (git-fixes).
- soc: imx: gpcv2: Assert reset before ungating clock (git-fixes).
- soc: qcom: Make QCOM_RPMPD depend on PM (git-fixes).
- soc: qcom: aoss: Fix refcount leak in qmp_cooling_devices_register (git-fixes).
- soc: qcom: ocmem: Fix refcount leak in of_get_ocmem (git-fixes).
- soc: renesas: r8a779a0-sysc: Fix A2DP1 and A2CV[2357] PDR values (git-fixes).
- soundwire: bus_type: fix remove and shutdown support (git-fixes).
- soundwire: qcom: Check device status before reading devid (git-fixes).
- soundwire: qcom: fix device status array range (git-fixes).
- spi: Fix incorrect cs_setup delay handling (git-fixes).
- spi: Fix simplification of devm_spi_register_controller (git-fixes).
- spi: dt-bindings: cadence: add missing 'required' (git-fixes).
- spi: dt-bindings: zynqmp-qspi: add missing 'required' (git-fixes).
- spi: meson-spicc: add local pow2 clock ops to preserve rate between messages (git-fixes).
- spi: spi-altera-dfl: Fix an error handling path (git-fixes).
- spi: spi-rspi: Fix PIO fallback on RZ platforms (git-fixes).
- spi: synquacer: Add missing clk_disable_unprepare() (git-fixes).
- spi: tegra20-slink: fix UAF in tegra_slink_remove() (git-fixes).
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions (git-fixes).
- staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback (git-fixes).
- staging: rtl8712: fix use after free bugs (git-fixes).
- tee: optee: do not check memref size on return from Secure World (git-fixes).
- tee: tee_get_drvdata(): fix description of return value (git-fixes).
- testing/selftests/mqueue: Fix mq_perf_tests to free the allocated cpu set (git-fixes).
- testing: nvdimm: asm/mce.h is not needed in nfit.c (git-fixes).
- testing: nvdimm: iomap: make __nfit_test_ioremap a macro (git-fixes).
- tests: fix idmapped mount_setattr test (git-fixes).
- thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR (bsc#1201308).
- thermal/tools/tmon: Include pthread and time headers in tmon.h (git-fixes).
- thermal: sysfs: Fix cooling_device_stats_setup() error code path (git-fixes).
- thunderbolt: Use the actual buffer in tb_async_error() (git-fixes).
- tools include UAPI: Sync sound/asound.h copy with the kernel sources (git-fixes).
- tools/nolibc: fix incorrect truncation of exit code (git-fixes).
- tools/nolibc: i386: fix initial stack alignment (git-fixes).
- tools/nolibc: x86-64: Fix startup code bug (git-fixes).
- tools/testing/scatterlist: add missing defines (git-fixes).
- tools/thermal: Fix possible path truncations (git-fixes).
- tpm: eventlog: Fix section mismatch for DEBUG_SECTION_MISMATCH (git-fixes).
- trace/osnoise: Add migrate-disabled field to the osnoise header (git-fixes).
- trace/timerlat: Add migrate-disabled field to the timerlat header (git-fixes).
- tracing/histograms: Fix memory leak problem (git-fixes).
- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (git-fixes).
- tracing/probes: Have kprobes and uprobes use $COMM too (git-fixes).
- tracing: Add ustring operation to filtering string pointers (git-fixes).
- tracing: Fix sleeping while atomic in kdb ftdump (git-fixes).
- tracing: Have filter accept 'common_cpu' to be consistent (git-fixes).
- tracing: Use a struct alignof to determine trace event field alignment (git-fixes).
- tty: 8250: Add support for Brainboxes PX cards (git-fixes).
- tty: n_gsm: Delete gsm_disconnect when config requester (git-fixes).
- tty: n_gsm: Delete gsmtty open SABM frame when config requester (git-fixes).
- tty: n_gsm: Modify CR,PF bit printk info when config requester (git-fixes).
- tty: n_gsm: Modify CR,PF bit when config requester (git-fixes).
- tty: n_gsm: Modify cr bit value when config requester (git-fixes).
- tty: n_gsm: Modify gsmtty driver register method when config requester (git-fixes).
- tty: n_gsm: Save dlci address open status when config requester (git-fixes).
- tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() (git-fixes).
- tty: n_gsm: avoid call of sleeping functions from atomic context (git-fixes).
- tty: n_gsm: clean up dead code in gsm_queue() (git-fixes).
- tty: n_gsm: clean up implicit CR bit encoding in address field (git-fixes).
- tty: n_gsm: clean up indenting in gsm_queue() (git-fixes).
- tty: n_gsm: fix DM command (git-fixes).
- tty: n_gsm: fix broken virtual tty handling (git-fixes).
- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (git-fixes).
- tty: n_gsm: fix deadlock and link starvation in outgoing data path (git-fixes).
- tty: n_gsm: fix decoupled mux resource (git-fixes).
- tty: n_gsm: fix encoding of command/response bit (git-fixes).
- tty: n_gsm: fix flow control handling in tx path (git-fixes).
- tty: n_gsm: fix frame reception handling (git-fixes).
- tty: n_gsm: fix incorrect UA handling (git-fixes).
- tty: n_gsm: fix insufficient txframe size (git-fixes).
- tty: n_gsm: fix invalid gsmtty_write_room() result (git-fixes).
- tty: n_gsm: fix invalid use of MSC in advanced option (git-fixes).
- tty: n_gsm: fix malformed counter for out of frame data (git-fixes).
- tty: n_gsm: fix missing corner cases in gsmld_poll() (git-fixes).
- tty: n_gsm: fix missing explicit ldisc flush (git-fixes).
- tty: n_gsm: fix missing mux reset on config change at responder (git-fixes).
- tty: n_gsm: fix missing timer to handle stalled links (git-fixes).
- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (git-fixes).
- tty: n_gsm: fix missing update of modem controls after DLCI open (git-fixes).
- tty: n_gsm: fix mux activation issues in gsm_config() (git-fixes).
- tty: n_gsm: fix mux cleanup after unregister tty device (git-fixes).
- tty: n_gsm: fix non flow control frames during mux flow off (git-fixes).
- tty: n_gsm: fix packet re-transmission without open control channel (git-fixes).
- tty: n_gsm: fix race condition in gsmld_write() (git-fixes).
- tty: n_gsm: fix reset fifo race condition (git-fixes).
- tty: n_gsm: fix resource allocation order in gsm_activate_mux() (git-fixes).
- tty: n_gsm: fix restart handling via CLD command (git-fixes).
- tty: n_gsm: fix software flow control handling (git-fixes).
- tty: n_gsm: fix sometimes uninitialized warning in gsm_dlci_modem_output() (git-fixes).
- tty: n_gsm: fix tty registration before control channel open (git-fixes).
- tty: n_gsm: fix user open not possible at responder until initiator open (git-fixes).
- tty: n_gsm: fix wrong DLCI release order (git-fixes).
- tty: n_gsm: fix wrong T1 retry count handling (git-fixes).
- tty: n_gsm: fix wrong command frame length field encoding (git-fixes).
- tty: n_gsm: fix wrong command retry handling (git-fixes).
- tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output() (git-fixes).
- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (git-fixes).
- tty: n_gsm: fix wrong signal octets encoding in MSC (git-fixes).
- tty: n_gsm: initialize more members at gsm_alloc_mux() (git-fixes).
- tty: n_gsm: replace kicktimer with delayed_work (git-fixes).
- tty: serial: Fix refcount leak bug in ucc_uart.c (git-fixes).
- tty: serial: fsl_lpuart: correct the count of break characters (git-fixes).
- tty: serial: lpuart: disable flow control while waiting for the transmit engine to complete (git-fixes).
- tty: vt: initialize unicode screen buffer (git-fixes).
- tun: avoid double free in tun_free_netdev (git-fixes).
- tunnels: do not assume mac header is set in skb_tunnel_check_pmtu() (git-fixes).
- tuntap: add sanity checks about msg_controllen in sendmsg (git-fixes).
- uaccess: fix type mismatch warnings from access_ok() (git-fixes).
- ucounts: Base set_cred_ucounts changes on the real user (git-fixes).
- ucounts: Fix rlimit max values check (git-fixes).
- ucounts: Fix systemd LimitNPROC with private users regression (git-fixes).
- ucounts: Handle wrapping in is_ucounts_overlimit (git-fixes).
- ucounts: In set_cred_ucounts assume new->ucounts is non-NULL (git-fixes).
- udf: Fix crash after seekdir (bsc#1194592).
- udmabuf: Set the DMA mask for the udmabuf device (v2) (git-fixes).
- udmabuf: add back sanity check (git-fixes).
- usb: aspeed-vhub: Fix refcount leak bug in ast_vhub_init_desc() (git-fixes).
- usb: cdns3 fix use-after-free at workaround 2 (git-fixes).
- usb: cdns3: Do not use priv_dev uninitialized in cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: change place of 'priv_ep' assignment in cdns3_gadget_ep_dequeue(), cdns3_gadget_ep_enable() (git-fixes).
- usb: cdns3: fix incorrect handling TRB_SMM flag for ISOC transfer (git-fixes).
- usb: cdns3: fix issue with rearming ISO OUT endpoint (git-fixes).
- usb: cdns3: fix random warning message when driver load (git-fixes).
- usb: dwc2: fix wrong order of phy_power_on and phy_init (git-fixes).
- usb: dwc2: gadget: remove D+ pull-up while no vbus with usb-role-switch (git-fixes).
- usb: dwc3: core: Deprecate GCTL.CORESOFTRESET (git-fixes).
- usb: dwc3: core: Do not perform GCTL_CORE_SOFTRESET during bootup (git-fixes).
- usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core (git-fixes).
- usb: dwc3: dwc3-qcom: Fix typo in the dwc3 vbus override API (git-fixes).
- usb: dwc3: gadget: Avoid duplicate requests to enable Run/Stop (git-fixes).
- usb: dwc3: gadget: fix high speed multiplier setting (git-fixes).
- usb: dwc3: gadget: refactor dwc3_repare_one_trb (git-fixes).
- usb: dwc3: qcom: Add helper functions to enable,disable wake irqs (git-fixes).
- usb: dwc3: qcom: fix missing optional irq warnings (git-fixes).
- usb: dwc3: qcom: fix use-after-free on runtime-PM wakeup (git-fixes).
- usb: gadget: f_uac2: clean up some inconsistent indenting (git-fixes).
- usb: gadget: f_uac2: fix superspeed transfer (git-fixes).
- usb: gadget: mass_storage: Fix cdrom data transfers on MAC-OS (git-fixes).
- usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init() (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: gadget: udc: amd5536 depends on HAS_DMA (git-fixes).
- usb: gadget: uvc: call uvc uvcg_warn on completed status instead of uvcg_info (git-fixes).
- usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe (git-fixes).
- usb: host: ohci-ppc-of: Fix refcount leak bug (git-fixes).
- usb: host: xhci: use snprintf() in xhci_decode_trb() (git-fixes).
- usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe (git-fixes).
- usb: renesas: Fix refcount leak bug (git-fixes).
- usb: typec: altmodes/displayport: correct pin assignment for UFP receptacles (git-fixes).
- usb: typec: tcpm: Return ENOTSUPP for power supply prop writes (git-fixes).
- usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion (git-fixes).
- usb: xhci: tegra: Fix error check (git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: Run unregister_netdev() before unbind() again (git-fixes).
- usbnet: smsc95xx: Avoid link settings race on interrupt reception (git-fixes).
- usbnet: smsc95xx: Do not clear read-only PHY interrupt (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- usbnet: smsc95xx: Forward PHY interrupts to PHY driver to avoid polling (git-fixes).
- userfaultfd/selftests: fix hugetlb area allocations (git-fixes).
- vboxguest: Do not use devm for irq (git-fixes).
- vdpa_sim: avoid putting an uninitialized iova_domain (git-fixes).
- venus: pm_helpers: Fix warning in OPP during probe (git-fixes).
- vfio/ccw: Do not change FSM state in subchannel event (git-fixes).
- vfio/ccw: Remove UUID from s390 debug log (git-fixes).
- vfio: Clear the caps->buf to NULL after free (git-fixes).
- video: fbdev: amba-clcd: Fix refcount leak bugs (git-fixes).
- video: fbdev: arkfb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() (git-fixes).
- video: fbdev: i740fb: Check the argument of i740_calc_vclk() (git-fixes).
- video: fbdev: s3fb: Check the size of screen before memset_io() (git-fixes).
- video: fbdev: sis: fix typos in SiS_GetModeID() (git-fixes).
- video: fbdev: vt8623fb: Check the size of screen before memset_io() (git-fixes).
- virtio-gpu: fix a missing check to avoid NULL dereference (git-fixes).
- virtio-net: fix the race between refill work and close (git-fixes).
- virtio_net: fix memory leak inside XPD_TX with mergeable (git-fixes).
- vmxnet3: Implement ethtool's get_channels command (bsc#1200431).
- vmxnet3: Record queue number to incoming packets (bsc#1200431).
- vmxnet3: Remove useless DMA-32 fallback configuration (bsc#1200431).
- vmxnet3: add command to set ring buffer sizes (bsc#1200431).
- vmxnet3: add support for capability registers (bsc#1200431).
- vmxnet3: add support for large passthrough BAR register (bsc#1200431).
- vmxnet3: add support for out of order rx completion (bsc#1200431).
- vmxnet3: disable overlay offloads if UPT device does not support (bsc#1200431).
- vmxnet3: do not reschedule napi for rx processing (bsc#1200431).
- vmxnet3: limit number of TXDs used for TSO packet (bsc#1200431).
- vmxnet3: prepare for version 7 changes (bsc#1200431).
- vmxnet3: switch from 'pci_' to 'dma_' API (bsc#1200431).
- vmxnet3: update to version 7 (bsc#1200431).
- vmxnet3: use ext1 field to indicate encapsulated packet (bsc#1200431).
- vrf: do not run conntrack on vrf with !dflt qdisc (git-fixes).
- vsock/virtio: enable VQs early on probe (git-fixes).
- vsock/virtio: initialize vdev->priv before using VQs (git-fixes).
- vsock/virtio: read the negotiated features before using VQs (git-fixes).
- vsock: Fix memory leak in vsock_connect() (git-fixes).
- vsock: Set socket state back to SS_UNCONNECTED in vsock_connect_timeout() (git-fixes).
- vsock: remove vsock from connected table when connect is interrupted by a signal (git-fixes).
- watch-queue: remove spurious double semicolon (git-fixes).
- watch_queue: Fix missing locking in add_watch_to_object() (git-fixes).
- watch_queue: Fix missing rcu annotation (git-fixes).
- watchdog: armada_37xx_wdt: check the return value of devm_ioremap() in armada_37xx_wdt_probe() (git-fixes).
- watchdog: sp5100_tco: Fix a memory leak of EFCH MMIO resource (git-fixes).
- watchqueue: make sure to serialize 'wqueue->defunct' properly (git-fixes).
- wifi: cfg80211: debugfs: fix return type in ht40allow_map_read() (git-fixes).
- wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() (git-fixes).
- wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue (git-fixes).
- wifi: libertas: Fix possible refcount leak in if_usb_probe() (git-fixes).
- wifi: mac80211: Do not finalize CSA in IBSS mode if state is disconnected (git-fixes).
- wifi: mac80211: limit A-MSDU subframes for client too (git-fixes).
- wifi: mac80211_hwsim: add back erroneously removed cast (git-fixes).
- wifi: mac80211_hwsim: fix race condition in pending packet (git-fixes).
- wifi: mac80211_hwsim: use 32-bit skb cookie (git-fixes).
- wifi: p54: Fix an error handling path in p54spi_probe() (git-fixes).
- wifi: p54: add missing parentheses in p54_flush() (git-fixes).
- wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() (git-fixes).
- wifi: rtlwifi: remove always-true condition pointed out by GCC 12 (git-fies).
- wifi: rtw88: check the return value of alloc_workqueue() (git-fixes).
- wifi: rtw89: 8852a: rfk: fix div 0 exception (git-fixes).
- wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() (git-fixes).
- wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` (git-fixes).
- wireguard: device: check for metadata_dst with skb_valid_dst() (git-fixes).
- wireless: Remove redundant 'flush_workqueue()' calls (bsc#1202131).
- x86/Hyper-V: Add SEV negotiate protocol support in Isolation VM (bsc#1190497).
- x86/olpc: fix 'logical not is only applied to the left hand side' (git-fixes).
- x86/retbleed: Add fine grained Kconfig knobs (bsc#1190497).
- x86/sev: Define the Linux-specific guest termination reasons (bsc#1190497).
- x86/sev: Save the negotiated GHCB version (bsc#1190497).
- xen/gntdev: fix unmap notification order (git-fixes).
- xen/privcmd: fix error exit of privcmd_ioctl_dm_op() (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xen: detect uninitialized xenbus in xenbus_init (git-fixes).
- xen: do not continue xenstore initialization in case of errors (git-fixes).
- xfs: Fix the free logic of state in xfs_attr_node_hasname (git-fixes).
- xfs: check sb_meta_uuid for dabuf buffer recovery (git-fixes).
- xfs: fix soft lockup via spinning in filestream ag selection loop (git-fixes).
- xfs: fix use-after-free in xattr node block inactivation (git-fixes).
- xfs: fold perag loop iteration logic into helper function (git-fixes).
- xfs: make xfs_rtalloc_query_range input parameters const (git-fixes).
- xfs: only bother with sync_filesystem during readonly remount (git-fixes).
- xfs: prevent UAF in xfs_log_item_in_current_chkpt (git-fixes).
- xfs: prevent a UAF when log IO errors race with unmount (git-fixes).
- xfs: remove incorrect ASSERT in xfs_rename (git-fixes).
- xfs: rename the next_agno perag iteration variable (git-fixes).
- xfs: reorder iunlink remove operation in xfs_ifree (git-fixes).
- xfs: revert 'xfs: actually bump warning counts when we send warnings' (git-fixes).
- xfs: terminate perag iteration reliably on agcount (git-fixes).
- xfs: use invalidate_lock to check the state of mmap_lock (git-fixes).
- xfs: use kmem_cache_free() for kmem_cache objects (git-fixes).
- xfs: use setattr_copy to set vfs inode attributes (git-fixes).
- xhci: Set HCD flag to defer primary roothub registration (git-fixes).
- xhci: dbc: Rename xhci_dbc_init and xhci_dbc_exit (git-fixes).
- xhci: dbc: create and remove dbc structure in dbgtty driver (git-fixes).
- xhci: dbc: refactor xhci_dbc_init() (git-fixes).
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (git-fixes).
- xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes).
- zonefs: Clear inode information flags on inode creation (git-fixes).
- zonefs: Fix management of open zones (git-fixes).
- zonefs: add MODULE_ALIAS_FS (git-fixes).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- libnettle8-3.8.1-150500.1.6 updated
- perl-5.26.1-150300.17.11.1 updated
- libhogweed6-3.8.1-150500.1.6 updated
- libfreetype6-2.10.4-150000.4.12.1 updated
- libvirt-libs-8.7.0-150500.1.1 updated
- kernel-kvmsmall-5.14.21-150400.24.21.2 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 07:21:00 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 09:21:00 +0200 (CEST)
Subject: SUSE-CU-2022:2343-1: Security update of suse/sles/15.4/virt-operator
Message-ID: <20220923072100.5D879F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.4/virt-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2343-1
Container Tags : suse/sles/15.4/virt-operator:0.49.0 , suse/sles/15.4/virt-operator:0.49.0-150400.1.37 , suse/sles/15.4/virt-operator:0.49.0.16.29
Container Release : 16.29
Severity : moderate
Type : security
References : 1047178 1199140 CVE-2017-6512
-----------------------------------------------------------------
The container suse/sles/15.4/virt-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
The following package changes have been done:
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- sles-release-15.5-150500.11.1 updated
- container:sles15-image-15.0.0-31.15 updated
From sle-security-updates at lists.suse.com Fri Sep 23 10:19:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 12:19:46 +0200 (CEST)
Subject: SUSE-SU-2022:3341-1: important: Security update for dpdk
Message-ID: <20220923101946.203B2F7C9@maintenance.suse.de>
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3341-1
Rating: important
References: #1202903 #1202956
Cross-References: CVE-2022-2132 CVE-2022-28199
CVSS scores:
CVE-2022-2132 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-2132 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-28199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28199 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Server Applications 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two
descriptors and exhausts all mbufs (bsc#1202903).
- CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3341=1
- SUSE Linux Enterprise Module for Server Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-3341=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
dpdk-19.11.10-150400.4.7.1
dpdk-debuginfo-19.11.10-150400.4.7.1
dpdk-debugsource-19.11.10-150400.4.7.1
dpdk-devel-19.11.10-150400.4.7.1
dpdk-devel-debuginfo-19.11.10-150400.4.7.1
dpdk-examples-19.11.10-150400.4.7.1
dpdk-examples-debuginfo-19.11.10-150400.4.7.1
dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-tools-19.11.10-150400.4.7.1
dpdk-tools-debuginfo-19.11.10-150400.4.7.1
libdpdk-20_0-19.11.10-150400.4.7.1
libdpdk-20_0-debuginfo-19.11.10-150400.4.7.1
- openSUSE Leap 15.4 (aarch64):
dpdk-thunderx-19.11.10-150400.4.7.1
dpdk-thunderx-debuginfo-19.11.10-150400.4.7.1
dpdk-thunderx-debugsource-19.11.10-150400.4.7.1
dpdk-thunderx-devel-19.11.10-150400.4.7.1
dpdk-thunderx-devel-debuginfo-19.11.10-150400.4.7.1
dpdk-thunderx-examples-19.11.10-150400.4.7.1
dpdk-thunderx-examples-debuginfo-19.11.10-150400.4.7.1
dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-thunderx-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-thunderx-tools-19.11.10-150400.4.7.1
dpdk-thunderx-tools-debuginfo-19.11.10-150400.4.7.1
- openSUSE Leap 15.4 (noarch):
dpdk-doc-19.11.10-150400.4.7.1
dpdk-thunderx-doc-19.11.10-150400.4.7.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le x86_64):
dpdk-19.11.10-150400.4.7.1
dpdk-debuginfo-19.11.10-150400.4.7.1
dpdk-debugsource-19.11.10-150400.4.7.1
dpdk-devel-19.11.10-150400.4.7.1
dpdk-devel-debuginfo-19.11.10-150400.4.7.1
dpdk-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-tools-19.11.10-150400.4.7.1
dpdk-tools-debuginfo-19.11.10-150400.4.7.1
libdpdk-20_0-19.11.10-150400.4.7.1
libdpdk-20_0-debuginfo-19.11.10-150400.4.7.1
- SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64):
dpdk-thunderx-19.11.10-150400.4.7.1
dpdk-thunderx-debuginfo-19.11.10-150400.4.7.1
dpdk-thunderx-debugsource-19.11.10-150400.4.7.1
dpdk-thunderx-devel-19.11.10-150400.4.7.1
dpdk-thunderx-devel-debuginfo-19.11.10-150400.4.7.1
dpdk-thunderx-kmp-default-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
dpdk-thunderx-kmp-default-debuginfo-19.11.10_k5.14.21_150400.24.18-150400.4.7.1
References:
https://www.suse.com/security/cve/CVE-2022-2132.html
https://www.suse.com/security/cve/CVE-2022-28199.html
https://bugzilla.suse.com/1202903
https://bugzilla.suse.com/1202956
From sle-security-updates at lists.suse.com Fri Sep 23 13:23:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 15:23:47 +0200 (CEST)
Subject: SUSE-SU-2022:3347-1: moderate: Security update for rubygem-rack
Message-ID: <20220923132347.935A2F7C9@maintenance.suse.de>
SUSE Security Update: Security update for rubygem-rack
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3347-1
Rating: moderate
References: #1172037 #1173351
Cross-References: CVE-2020-8161 CVE-2020-8184
CVSS scores:
CVE-2020-8161 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE-2020-8161 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-8184 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2020-8184 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise High Availability 15
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Availability 15-SP3
SUSE Linux Enterprise High Availability 15-SP4
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 6
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for rubygem-rack fixes the following issues:
- CVE-2020-8184: Fixed vulnerability where percent-encoded cookies can be
used to overwrite existing prefixed cookie names (bsc#1173351).
- CVE-2020-8161: Fixed directory traversal in Rack:Directory (bsc#1172037).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3347=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3347=1
- SUSE Linux Enterprise High Availability 15-SP4:
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-3347=1
- SUSE Linux Enterprise High Availability 15-SP3:
zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-3347=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3347=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3347=1
- SUSE Linux Enterprise High Availability 15:
zypper in -t patch SUSE-SLE-Product-HA-15-2022-3347=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-doc-2.0.8-150000.3.9.1
ruby2.5-rubygem-rack-testsuite-2.0.8-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
- SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64):
ruby2.5-rubygem-rack-2.0.8-150000.3.9.1
References:
https://www.suse.com/security/cve/CVE-2020-8161.html
https://www.suse.com/security/cve/CVE-2020-8184.html
https://bugzilla.suse.com/1172037
https://bugzilla.suse.com/1173351
From sle-security-updates at lists.suse.com Fri Sep 23 13:24:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 15:24:55 +0200 (CEST)
Subject: SUSE-SU-2022:3346-1: important: Security update for the Linux Kernel
(Live Patch 29 for SLE 12 SP4)
Message-ID: <20220923132455.D2E23F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3346-1
Rating: important
References: #1203116
Cross-References: CVE-2022-39188
CVSS scores:
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-95_105 fixes one issue.
The following security issue was fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3345=1 SUSE-SLE-Live-Patching-12-SP4-2022-3346=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_105-default-3-2.2
kgraft-patch-4_12_14-95_99-default-5-2.2
References:
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Fri Sep 23 13:25:57 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 15:25:57 +0200 (CEST)
Subject: SUSE-SU-2022:3342-1: important: Security update for the Linux Kernel
(Live Patch 23 for SLE 12 SP4)
Message-ID: <20220923132557.474DDF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3342-1
Rating: important
References: #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-95_83 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3342=1 SUSE-SLE-Live-Patching-12-SP4-2022-3343=1 SUSE-SLE-Live-Patching-12-SP4-2022-3344=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_83-default-14-2.2
kgraft-patch-4_12_14-95_88-default-10-2.2
kgraft-patch-4_12_14-95_93-default-9-2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Fri Sep 23 16:19:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 18:19:50 +0200 (CEST)
Subject: SUSE-SU-2022:3350-1: important: Security update for the Linux Kernel
(Live Patch 25 for SLE 12 SP5)
Message-ID: <20220923161950.15760FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP5)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3350-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-122_98 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3349=1 SUSE-SLE-Live-Patching-12-SP5-2022-3350=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_91-default-17-2.2
kgraft-patch-4_12_14-122_98-default-15-2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Fri Sep 23 16:20:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 18:20:55 +0200 (CEST)
Subject: SUSE-SU-2022:3352-1: important: Security update for webkit2gtk3
Message-ID: <20220923162055.30DE6FD84@maintenance.suse.de>
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3352-1
Rating: important
References: #1202169 #1202807
Cross-References: CVE-2022-32893
CVSS scores:
CVE-2022-32893 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32893 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- CVE-2022-32893: Fixed processing maliciously crafted web content may
lead to arbitrary code execution (bsc#1202807).
Bugfixes:
- Fixed WebKitGTK not allowing to be used from non-main threads
(bsc#1202169).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3352=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3352=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3352=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3352=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3352=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3352=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3352=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3352=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3352=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3352=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server for SAP 15 (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise Server 15-LTSS (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE Enterprise Storage 6 (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
- SUSE CaaS Platform 4.0 (x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150000.3.112.2
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-2.36.7-150000.3.112.2
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150000.3.112.2
typelib-1_0-JavaScriptCore-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2-4_0-2.36.7-150000.3.112.2
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-2.36.7-150000.3.112.2
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150000.3.112.2
webkit2gtk3-debugsource-2.36.7-150000.3.112.2
webkit2gtk3-devel-2.36.7-150000.3.112.2
- SUSE CaaS Platform 4.0 (noarch):
libwebkit2gtk3-lang-2.36.7-150000.3.112.2
References:
https://www.suse.com/security/cve/CVE-2022-32893.html
https://bugzilla.suse.com/1202169
https://bugzilla.suse.com/1202807
From sle-security-updates at lists.suse.com Fri Sep 23 16:21:58 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 18:21:58 +0200 (CEST)
Subject: SUSE-SU-2022:3351-1: important: Security update for webkit2gtk3
Message-ID: <20220923162158.B1288FD84@maintenance.suse.de>
SUSE Security Update: Security update for webkit2gtk3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3351-1
Rating: important
References: #1202169 #1202807
Cross-References: CVE-2022-32893
CVSS scores:
CVE-2022-32893 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-32893 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available.
Description:
This update for webkit2gtk3 fixes the following issues:
- CVE-2022-32893: Fixed several crashes and rendering issues (bsc#1202807).
- Fixed WebKitGTK not allow to be used from non-main threads (bsc#1202169).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3351=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3351=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3351=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3351=1
Package List:
- openSUSE Leap 15.4 (noarch):
libwebkit2gtk3-lang-2.36.7-150200.44.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150200.44.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150200.44.1
libwebkit2gtk-4_0-37-2.36.7-150200.44.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150200.44.1
typelib-1_0-JavaScriptCore-4_0-2.36.7-150200.44.1
typelib-1_0-WebKit2-4_0-2.36.7-150200.44.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150200.44.1
webkit-jsc-4-2.36.7-150200.44.1
webkit-jsc-4-debuginfo-2.36.7-150200.44.1
webkit2gtk-4_0-injected-bundles-2.36.7-150200.44.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150200.44.1
webkit2gtk3-debugsource-2.36.7-150200.44.1
webkit2gtk3-devel-2.36.7-150200.44.1
webkit2gtk3-minibrowser-2.36.7-150200.44.1
webkit2gtk3-minibrowser-debuginfo-2.36.7-150200.44.1
- openSUSE Leap 15.3 (x86_64):
libjavascriptcoregtk-4_0-18-32bit-2.36.7-150200.44.1
libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.7-150200.44.1
libwebkit2gtk-4_0-37-32bit-2.36.7-150200.44.1
libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.7-150200.44.1
- openSUSE Leap 15.3 (noarch):
libwebkit2gtk3-lang-2.36.7-150200.44.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
typelib-1_0-JavaScriptCore-4_0-2.36.7-150200.44.1
typelib-1_0-WebKit2-4_0-2.36.7-150200.44.1
typelib-1_0-WebKit2WebExtension-4_0-2.36.7-150200.44.1
webkit2gtk3-debugsource-2.36.7-150200.44.1
webkit2gtk3-devel-2.36.7-150200.44.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libjavascriptcoregtk-4_0-18-2.36.7-150200.44.1
libjavascriptcoregtk-4_0-18-debuginfo-2.36.7-150200.44.1
libwebkit2gtk-4_0-37-2.36.7-150200.44.1
libwebkit2gtk-4_0-37-debuginfo-2.36.7-150200.44.1
webkit2gtk-4_0-injected-bundles-2.36.7-150200.44.1
webkit2gtk-4_0-injected-bundles-debuginfo-2.36.7-150200.44.1
webkit2gtk3-debugsource-2.36.7-150200.44.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
libwebkit2gtk3-lang-2.36.7-150200.44.1
References:
https://www.suse.com/security/cve/CVE-2022-32893.html
https://bugzilla.suse.com/1202169
https://bugzilla.suse.com/1202807
From sle-security-updates at lists.suse.com Fri Sep 23 19:19:15 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 21:19:15 +0200 (CEST)
Subject: SUSE-SU-2022:3353-1: moderate: Security update for permissions
Message-ID: <20220923191915.3C49FFD84@maintenance.suse.de>
SUSE Security Update: Security update for permissions
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3353-1
Rating: moderate
References: #1203018
Cross-References: CVE-2022-31252
CVSS scores:
CVE-2022-31252 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3353=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3353=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
permissions-20201225-150400.5.11.1
permissions-debuginfo-20201225-150400.5.11.1
permissions-debugsource-20201225-150400.5.11.1
- openSUSE Leap 15.4 (noarch):
permissions-zypp-plugin-20201225-150400.5.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
permissions-20201225-150400.5.11.1
permissions-debuginfo-20201225-150400.5.11.1
permissions-debugsource-20201225-150400.5.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch):
permissions-zypp-plugin-20201225-150400.5.11.1
References:
https://www.suse.com/security/cve/CVE-2022-31252.html
https://bugzilla.suse.com/1203018
From sle-security-updates at lists.suse.com Fri Sep 23 19:19:52 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 21:19:52 +0200 (CEST)
Subject: SUSE-SU-2022:3355-1: important: Security update for puppet
Message-ID: <20220923191952.C7F78FD84@maintenance.suse.de>
SUSE Security Update: Security update for puppet
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3355-1
Rating: important
References: #1192797
Cross-References: CVE-2021-27023
CVSS scores:
CVE-2021-27023 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-27023 (SUSE): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Advanced Systems Management 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for puppet fixes the following issues:
- CVE-2021-27023: Fixed unsafe HTTP redirect (bsc#1192797).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Advanced Systems Management 12:
zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-3355=1
Package List:
- SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64):
puppet-3.8.5-15.18.1
puppet-server-3.8.5-15.18.1
References:
https://www.suse.com/security/cve/CVE-2021-27023.html
https://bugzilla.suse.com/1192797
From sle-security-updates at lists.suse.com Fri Sep 23 19:20:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 23 Sep 2022 21:20:31 +0200 (CEST)
Subject: SUSE-SU-2022:3356-1: important: Security update for dpdk
Message-ID: <20220923192031.DB262FD84@maintenance.suse.de>
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3356-1
Rating: important
References: #1202903
Cross-References: CVE-2022-2132
CVSS scores:
CVE-2022-2132 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-2132 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two
descriptors and exhausts all mbufs (bsc#1202903).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3356=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3356=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3356=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3356=1
Package List:
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
dpdk-18.11.9-150000.3.32.2
dpdk-debuginfo-18.11.9-150000.3.32.2
dpdk-debugsource-18.11.9-150000.3.32.2
dpdk-devel-18.11.9-150000.3.32.2
dpdk-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-tools-18.11.9-150000.3.32.2
dpdk-tools-debuginfo-18.11.9-150000.3.32.2
libdpdk-18_11-18.11.9-150000.3.32.2
libdpdk-18_11-debuginfo-18.11.9-150000.3.32.2
- SUSE Linux Enterprise Server 15-LTSS (aarch64):
dpdk-18.11.9-150000.3.32.2
dpdk-debuginfo-18.11.9-150000.3.32.2
dpdk-debugsource-18.11.9-150000.3.32.2
dpdk-devel-18.11.9-150000.3.32.2
dpdk-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-thunderx-18.11.9-150000.3.32.2
dpdk-thunderx-debuginfo-18.11.9-150000.3.32.2
dpdk-thunderx-debugsource-18.11.9-150000.3.32.2
dpdk-thunderx-devel-18.11.9-150000.3.32.2
dpdk-thunderx-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-tools-18.11.9-150000.3.32.2
dpdk-tools-debuginfo-18.11.9-150000.3.32.2
libdpdk-18_11-18.11.9-150000.3.32.2
libdpdk-18_11-debuginfo-18.11.9-150000.3.32.2
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
dpdk-18.11.9-150000.3.32.2
dpdk-debuginfo-18.11.9-150000.3.32.2
dpdk-debugsource-18.11.9-150000.3.32.2
dpdk-devel-18.11.9-150000.3.32.2
dpdk-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-tools-18.11.9-150000.3.32.2
dpdk-tools-debuginfo-18.11.9-150000.3.32.2
libdpdk-18_11-18.11.9-150000.3.32.2
libdpdk-18_11-debuginfo-18.11.9-150000.3.32.2
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64):
dpdk-thunderx-18.11.9-150000.3.32.2
dpdk-thunderx-debuginfo-18.11.9-150000.3.32.2
dpdk-thunderx-debugsource-18.11.9-150000.3.32.2
dpdk-thunderx-devel-18.11.9-150000.3.32.2
dpdk-thunderx-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
dpdk-18.11.9-150000.3.32.2
dpdk-debuginfo-18.11.9-150000.3.32.2
dpdk-debugsource-18.11.9-150000.3.32.2
dpdk-devel-18.11.9-150000.3.32.2
dpdk-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-tools-18.11.9-150000.3.32.2
dpdk-tools-debuginfo-18.11.9-150000.3.32.2
libdpdk-18_11-18.11.9-150000.3.32.2
libdpdk-18_11-debuginfo-18.11.9-150000.3.32.2
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64):
dpdk-thunderx-18.11.9-150000.3.32.2
dpdk-thunderx-debuginfo-18.11.9-150000.3.32.2
dpdk-thunderx-debugsource-18.11.9-150000.3.32.2
dpdk-thunderx-devel-18.11.9-150000.3.32.2
dpdk-thunderx-devel-debuginfo-18.11.9-150000.3.32.2
dpdk-thunderx-kmp-default-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_150000.150.98-150000.3.32.2
References:
https://www.suse.com/security/cve/CVE-2022-2132.html
https://bugzilla.suse.com/1202903
From sle-security-updates at lists.suse.com Sat Sep 24 01:19:49 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 24 Sep 2022 03:19:49 +0200 (CEST)
Subject: SUSE-SU-2022:3360-1: important: Security update for the Linux Kernel
(Live Patch 28 for SLE 15)
Message-ID: <20220924011949.99A8AF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3360-1
Rating: important
References: #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150_86 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3360=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150_86-default-9-150000.2.2
kernel-livepatch-4_12_14-150_86-default-debuginfo-9-150000.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sat Sep 24 04:19:16 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 24 Sep 2022 06:19:16 +0200 (CEST)
Subject: SUSE-SU-2022:3362-1: important: Security update for the Linux Kernel
(Live Patch 32 for SLE 15)
Message-ID: <20220924041916.0F90EF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3362-1
Rating: important
References: #1203116
Cross-References: CVE-2022-39188
CVSS scores:
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Live Patching 12-SP4
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-150000_150_98 fixes one issue.
The following security issue was fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3361=1 SUSE-SLE-Module-Live-Patching-15-2022-3362=1
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3357=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150000_150_92-default-5-150000.2.2
kernel-livepatch-4_12_14-150000_150_92-default-debuginfo-5-150000.2.2
kernel-livepatch-4_12_14-150000_150_98-default-3-150000.2.2
kernel-livepatch-4_12_14-150000_150_98-default-debuginfo-3-150000.2.2
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_108-default-2-2.2
References:
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sat Sep 24 07:19:18 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 24 Sep 2022 09:19:18 +0200 (CEST)
Subject: SUSE-SU-2022:3359-1: important: Security update for the Linux Kernel
(Live Patch 30 for SLE 15 SP1)
Message-ID: <20220924071918.3D826F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3359-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150100_197_111 fixes several
issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3363=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3364=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3358=1 SUSE-SLE-Live-Patching-12-SP5-2022-3359=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-150100_197_111-default-8-150100.2.2
kernel-livepatch-4_12_14-197_105-default-10-150100.2.2
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_113-default-10-2.2
kgraft-patch-4_12_14-122_121-default-6-2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sat Sep 24 10:18:56 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 24 Sep 2022 12:18:56 +0200 (CEST)
Subject: SUSE-SU-2022:3366-1: important: Security update for the Linux Kernel
(Live Patch 32 for SLE 15 SP1)
Message-ID: <20220924101856.46858FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP1)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3366-1
Rating: important
References: #1199695 #1203116
Cross-References: CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150100_197_117 fixes several
issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3365=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3366=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3367=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-150100_197_114-default-5-150100.2.2
kernel-livepatch-4_12_14-150100_197_117-default-3-150100.2.2
kernel-livepatch-4_12_14-150100_197_120-default-3-150100.2.2
References:
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sat Sep 24 19:18:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sat, 24 Sep 2022 21:18:50 +0200 (CEST)
Subject: SUSE-SU-2022:3368-1: important: Security update for the Linux Kernel
(Live Patch 14 for SLE 15 SP3)
Message-ID: <20220924191850.7757BFD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3368-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_49 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3368=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_49-default-13-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sun Sep 25 01:19:07 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sun, 25 Sep 2022 03:19:07 +0200 (CEST)
Subject: SUSE-SU-2022:3369-1: important: Security update for the Linux Kernel
(Live Patch 20 for SLE 15 SP3)
Message-ID: <20220925011907.7E90EF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3369-1
Rating: important
References: #1199695 #1203116
Cross-References: CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_76 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3369=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_76-default-5-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sun Sep 25 07:19:24 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sun, 25 Sep 2022 09:19:24 +0200 (CEST)
Subject: SUSE-SU-2022:3373-1: important: Security update for the Linux Kernel
(Live Patch 26 for SLE 12 SP4)
Message-ID: <20220925071924.88C3DF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3373-1
Rating: important
References: #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-95_96 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3373=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_96-default-8-2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sun Sep 25 07:20:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sun, 25 Sep 2022 09:20:06 +0200 (CEST)
Subject: SUSE-SU-2022:3372-1: important: Security update for the Linux Kernel
(Live Patch 28 for SLE 12 SP4)
Message-ID: <20220925072006.550C8F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3372-1
Rating: important
References: #1203116
Cross-References: CVE-2022-39188
CVSS scores:
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-95_102 fixes one issue.
The following security issue was fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP4:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-3372=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-95_102-default-3-2.2
References:
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sun Sep 25 10:19:04 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sun, 25 Sep 2022 12:19:04 +0200 (CEST)
Subject: SUSE-SU-2022:3370-1: important: Security update for the Linux Kernel
(Live Patch 0 for SLE 15 SP4)
Message-ID: <20220925101904.97CF5FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3370-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.14.21-150400_22 fixes several issues.
The following security issues were fixed:
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3370=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3371=1 SUSE-SLE-Live-Patching-12-SP5-2022-3374=1 SUSE-SLE-Live-Patching-12-SP5-2022-3375=1 SUSE-SLE-Live-Patching-12-SP5-2022-3378=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_22-default-6-150400.4.15.3
kernel-livepatch-5_14_21-150400_22-default-debuginfo-6-150400.4.15.3
kernel-livepatch-SLE15-SP4_Update_0-debugsource-6-150400.4.15.3
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_103-default-15-2.2
kgraft-patch-4_12_14-122_106-default-13-2.2
kgraft-patch-4_12_14-122_116-default-8-2.2
kgraft-patch-4_12_14-122_88-default-17-2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sun Sep 25 10:20:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sun, 25 Sep 2022 12:20:03 +0200 (CEST)
Subject: SUSE-SU-2022:3377-1: important: Security update for the Linux Kernel
(Live Patch 22 for SLE 15 SP3)
Message-ID: <20220925102003.9190AFD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3377-1
Rating: important
References: #1199695 #1203116
Cross-References: CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_87 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3377=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3376=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_87-default-4-150300.2.2
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_130-default-3-2.2
References:
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Sun Sep 25 13:19:01 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Sun, 25 Sep 2022 15:19:01 +0200 (CEST)
Subject: SUSE-SU-2022:3379-1: important: Security update for the Linux Kernel
(Live Patch 35 for SLE 12 SP5)
Message-ID: <20220925131901.47D0DFD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP5)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3379-1
Rating: important
References: #1203116
Cross-References: CVE-2022-39188
CVSS scores:
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Live Patching 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-122_133 fixes one issue.
The following security issue was fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3379=1
Package List:
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_133-default-2-2.2
References:
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Mon Sep 26 07:02:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 09:02:05 +0200 (CEST)
Subject: SUSE-IU-2022:1093-1: Security update of
suse-sles-15-sp4-chost-byos-v20220923-x86_64-gen2
Message-ID: <20220926070205.37162F78E@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220923-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1093-1
Image Tags : suse-sles-15-sp4-chost-byos-v20220923-x86_64-gen2:20220923
Image Release :
Severity : important
Type : security
References : 1142847 1150130 1157805 1164550 1164569 1177179 1189802 1190698
1191021 1195773 1201680 1201783 1202146 1202870 1203018 CVE-2019-13224
CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159
CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20220923-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3316-1
Released: Tue Sep 20 11:12:14 2022
Summary: Recommended update for gnutls
Type: recommended
Severity: moderate
References: 1190698,1191021,1202146
This update for gnutls fixes the following issues:
- FIPS: Zeroize the calculated hmac and new_hmac in the
check_binary_integrity() function. [bsc#1191021]
- FIPS: Additional modifications to the SLI. [bsc#1190698]
* Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
* Mark HMAC keylength less than 112 bits as non-approved in
gnutls_pbkfd2().
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
* Add new dependency on jitterentropy
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3327-1
Released: Wed Sep 21 12:47:17 2022
Summary: Security update for oniguruma
Type: security
Severity: important
References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libgnutls30-3.7.3-150400.4.13.1 updated
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libonig4-6.7.0-150000.3.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
From sle-security-updates at lists.suse.com Mon Sep 26 07:02:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 09:02:45 +0200 (CEST)
Subject: SUSE-IU-2022:1094-1: Security update of
suse-sles-15-sp4-chost-byos-v20220923-hvm-ssd-x86_64
Message-ID: <20220926070245.AF4EBF78E@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20220923-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2022:1094-1
Image Tags : suse-sles-15-sp4-chost-byos-v20220923-hvm-ssd-x86_64:20220923
Image Release :
Severity : important
Type : security
References : 1142847 1150130 1157805 1164550 1164569 1177179 1189802 1190698
1191021 1195773 1201680 1201783 1202146 1202870 1203018 CVE-2019-13224
CVE-2019-16163 CVE-2019-19203 CVE-2019-19204 CVE-2019-19246 CVE-2020-26159
CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container suse-sles-15-sp4-chost-byos-v20220923-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:2796-1
Released: Fri Aug 12 14:34:31 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References:
This update for jitterentropy fixes the following issues:
jitterentropy is included in version 3.4.0 (jsc#SLE-24941):
This is a FIPS 140-3 / NIST 800-90b compliant userspace jitter entropy generator library,
used by other FIPS libraries.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3316-1
Released: Tue Sep 20 11:12:14 2022
Summary: Recommended update for gnutls
Type: recommended
Severity: moderate
References: 1190698,1191021,1202146
This update for gnutls fixes the following issues:
- FIPS: Zeroize the calculated hmac and new_hmac in the
check_binary_integrity() function. [bsc#1191021]
- FIPS: Additional modifications to the SLI. [bsc#1190698]
* Mark CMAC and GMAC and non-approved in gnutls_pbkfd2().
* Mark HMAC keylength less than 112 bits as non-approved in
gnutls_pbkfd2().
- FIPS: Port GnuTLS to use jitterentropy [bsc#1202146, jsc#SLE-24941]
* Add new dependency on jitterentropy
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3327-1
Released: Wed Sep 21 12:47:17 2022
Summary: Security update for oniguruma
Type: security
Severity: important
References: 1142847,1150130,1157805,1164550,1164569,1177179,CVE-2019-13224,CVE-2019-16163,CVE-2019-19203,CVE-2019-19204,CVE-2019-19246,CVE-2020-26159
This update for oniguruma fixes the following issues:
- CVE-2019-19246: Fixed an out of bounds access during regular
expression matching (bsc#1157805).
- CVE-2019-19204: Fixed an out of bounds access when compiling a
crafted regular expression (bsc#1164569).
- CVE-2019-19203: Fixed an out of bounds access when performing a
string search (bsc#1164550).
- CVE-2019-16163: Fixed an uncontrolled recursion issue when compiling
a crafted regular expression, which could lead to denial of service (bsc#1150130).
- CVE-2020-26159: Fixed an off-by-one buffer overflow (bsc#1177179).
- CVE-2019-13224: Fixed a potential use-after-free when handling
multiple different encodings (bsc#1142847).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3328-1
Released: Wed Sep 21 12:48:56 2022
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1202870
This update for jitterentropy fixes the following issues:
- Hide the non-GNUC constructs that are library internal from the
exported header, to make it usable in builds with strict C99
compliance. (bsc#1202870)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libgnutls30-3.7.3-150400.4.13.1 updated
- libjitterentropy3-3.4.0-150000.1.6.1 added
- libonig4-6.7.0-150000.3.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
From sle-security-updates at lists.suse.com Mon Sep 26 13:20:11 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 15:20:11 +0200 (CEST)
Subject: SUSE-SU-2022:2989-2: important: Security update for postgresql14
Message-ID: <20220926132011.5E721F7C9@maintenance.suse.de>
SUSE Security Update: Security update for postgresql14
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2989-2
Rating: important
References: #1198166 #1200437 #1202368
Cross-References: CVE-2022-2625
CVSS scores:
CVE-2022-2625 (NVD) : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVE-2022-2625 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for postgresql14 fixes the following issues:
- Upgrade to version 14.5:
- CVE-2022-2625: Fixed an issue where extension scripts would replace
objects not belonging to that extension (bsc#1202368).
- Upgrade to version 14.4 (bsc#1200437)
- Release notes: https://www.postgresql.org/docs/release/14.4/
- Release announcement: https://www.postgresql.org/about/news/p-2470/
- Prevent possible corruption of indexes created or rebuilt with the
CONCURRENTLY option (bsc#1200437)
- Pin to llvm13 until the next patchlevel update (bsc#1198166)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-2989=1
Package List:
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64):
postgresql14-llvmjit-14.5-150200.5.17.1
postgresql14-llvmjit-debuginfo-14.5-150200.5.17.1
postgresql14-test-14.5-150200.5.17.1
References:
https://www.suse.com/security/cve/CVE-2022-2625.html
https://bugzilla.suse.com/1198166
https://bugzilla.suse.com/1200437
https://bugzilla.suse.com/1202368
From sle-security-updates at lists.suse.com Mon Sep 26 16:21:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:21:43 +0200 (CEST)
Subject: SUSE-SU-2022:3390-1: important: Security update for dpdk
Message-ID: <20220926162143.C883DF78E@maintenance.suse.de>
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3390-1
Rating: important
References: #1202903 #1202956
Cross-References: CVE-2022-2132 CVE-2022-28199
CVSS scores:
CVE-2022-2132 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-2132 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-28199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28199 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two
descriptors and exhausts all mbufs (bsc#1202903).
- CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3390=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3390=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
dpdk-19.11.4-150300.16.1
dpdk-debuginfo-19.11.4-150300.16.1
dpdk-debugsource-19.11.4-150300.16.1
dpdk-devel-19.11.4-150300.16.1
dpdk-devel-debuginfo-19.11.4-150300.16.1
dpdk-examples-19.11.4-150300.16.1
dpdk-examples-debuginfo-19.11.4-150300.16.1
dpdk-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-tools-19.11.4-150300.16.1
dpdk-tools-debuginfo-19.11.4-150300.16.1
libdpdk-20_0-19.11.4-150300.16.1
libdpdk-20_0-debuginfo-19.11.4-150300.16.1
- openSUSE Leap 15.3 (aarch64 x86_64):
dpdk-kmp-preempt-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-kmp-preempt-debuginfo-19.11.4_k5.3.18_150300.59.93-150300.16.1
- openSUSE Leap 15.3 (aarch64):
dpdk-thunderx-19.11.4-150300.16.1
dpdk-thunderx-debuginfo-19.11.4-150300.16.1
dpdk-thunderx-debugsource-19.11.4-150300.16.1
dpdk-thunderx-devel-19.11.4-150300.16.1
dpdk-thunderx-devel-debuginfo-19.11.4-150300.16.1
dpdk-thunderx-examples-19.11.4-150300.16.1
dpdk-thunderx-examples-debuginfo-19.11.4-150300.16.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-kmp-preempt-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-kmp-preempt-debuginfo-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-tools-19.11.4-150300.16.1
dpdk-thunderx-tools-debuginfo-19.11.4-150300.16.1
- openSUSE Leap 15.3 (noarch):
dpdk-doc-19.11.4-150300.16.1
dpdk-thunderx-doc-19.11.4-150300.16.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le x86_64):
dpdk-19.11.4-150300.16.1
dpdk-debuginfo-19.11.4-150300.16.1
dpdk-debugsource-19.11.4-150300.16.1
dpdk-devel-19.11.4-150300.16.1
dpdk-devel-debuginfo-19.11.4-150300.16.1
dpdk-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-tools-19.11.4-150300.16.1
dpdk-tools-debuginfo-19.11.4-150300.16.1
libdpdk-20_0-19.11.4-150300.16.1
libdpdk-20_0-debuginfo-19.11.4-150300.16.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64):
dpdk-thunderx-19.11.4-150300.16.1
dpdk-thunderx-debuginfo-19.11.4-150300.16.1
dpdk-thunderx-debugsource-19.11.4-150300.16.1
dpdk-thunderx-devel-19.11.4-150300.16.1
dpdk-thunderx-devel-debuginfo-19.11.4-150300.16.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150300.59.93-150300.16.1
dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150300.59.93-150300.16.1
References:
https://www.suse.com/security/cve/CVE-2022-2132.html
https://www.suse.com/security/cve/CVE-2022-28199.html
https://bugzilla.suse.com/1202903
https://bugzilla.suse.com/1202956
From sle-security-updates at lists.suse.com Mon Sep 26 16:22:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:22:23 +0200 (CEST)
Subject: SUSE-SU-2022:3383-1: important: Security update for vsftpd
Message-ID: <20220926162223.609C0F78E@maintenance.suse.de>
SUSE Security Update: Security update for vsftpd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3383-1
Rating: important
References: #1021387 #1052900 #1187678 #1187686 #786024
PM-3322
Cross-References: CVE-2021-3618
CVSS scores:
CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that solves one vulnerability, contains one
feature and has four fixes is now available.
Description:
This update for vsftpd fixes the following issues:
- CVE-2021-3618: Enforced security checks against ALPACA attack (PM-3322,
bsc#1187686, bsc#1187678).
Bugfixes:
- Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900).
- Allowed wait4() to be called so that the broker can wait for its child
processes (bsc#1021387).
- Allowed sendto() syscall when /dev/log support is enabled (bsc#786024).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3383=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-47.7.1
vsftpd-debuginfo-3.0.5-47.7.1
vsftpd-debugsource-3.0.5-47.7.1
References:
https://www.suse.com/security/cve/CVE-2021-3618.html
https://bugzilla.suse.com/1021387
https://bugzilla.suse.com/1052900
https://bugzilla.suse.com/1187678
https://bugzilla.suse.com/1187686
https://bugzilla.suse.com/786024
From sle-security-updates at lists.suse.com Mon Sep 26 16:23:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:23:19 +0200 (CEST)
Subject: SUSE-SU-2022:3382-1: moderate: Security update for permissions
Message-ID: <20220926162319.E430AF78E@maintenance.suse.de>
SUSE Security Update: Security update for permissions
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3382-1
Rating: moderate
References: #1050467 #1191194 #1203018
Cross-References: CVE-2022-31252
CVSS scores:
CVE-2022-31252 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that solves one vulnerability and has two fixes
is now available.
Description:
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
- Add capability for prometheus-blackbox_exporter (bsc#1191194).
- Make btmp root:utmp (bsc#1050467).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3382=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
permissions-20170707-6.10.1
permissions-debuginfo-20170707-6.10.1
permissions-debugsource-20170707-6.10.1
References:
https://www.suse.com/security/cve/CVE-2022-31252.html
https://bugzilla.suse.com/1050467
https://bugzilla.suse.com/1191194
https://bugzilla.suse.com/1203018
From sle-security-updates at lists.suse.com Mon Sep 26 16:24:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:24:23 +0200 (CEST)
Subject: SUSE-SU-2022:3391-1: important: Security update for mariadb
Message-ID: <20220926162423.6BC1AF78E@maintenance.suse.de>
SUSE Security Update: Security update for mariadb
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3391-1
Rating: important
References: #1200105 #1201161 #1201162 #1201163 #1201164
#1201165 #1201166 #1201167 #1201168 #1201169
#1201170 #1202863
Cross-References: CVE-2022-32081 CVE-2022-32082 CVE-2022-32083
CVE-2022-32084 CVE-2022-32085 CVE-2022-32086
CVE-2022-32087 CVE-2022-32088 CVE-2022-32089
CVE-2022-32091 CVE-2022-38791
CVSS scores:
CVE-2022-32081 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32081 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32082 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32082 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32083 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32083 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32084 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32084 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32085 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32085 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32086 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32086 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32087 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32087 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32088 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32088 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32089 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32089 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32091 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-32091 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38791 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38791 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves 11 vulnerabilities and has one errata
is now available.
Description:
This update for mariadb fixes the following issues:
Update to 10.5.17:
- CVE-2022-32082: Fixed assertion failure at table->get_ref_count() == 0
in dict0dict.cc (bsc#1201162).
- CVE-2022-32089: Fixed segmentation fault via the component
st_select_lex_unit::exclude_level (bsc#1201169).
- CVE-2022-32081: Fixed use-after-poison in prepare_inplace_add_virtual at
/storage/innobase/handler/handler0alter.cc (bsc#1201161).
- CVE-2022-32091: Fixed use-after-poison in __interceptor_memset at
/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc
(bsc#1201170).
- CVE-2022-32084: Fixed segmentation fault via the component sub_select
(bsc#1201164).
- CVE-2022-38791: Fixed deadlock in compress_write in
extra/mariabackup/ds_compress.cc (bsc#1202863).
- CVE-2022-32088: Fixed segmentation fault via the component
Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort
(bsc#1201168).
- CVE-2022-32087: Fixed segmentation fault via the component
Item_args::walk_args (bsc#1201167).
- CVE-2022-32086: Fixed segmentation fault via the component
Item_field::fix_outer_field (bsc#1201166).
- CVE-2022-32085: Fixed segmentation fault via the component
Item_func_in::cleanup/Item::cleanup_processor (bsc#1201165).
- CVE-2022-32083: Fixed segmentation fault via the component
Item_subselect::init_expr_cache_tracker (bsc#1201163).
Bugfixes:
- Fixed mysql-systemd-helper being unaware of custom group (bsc#1200105).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3391=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3391=1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-3391=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.5.17-150300.3.21.1
libmariadbd19-10.5.17-150300.3.21.1
libmariadbd19-debuginfo-10.5.17-150300.3.21.1
mariadb-10.5.17-150300.3.21.1
mariadb-bench-10.5.17-150300.3.21.1
mariadb-bench-debuginfo-10.5.17-150300.3.21.1
mariadb-client-10.5.17-150300.3.21.1
mariadb-client-debuginfo-10.5.17-150300.3.21.1
mariadb-debuginfo-10.5.17-150300.3.21.1
mariadb-debugsource-10.5.17-150300.3.21.1
mariadb-rpm-macros-10.5.17-150300.3.21.1
mariadb-test-10.5.17-150300.3.21.1
mariadb-test-debuginfo-10.5.17-150300.3.21.1
mariadb-tools-10.5.17-150300.3.21.1
mariadb-tools-debuginfo-10.5.17-150300.3.21.1
- openSUSE Leap 15.3 (noarch):
mariadb-errormessages-10.5.17-150300.3.21.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libmariadbd-devel-10.5.17-150300.3.21.1
libmariadbd19-10.5.17-150300.3.21.1
libmariadbd19-debuginfo-10.5.17-150300.3.21.1
mariadb-10.5.17-150300.3.21.1
mariadb-client-10.5.17-150300.3.21.1
mariadb-client-debuginfo-10.5.17-150300.3.21.1
mariadb-debuginfo-10.5.17-150300.3.21.1
mariadb-debugsource-10.5.17-150300.3.21.1
mariadb-tools-10.5.17-150300.3.21.1
mariadb-tools-debuginfo-10.5.17-150300.3.21.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch):
mariadb-errormessages-10.5.17-150300.3.21.1
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64):
mariadb-galera-10.5.17-150300.3.21.1
References:
https://www.suse.com/security/cve/CVE-2022-32081.html
https://www.suse.com/security/cve/CVE-2022-32082.html
https://www.suse.com/security/cve/CVE-2022-32083.html
https://www.suse.com/security/cve/CVE-2022-32084.html
https://www.suse.com/security/cve/CVE-2022-32085.html
https://www.suse.com/security/cve/CVE-2022-32086.html
https://www.suse.com/security/cve/CVE-2022-32087.html
https://www.suse.com/security/cve/CVE-2022-32088.html
https://www.suse.com/security/cve/CVE-2022-32089.html
https://www.suse.com/security/cve/CVE-2022-32091.html
https://www.suse.com/security/cve/CVE-2022-38791.html
https://bugzilla.suse.com/1200105
https://bugzilla.suse.com/1201161
https://bugzilla.suse.com/1201162
https://bugzilla.suse.com/1201163
https://bugzilla.suse.com/1201164
https://bugzilla.suse.com/1201165
https://bugzilla.suse.com/1201166
https://bugzilla.suse.com/1201167
https://bugzilla.suse.com/1201168
https://bugzilla.suse.com/1201169
https://bugzilla.suse.com/1201170
https://bugzilla.suse.com/1202863
From sle-security-updates at lists.suse.com Mon Sep 26 16:26:02 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:26:02 +0200 (CEST)
Subject: SUSE-SU-2022:3381-1: important: Security update for dpdk
Message-ID: <20220926162602.E5A1CF78E@maintenance.suse.de>
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3381-1
Rating: important
References: #1202903
Cross-References: CVE-2022-2132
CVSS scores:
CVE-2022-2132 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-2132 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two
descriptors and exhausts all mbufs (bsc#1202903).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3381=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3381=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le x86_64):
dpdk-debuginfo-18.11.9-3.24.1
dpdk-debugsource-18.11.9-3.24.1
dpdk-devel-18.11.9-3.24.1
dpdk-devel-debuginfo-18.11.9-3.24.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64):
dpdk-thunderx-debuginfo-18.11.9-3.24.1
dpdk-thunderx-debugsource-18.11.9-3.24.1
dpdk-thunderx-devel-18.11.9-3.24.1
dpdk-thunderx-devel-debuginfo-18.11.9-3.24.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le x86_64):
dpdk-18.11.9-3.24.1
dpdk-debuginfo-18.11.9-3.24.1
dpdk-debugsource-18.11.9-3.24.1
dpdk-tools-18.11.9-3.24.1
dpdk-tools-debuginfo-18.11.9-3.24.1
libdpdk-18_11-18.11.9-3.24.1
libdpdk-18_11-debuginfo-18.11.9-3.24.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64):
dpdk-thunderx-18.11.9-3.24.1
dpdk-thunderx-debuginfo-18.11.9-3.24.1
dpdk-thunderx-debugsource-18.11.9-3.24.1
dpdk-thunderx-kmp-default-18.11.9_k4.12.14_122.130-3.24.1
dpdk-thunderx-kmp-default-debuginfo-18.11.9_k4.12.14_122.130-3.24.1
- SUSE Linux Enterprise Server 12-SP5 (x86_64):
dpdk-kmp-default-18.11.9_k4.12.14_122.130-3.24.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_122.130-3.24.1
References:
https://www.suse.com/security/cve/CVE-2022-2132.html
https://bugzilla.suse.com/1202903
From sle-security-updates at lists.suse.com Mon Sep 26 16:26:44 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:26:44 +0200 (CEST)
Subject: SUSE-SU-2022:3384-1: important: Security update for openvswitch
Message-ID: <20220926162644.DE3B1F78E@maintenance.suse.de>
SUSE Security Update: Security update for openvswitch
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3384-1
Rating: important
References: #1181742
Cross-References: CVE-2020-35498
CVSS scores:
CVE-2020-35498 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-35498 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for openvswitch fixes the following issues:
- CVE-2020-35498: Fixed packet parsing vulnerability (bsc#1181742).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3384=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libopenvswitch-2_11-0-2.11.5-3.9.1
libopenvswitch-2_11-0-debuginfo-2.11.5-3.9.1
openvswitch-2.11.5-3.9.1
openvswitch-debuginfo-2.11.5-3.9.1
openvswitch-debugsource-2.11.5-3.9.1
References:
https://www.suse.com/security/cve/CVE-2020-35498.html
https://bugzilla.suse.com/1181742
From sle-security-updates at lists.suse.com Mon Sep 26 16:28:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:28:46 +0200 (CEST)
Subject: SUSE-SU-2022:3386-1: moderate: Security update for unzip
Message-ID: <20220926162846.8FA72F78E@maintenance.suse.de>
SUSE Security Update: Security update for unzip
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3386-1
Rating: moderate
References: #1196177 #1196180
Cross-References: CVE-2022-0529 CVE-2022-0530
CVSS scores:
CVE-2022-0529 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0529 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0530 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0530 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for unzip fixes the following issues:
- CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to
a local string (bsc#1196177).
- CVE-2022-0529: Fixed heap out-of-bound writes and reads during
conversion of wide string to local string (bsc#1196180).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3386=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
unzip-6.00-33.16.1
unzip-debuginfo-6.00-33.16.1
unzip-debugsource-6.00-33.16.1
References:
https://www.suse.com/security/cve/CVE-2022-0529.html
https://www.suse.com/security/cve/CVE-2022-0530.html
https://bugzilla.suse.com/1196177
https://bugzilla.suse.com/1196180
From sle-security-updates at lists.suse.com Mon Sep 26 16:29:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 18:29:28 +0200 (CEST)
Subject: SUSE-SU-2022:3385-1: moderate: Security update for podofo
Message-ID: <20220926162928.BD178F78E@maintenance.suse.de>
SUSE Security Update: Security update for podofo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3385-1
Rating: moderate
References: #1099719
Cross-References: CVE-2018-12983
CVSS scores:
CVE-2018-12983 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2018-12983 (SUSE): 6.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 12-SP5
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE Linux Enterprise Workstation Extension 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for podofo fixes the following issues:
- CVE-2018-12983: Fixed a stack overrun (bsc#1099719).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Workstation Extension 12-SP5:
zypper in -t patch SUSE-SLE-WE-12-SP5-2022-3385=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3385=1
Package List:
- SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64):
libpodofo0_9_2-0.9.2-3.15.1
libpodofo0_9_2-debuginfo-0.9.2-3.15.1
podofo-debuginfo-0.9.2-3.15.1
podofo-debugsource-0.9.2-3.15.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libpodofo-devel-0.9.2-3.15.1
podofo-debuginfo-0.9.2-3.15.1
podofo-debugsource-0.9.2-3.15.1
References:
https://www.suse.com/security/cve/CVE-2018-12983.html
https://bugzilla.suse.com/1099719
From sle-security-updates at lists.suse.com Mon Sep 26 19:25:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:25:14 +0200 (CEST)
Subject: SUSE-SU-2022:3401-1: moderate: Security update for sqlite3
Message-ID: <20220926192514.3BC33FD84@maintenance.suse.de>
SUSE Security Update: Security update for sqlite3
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3401-1
Rating: moderate
References: #1189802 #1195773 #1201783
Cross-References: CVE-2021-36690 CVE-2022-35737
CVSS scores:
CVE-2021-36690 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36690 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-35737 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-35737 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves two vulnerabilities and has one
errata is now available.
Description:
This update for sqlite3 fixes the following issues:
Security issues fixed:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are
used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a
column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of
SQLite (bsc#1195773).
sqlite3 was update to 3.39.3:
* Use a statement journal on DML statement affecting two or more database
rows if the statement makes use of a SQL functions that might abort.
* Use a mutex to protect the PRAGMA temp_store_directory and PRAGMA
data_store_directory statements, even though they are decremented and
documented as not being threadsafe.
Update to 3.39.2:
* Fix a performance regression in the query planner associated with
rearranging the order of FROM clause terms in the presences of a LEFT
JOIN.
* Apply fixes for CVE-2022-35737, Chromium bugs 1343348 and 1345947, forum
post 3607259d3c, and other minor problems discovered by internal
testing. [boo#1201783]
Update to 3.39.1:
* Fix an incorrect result from a query that uses a view that contains a
compound SELECT in which only one arm contains a RIGHT JOIN and where
the view is not the first FROM clause term
of the query that contains the view
* Fix a long-standing problem with ALTER TABLE RENAME that can
only arise if the sqlite3_limit(SQLITE_LIMIT_SQL_LENGTH) is set to a
very small value.
* Fix a long-standing problem in FTS3 that can only arise when compiled
with the SQLITE_ENABLE_FTS3_PARENTHESIS compile-time
option.
* Fix the initial-prefix optimization for the REGEXP extension so that it
works correctly even if the prefix contains characters that require a
3-byte UTF8 encoding.
* Enhance the sqlite_stmt virtual table so that it buffers all of its
output.
Update to 3.39.0:
* Add (long overdue) support for RIGHT and FULL OUTER JOIN
* Add new binary comparison operators IS NOT DISTINCT FROM and IS DISTINCT
FROM that are equivalent to IS and IS NOT, respective, for compatibility
with PostgreSQL and SQL standards
* Add a new return code (value "3") from the sqlite3_vtab_distinct()
interface that indicates a query that has both DISTINCT and ORDER BY
clauses
* Added the sqlite3_db_name() interface
* The unix os interface resolves all symbolic links in database filenames
to create a canonical name for the database before the file is opened
* Defer materializing views until the materialization is actually needed,
thus avoiding unnecessary work if the materialization turns out to never
be used
* The HAVING clause of a SELECT statement is now allowed on any aggregate
query, even queries that do not have a GROUP BY clause
* Many microoptimizations collectively reduce CPU cycles by about 2.3%.
Update to 3.38.5:
* Fix a blunder in the CLI of the 3.38.4 release
Update to 3.38.4:
* fix a byte-code problem in the Bloom filter pull-down
optimization added by release 3.38.0 in which an error in the byte code
causes the byte code engine to enter an infinite loop when the
pull-down optimization encounters a NULL key
Update to 3.38.3:
* Fix a case of the query planner be overly aggressive with
optimizing automatic-index and Bloom-filter construction, using
inappropriate ON clause terms to restrict the size of the
automatic-index or Bloom filter, and resulting in missing rows in the
output.
* Other minor patches. See the timeline for details.
Update to 3.38.2:
* Fix a problem with the Bloom filter optimization that might cause an
incorrect answer when doing a LEFT JOIN with a WHERE clause constraint
that says that one of the columns on the right table of the LEFT JOIN is
NULL.
* Other minor patches.
- Package the Tcl bindings here again so that we only ship one copy
of SQLite (bsc#1195773).
Update to 3.38.1:
* Fix problems with the new Bloom filter optimization that might cause
some obscure queries to get an incorrect answer.
* Fix the localtime modifier of the date and time functions so that it
preserves fractional seconds.
* Fix the sqlite_offset SQL function so that it works correctly even in
corner cases such as when the argument is a virtual column or the column
of a view.
* Fix row value IN operator constraints on virtual tables so that they
work correctly even if the virtual table implementation relies on
bytecode to filter rows that do not satisfy the constraint.
* Other minor fixes to assert() statements, test cases, and documentation.
See the source code timeline for details.
Update to 3.38.0
* Add the -> and ->> operators for easier processing of JSON
* The JSON functions are now built-ins
* Enhancements to date and time functions
* Rename the printf() SQL function to format() for better compatibility,
with alias for backwards compatibility.
* Add the sqlite3_error_offset() interface for helping localize an SQL
error to a specific character in the input SQL text
* Enhance the interface to virtual tables
* CLI columnar output modes are enhanced to correctly handle tabs and
newlines embedded in text, and add options like "--wrap N", "--wordwrap
on", and "--quote" to the columnar output modes.
* Query planner enhancements using a Bloom filter to speed up large
analytic queries, and a balanced merge tree to evaluate UNION or UNION
ALL compound SELECT statements that have an ORDER BY clause.
* The ALTER TABLE statement is changed to silently ignores entries in the
sqlite_schema table that do not parse when PRAGMA writable_schema=ON
Update to 3.37.2:
* Fix a bug introduced in version 3.35.0 (2021-03-12) that can cause
database corruption if a SAVEPOINT is rolled back while in PRAGMA
temp_store=MEMORY mode, and other changes are made, and then the outer
transaction commits
* Fix a long-standing problem with ON DELETE CASCADE and ON UPDATE CASCADE
in which a cache of the bytecode used to implement the cascading change
was not being reset following a local DDL change
Update to 3.37.1:
* Fix a bug introduced by the UPSERT enhancements of version 3.35.0 that
can cause incorrect byte-code to be generated for some obscure but valid
SQL, possibly resulting in a NULL- pointer dereference.
* Fix an OOB read that can occur in FTS5 when reading corrupt database
files.
* Improved robustness of the --safe option in the CLI.
* Other minor fixes to assert() statements and test cases.
Update to 3.37.0:
* STRICT tables provide a prescriptive style of data type management, for
developers who prefer that kind of thing.
* When adding columns that contain a CHECK constraint or a generated
column containing a NOT NULL constraint, the ALTER TABLE ADD COLUMN now
checks new constraints against preexisting rows in the database and will
only proceed if no constraints are violated.
* Added the PRAGMA table_list statement.
* Add the .connection command, allowing the CLI to keep multiple database
connections open at the same time.
* Add the --safe command-line option that disables dot-commands and SQL
statements that might cause side-effects that extend beyond the single
database file named on the command-line.
* CLI: Performance improvements when reading SQL statements that span many
lines.
* Added the sqlite3_autovacuum_pages() interface.
* The sqlite3_deserialize() does not and has never worked for the TEMP
database. That limitation is now noted in the documentation.
* The query planner now omits ORDER BY clauses on subqueries and views if
removing those clauses does not change the semantics
of the query.
* The generate_series table-valued function extension is modified so that
the first parameter ("START") is now required. This is done as a way to
demonstrate how to write table-valued functions with required
parameters. The legacy behavior is available using the
-DZERO_ARGUMENT_GENERATE_SERIES compile-time option.
* Added new sqlite3_changes64() and sqlite3_total_changes64() interfaces.
* Added the SQLITE_OPEN_EXRESCODE flag option to sqlite3_open_v2().
* Use less memory to hold the database schema.
* bsc#1189802, CVE-2021-36690: Fix an issue with the SQLite Expert
extension when a column has no collating sequence.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3401=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3401=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3401=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3401=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3401=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3401=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3401=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3401=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
- SUSE OpenStack Cloud 9 (x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
libsqlite3-0-3.39.3-9.23.1
libsqlite3-0-32bit-3.39.3-9.23.1
libsqlite3-0-debuginfo-3.39.3-9.23.1
libsqlite3-0-debuginfo-32bit-3.39.3-9.23.1
sqlite3-3.39.3-9.23.1
sqlite3-debuginfo-3.39.3-9.23.1
sqlite3-debugsource-3.39.3-9.23.1
sqlite3-devel-3.39.3-9.23.1
sqlite3-tcl-3.39.3-9.23.1
References:
https://www.suse.com/security/cve/CVE-2021-36690.html
https://www.suse.com/security/cve/CVE-2022-35737.html
https://bugzilla.suse.com/1189802
https://bugzilla.suse.com/1195773
https://bugzilla.suse.com/1201783
From sle-security-updates at lists.suse.com Mon Sep 26 19:26:19 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:26:19 +0200 (CEST)
Subject: SUSE-SU-2022:3399-1: moderate: Security update for unzip
Message-ID: <20220926192619.E7AE2FD84@maintenance.suse.de>
SUSE Security Update: Security update for unzip
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3399-1
Rating: moderate
References: #1196177 #1196180
Cross-References: CVE-2022-0529 CVE-2022-0530
CVSS scores:
CVE-2022-0529 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0529 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0530 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-0530 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for unzip fixes the following issues:
- CVE-2022-0530: Fixed SIGSEGV during the conversion of an utf-8 string to
a local string (bsc#1196177).
- CVE-2022-0529: Fixed heap out-of-bound writes and reads during
conversion of wide string to local string (bsc#1196180)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3399=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3399=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3399=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3399=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
unzip-6.00-150000.4.11.1
unzip-debuginfo-6.00-150000.4.11.1
unzip-debugsource-6.00-150000.4.11.1
unzip-doc-6.00-150000.4.11.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
unzip-6.00-150000.4.11.1
unzip-debuginfo-6.00-150000.4.11.1
unzip-debugsource-6.00-150000.4.11.1
unzip-doc-6.00-150000.4.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
unzip-6.00-150000.4.11.1
unzip-debuginfo-6.00-150000.4.11.1
unzip-debugsource-6.00-150000.4.11.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
unzip-6.00-150000.4.11.1
unzip-debuginfo-6.00-150000.4.11.1
unzip-debugsource-6.00-150000.4.11.1
References:
https://www.suse.com/security/cve/CVE-2022-0529.html
https://www.suse.com/security/cve/CVE-2022-0530.html
https://bugzilla.suse.com/1196177
https://bugzilla.suse.com/1196180
From sle-security-updates at lists.suse.com Mon Sep 26 19:27:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:27:13 +0200 (CEST)
Subject: SUSE-SU-2022:3394-1: moderate: Security update for permissions
Message-ID: <20220926192713.AC989FD84@maintenance.suse.de>
SUSE Security Update: Security update for permissions
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3394-1
Rating: moderate
References: #1203018
Cross-References: CVE-2022-31252
CVSS scores:
CVE-2022-31252 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Micro 5.2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
openSUSE Leap Micro 5.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap Micro 5.2:
zypper in -t patch openSUSE-Leap-Micro-5.2-2022-3394=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3394=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3394=1
- SUSE Linux Enterprise Micro 5.2:
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-3394=1
- SUSE Linux Enterprise Micro 5.1:
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-3394=1
Package List:
- openSUSE Leap Micro 5.2 (aarch64 x86_64):
permissions-20181225-150200.23.15.1
permissions-debuginfo-20181225-150200.23.15.1
permissions-debugsource-20181225-150200.23.15.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
permissions-20181225-150200.23.15.1
permissions-debuginfo-20181225-150200.23.15.1
permissions-debugsource-20181225-150200.23.15.1
- openSUSE Leap 15.3 (noarch):
permissions-zypp-plugin-20181225-150200.23.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
permissions-20181225-150200.23.15.1
permissions-debuginfo-20181225-150200.23.15.1
permissions-debugsource-20181225-150200.23.15.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
permissions-zypp-plugin-20181225-150200.23.15.1
- SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):
permissions-20181225-150200.23.15.1
permissions-debuginfo-20181225-150200.23.15.1
permissions-debugsource-20181225-150200.23.15.1
- SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64):
permissions-20181225-150200.23.15.1
permissions-debuginfo-20181225-150200.23.15.1
permissions-debugsource-20181225-150200.23.15.1
References:
https://www.suse.com/security/cve/CVE-2022-31252.html
https://bugzilla.suse.com/1203018
From sle-security-updates at lists.suse.com Mon Sep 26 19:28:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:28:03 +0200 (CEST)
Subject: SUSE-SU-2022:3400-1: moderate: Security update for libcaca
Message-ID: <20220926192803.CAC3EFD84@maintenance.suse.de>
SUSE Security Update: Security update for libcaca
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3400-1
Rating: moderate
References: #1182731
Cross-References: CVE-2021-3410
CVSS scores:
CVE-2021-3410 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3410 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libcaca fixes the following issues:
- CVE-2021-3410: Fixed overflow when multiplying large ints (bsc#1182731).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3400=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3400=1
- SUSE Linux Enterprise Module for Basesystem 15-SP4:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-3400=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3400=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
caca-utils-0.99.beta19.git20171003-150200.11.9.1
caca-utils-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca-debugsource-0.99.beta19.git20171003-150200.11.9.1
libcaca-devel-0.99.beta19.git20171003-150200.11.9.1
libcaca-ruby-0.99.beta19.git20171003-150200.11.9.1
libcaca-ruby-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-0.99.beta19.git20171003-150200.11.9.1
libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.9.1
- openSUSE Leap 15.4 (noarch):
python3-caca-0.99.beta19.git20171003-150200.11.9.1
- openSUSE Leap 15.4 (x86_64):
libcaca0-32bit-0.99.beta19.git20171003-150200.11.9.1
libcaca0-32bit-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-32bit-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-32bit-debuginfo-0.99.beta19.git20171003-150200.11.9.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
caca-utils-0.99.beta19.git20171003-150200.11.9.1
caca-utils-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca-debugsource-0.99.beta19.git20171003-150200.11.9.1
libcaca-devel-0.99.beta19.git20171003-150200.11.9.1
libcaca-ruby-0.99.beta19.git20171003-150200.11.9.1
libcaca-ruby-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-0.99.beta19.git20171003-150200.11.9.1
libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.9.1
- openSUSE Leap 15.3 (x86_64):
libcaca0-32bit-0.99.beta19.git20171003-150200.11.9.1
libcaca0-32bit-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-32bit-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-32bit-debuginfo-0.99.beta19.git20171003-150200.11.9.1
- openSUSE Leap 15.3 (noarch):
python3-caca-0.99.beta19.git20171003-150200.11.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64):
libcaca-debugsource-0.99.beta19.git20171003-150200.11.9.1
libcaca-devel-0.99.beta19.git20171003-150200.11.9.1
libcaca0-0.99.beta19.git20171003-150200.11.9.1
libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libcaca-debugsource-0.99.beta19.git20171003-150200.11.9.1
libcaca-devel-0.99.beta19.git20171003-150200.11.9.1
libcaca0-0.99.beta19.git20171003-150200.11.9.1
libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-0.99.beta19.git20171003-150200.11.9.1
libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.9.1
References:
https://www.suse.com/security/cve/CVE-2021-3410.html
https://bugzilla.suse.com/1182731
From sle-security-updates at lists.suse.com Mon Sep 26 19:29:02 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:29:02 +0200 (CEST)
Subject: SUSE-SU-2022:3397-1: important: Security update for snakeyaml
Message-ID: <20220926192902.1C3B8FD84@maintenance.suse.de>
SUSE Security Update: Security update for snakeyaml
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3397-1
Rating: important
References: #1202932 #1203149 #1203153 #1203154 #1203158
Cross-References: CVE-2020-13936 CVE-2022-25857 CVE-2022-38749
CVE-2022-38750 CVE-2022-38751 CVE-2022-38752
CVSS scores:
CVE-2020-13936 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2020-13936 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-25857 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-25857 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38749 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38749 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38750 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-38750 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38751 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38751 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38752 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-38752 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Linux Enterprise Module for SUSE Manager Server 4.3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for snakeyaml fixes the following issues:
- CVE-2022-38750: Fixed uncaught exception in
org.yaml.snakeyaml.constructor.BaseConstructor.constructObject
(bsc#1203158).
- CVE-2022-38749: Fixed StackOverflowError for many open unmatched
brackets (bsc#1203149).
- CVE-2022-38752: Fixed uncaught exception in
java.base/java.util.ArrayList.hashCode (bsc#1203154).
- CVE-2022-38751: Fixed unrestricted data matched with Regular Expressions
(bsc#1203153).
- CVE-2022-25857: Fixed denial of service vulnerability due missing to
nested depth limitation for collections (bsc#1202932).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3397=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3397=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3397=1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3397=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3397=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3397=1
Package List:
- openSUSE Leap 15.4 (noarch):
snakeyaml-1.31-150200.3.8.1
snakeyaml-javadoc-1.31-150200.3.8.1
- openSUSE Leap 15.3 (noarch):
snakeyaml-1.31-150200.3.8.1
snakeyaml-javadoc-1.31-150200.3.8.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):
snakeyaml-1.31-150200.3.8.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
snakeyaml-1.31-150200.3.8.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch):
snakeyaml-1.31-150200.3.8.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch):
snakeyaml-1.31-150200.3.8.1
References:
https://www.suse.com/security/cve/CVE-2020-13936.html
https://www.suse.com/security/cve/CVE-2022-25857.html
https://www.suse.com/security/cve/CVE-2022-38749.html
https://www.suse.com/security/cve/CVE-2022-38750.html
https://www.suse.com/security/cve/CVE-2022-38751.html
https://www.suse.com/security/cve/CVE-2022-38752.html
https://bugzilla.suse.com/1202932
https://bugzilla.suse.com/1203149
https://bugzilla.suse.com/1203153
https://bugzilla.suse.com/1203154
https://bugzilla.suse.com/1203158
From sle-security-updates at lists.suse.com Mon Sep 26 19:31:05 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:31:05 +0200 (CEST)
Subject: SUSE-SU-2022:3396-1: important: Security update for MozillaFirefox
Message-ID: <20220926193105.63969FD84@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3396-1
Rating: important
References: #1200793 #1201758 #1202645 #1203477
Cross-References: CVE-2022-2200 CVE-2022-2505 CVE-2022-34468
CVE-2022-34469 CVE-2022-34470 CVE-2022-34471
CVE-2022-34472 CVE-2022-34473 CVE-2022-34474
CVE-2022-34475 CVE-2022-34476 CVE-2022-34477
CVE-2022-34478 CVE-2022-34479 CVE-2022-34480
CVE-2022-34481 CVE-2022-34482 CVE-2022-34483
CVE-2022-34484 CVE-2022-34485 CVE-2022-36314
CVE-2022-36318 CVE-2022-36319 CVE-2022-38472
CVE-2022-38473 CVE-2022-38476 CVE-2022-38477
CVE-2022-38478 CVE-2022-40956 CVE-2022-40957
CVE-2022-40958 CVE-2022-40959 CVE-2022-40960
CVE-2022-40962
CVSS scores:
CVE-2022-2505 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2022-34472 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36314 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36318 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-36319 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP4
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes 34 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 102.3.0esr ESR (bsc#1200793, bsc#1201758,
bsc#1202645, bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on transient
pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies
with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM on
ARM64.
- CVE-2022-40962: Fixed memory safety bugs.
- CVE-2022-38472: Fixed a potential address bar spoofing via XSLT error
handling.
- CVE-2022-38473: Fixed an issue where cross-origin XSLT documents could
inherit the parent's permissions.
- CVE-2022-38478: Fixed various memory safety issues.
- CVE-2022-38476: Fixed data race and potential use-after-free in
PK11_ChangePW.
- CVE-2022-38477: Fixed memory safety bugs.
- CVE-2022-36319: Fixed mouse position spoofing with CSS transforms.
- CVE-2022-36318: Fixed directory indexes for bundled resources reflected
URL parameters.
- CVE-2022-36314: Fixed unexpected network loads when opening local .lnk
files.
- CVE-2022-2505: Fixed memory safety bugs.
- CVE-2022-34479: Fixed vulnerabilty where a popup window could be resized
in a way to overlay the address bar with web content.
- CVE-2022-34470: Fixed use-after-free in nsSHistory.
- CVE-2022-34468: Fixed bypass of CSP sandbox header without
`allow-scripts` via retargeted javascript: URI.
- CVE-2022-34482: Fixed drag and drop of malicious image that could have
led to malicious executable and potential code execution.
- CVE-2022-34483: Fixed drag and drop of malicious image that could have
led to malicious executable and potential code execution.
- CVE-2022-34476: Fixed vulnerability where ASN.1 parser could have been
tricked into accepting malformed ASN.1.
- CVE-2022-34481: Fixed potential integer overflow in ReplaceElementsAt
- CVE-2022-34474: Fixed vulnerability where sandboxed iframes could
redirect to external schemes.
- CVE-2022-34469: Fixed TLS certificate errors on HSTS-protected domains
which could be bypassed by the user on Firefox for Android.
- CVE-2022-34471: Fixed vulnerability where a compromised server could
trick a browser into an addon downgrade.
- CVE-2022-34472: Fixed vulnerability where an unavailable PAC file
resulted in OCSP requests being blocked.
- CVE-2022-34478: Fixed vulnerability where Microsoft protocols can be
attacked if a user accepts a prompt.
- CVE-2022-2200: Fixed vulnerability where undesired attributes could be
set as part of prototype pollution.
- CVE-2022-34480: Fixed free of uninitialized pointer in lg_init.
- CVE-2022-34477: Fixed vulnerability in MediaError message property
leaking information on cross-origin same-site pages.
- CVE-2022-34475: Fixed vulnerability where the HTML Sanitizer could have
been bypassed via same-origin script via use tags.
- CVE-2022-34473: Fixed vulnerability where the HTML Sanitizer could have
been bypassed via use tags.
- CVE-2022-34484: Fixed memory safety bugs.
- CVE-2022-34485: Fixed memory safety bugs.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3396=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3396=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3396=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3396=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3396=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3396=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3396=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3396=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-3396=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3396=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3396=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3396=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3396=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-branding-upstream-102.3.0-150200.152.61.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-branding-upstream-102.3.0-150200.152.61.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Manager Proxy 4.1 (x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64):
MozillaFirefox-devel-102.3.0-150200.152.61.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
MozillaFirefox-102.3.0-150200.152.61.1
MozillaFirefox-branding-SLE-102-150200.9.10.1
MozillaFirefox-debuginfo-102.3.0-150200.152.61.1
MozillaFirefox-debugsource-102.3.0-150200.152.61.1
MozillaFirefox-devel-102.3.0-150200.152.61.1
MozillaFirefox-translations-common-102.3.0-150200.152.61.1
MozillaFirefox-translations-other-102.3.0-150200.152.61.1
References:
https://www.suse.com/security/cve/CVE-2022-2200.html
https://www.suse.com/security/cve/CVE-2022-2505.html
https://www.suse.com/security/cve/CVE-2022-34468.html
https://www.suse.com/security/cve/CVE-2022-34469.html
https://www.suse.com/security/cve/CVE-2022-34470.html
https://www.suse.com/security/cve/CVE-2022-34471.html
https://www.suse.com/security/cve/CVE-2022-34472.html
https://www.suse.com/security/cve/CVE-2022-34473.html
https://www.suse.com/security/cve/CVE-2022-34474.html
https://www.suse.com/security/cve/CVE-2022-34475.html
https://www.suse.com/security/cve/CVE-2022-34476.html
https://www.suse.com/security/cve/CVE-2022-34477.html
https://www.suse.com/security/cve/CVE-2022-34478.html
https://www.suse.com/security/cve/CVE-2022-34479.html
https://www.suse.com/security/cve/CVE-2022-34480.html
https://www.suse.com/security/cve/CVE-2022-34481.html
https://www.suse.com/security/cve/CVE-2022-34482.html
https://www.suse.com/security/cve/CVE-2022-34483.html
https://www.suse.com/security/cve/CVE-2022-34484.html
https://www.suse.com/security/cve/CVE-2022-34485.html
https://www.suse.com/security/cve/CVE-2022-36314.html
https://www.suse.com/security/cve/CVE-2022-36318.html
https://www.suse.com/security/cve/CVE-2022-36319.html
https://www.suse.com/security/cve/CVE-2022-38472.html
https://www.suse.com/security/cve/CVE-2022-38473.html
https://www.suse.com/security/cve/CVE-2022-38476.html
https://www.suse.com/security/cve/CVE-2022-38477.html
https://www.suse.com/security/cve/CVE-2022-38478.html
https://www.suse.com/security/cve/CVE-2022-40956.html
https://www.suse.com/security/cve/CVE-2022-40957.html
https://www.suse.com/security/cve/CVE-2022-40958.html
https://www.suse.com/security/cve/CVE-2022-40959.html
https://www.suse.com/security/cve/CVE-2022-40960.html
https://www.suse.com/security/cve/CVE-2022-40962.html
https://bugzilla.suse.com/1200793
https://bugzilla.suse.com/1201758
https://bugzilla.suse.com/1202645
https://bugzilla.suse.com/1203477
From sle-security-updates at lists.suse.com Mon Sep 26 19:32:44 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Mon, 26 Sep 2022 21:32:44 +0200 (CEST)
Subject: SUSE-SU-2022:3393-1: moderate: Security update for libarchive
Message-ID: <20220926193244.4802FFD84@maintenance.suse.de>
SUSE Security Update: Security update for libarchive
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3393-1
Rating: moderate
References: #1192425
Cross-References: CVE-2021-23177
CVSS scores:
CVE-2021-23177 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-23177 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libarchive fixes the following issues:
- CVE-2021-23177: Fixed symlink ACL extraction that modifies ACLs of the
target system (bsc#1192425).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3393=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3393=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3393=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
bsdtar-3.4.2-150200.4.9.1
bsdtar-debuginfo-3.4.2-150200.4.9.1
libarchive-debugsource-3.4.2-150200.4.9.1
libarchive-devel-3.4.2-150200.4.9.1
libarchive13-3.4.2-150200.4.9.1
libarchive13-debuginfo-3.4.2-150200.4.9.1
- openSUSE Leap 15.3 (x86_64):
libarchive13-32bit-3.4.2-150200.4.9.1
libarchive13-32bit-debuginfo-3.4.2-150200.4.9.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
bsdtar-3.4.2-150200.4.9.1
bsdtar-debuginfo-3.4.2-150200.4.9.1
libarchive-debugsource-3.4.2-150200.4.9.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libarchive-debugsource-3.4.2-150200.4.9.1
libarchive-devel-3.4.2-150200.4.9.1
libarchive13-3.4.2-150200.4.9.1
libarchive13-debuginfo-3.4.2-150200.4.9.1
References:
https://www.suse.com/security/cve/CVE-2021-23177.html
https://bugzilla.suse.com/1192425
From sle-security-updates at lists.suse.com Mon Sep 26 22:20:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 00:20:59 +0200 (CEST)
Subject: SUSE-SU-2022:3409-1: important: Security update for the Linux Kernel
(Live Patch 26 for SLE 15)
Message-ID: <20220926222059.EFF60F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3409-1
Rating: important
References: #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150_78 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3409=1 SUSE-SLE-Module-Live-Patching-15-2022-3410=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150_78-default-14-150000.2.2
kernel-livepatch-4_12_14-150_78-default-debuginfo-14-150000.2.2
kernel-livepatch-4_12_14-150_83-default-10-150000.2.2
kernel-livepatch-4_12_14-150_83-default-debuginfo-10-150000.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Mon Sep 26 22:22:33 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 00:22:33 +0200 (CEST)
Subject: SUSE-SU-2022:3408-1: important: Security update for the Linux Kernel
Message-ID: <20220926222233.89E17F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3408-1
Rating: important
References: #1177440 #1180153 #1188944 #1191881 #1194535
#1196616 #1197158 #1199482 #1199665 #1201019
#1201420 #1201705 #1201726 #1201948 #1202096
#1202097 #1202154 #1202335 #1202346 #1202347
#1202393 #1202396 #1202672 #1202897 #1202898
#1203098 #1203107
Cross-References: CVE-2020-36516 CVE-2021-4203 CVE-2022-1012
CVE-2022-20368 CVE-2022-20369 CVE-2022-21385
CVE-2022-2588 CVE-2022-26373 CVE-2022-2639
CVE-2022-2663 CVE-2022-29581 CVE-2022-2977
CVE-2022-3028 CVE-2022-36879 CVE-2022-39188
CVSS scores:
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-1012 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Availability 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Storage 6
SUSE Manager Proxy 4.0
SUSE Manager Retail Branch Server 4.0
SUSE Manager Server 4.0
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that solves 15 vulnerabilities and has 12 fixes
is now available.
Description:
The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-1012: Fixed a memory leak problem that was found in the TCP
source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-29581: Fixed improper update of reference count vulnerability
in net/sched that allowed a local attacker to cause privilege escalation
to root (bnc#1199665).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
The following non-security bugs were fixed:
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- cifs: fix error paths in cifs_tree_connect() (bsc#1177440).
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
(bsc#1188944).
- cifs: report error instead of invalid when revalidating a dentry fails
(bsc#1177440).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335).
- tcp: change source port randomizarion at connect() time (bsc#1180153
bsc#1202335).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3408=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3408=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3408=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3408=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3408=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3408=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3408=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3408=1
- SUSE Linux Enterprise High Availability 15-SP1:
zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3408=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3408=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-4.12.14-150100.197.123.1
kernel-vanilla-base-4.12.14-150100.197.123.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-debugsource-4.12.14-150100.197.123.1
kernel-vanilla-devel-4.12.14-150100.197.123.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.123.1
- openSUSE Leap 15.4 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.123.1
kernel-debug-base-debuginfo-4.12.14-150100.197.123.1
- openSUSE Leap 15.4 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.123.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.123.1
- openSUSE Leap 15.4 (s390x):
kernel-default-man-4.12.14-150100.197.123.1
kernel-zfcpdump-man-4.12.14-150100.197.123.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-4.12.14-150100.197.123.1
kernel-vanilla-base-4.12.14-150100.197.123.1
kernel-vanilla-base-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-debugsource-4.12.14-150100.197.123.1
kernel-vanilla-devel-4.12.14-150100.197.123.1
kernel-vanilla-devel-debuginfo-4.12.14-150100.197.123.1
kernel-vanilla-livepatch-devel-4.12.14-150100.197.123.1
- openSUSE Leap 15.3 (ppc64le x86_64):
kernel-debug-base-4.12.14-150100.197.123.1
kernel-debug-base-debuginfo-4.12.14-150100.197.123.1
- openSUSE Leap 15.3 (x86_64):
kernel-kvmsmall-base-4.12.14-150100.197.123.1
kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.123.1
- openSUSE Leap 15.3 (s390x):
kernel-default-man-4.12.14-150100.197.123.1
kernel-zfcpdump-man-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
reiserfs-kmp-default-4.12.14-150100.197.123.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
reiserfs-kmp-default-4.12.14-150100.197.123.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (s390x):
kernel-default-man-4.12.14-150100.197.123.1
kernel-zfcpdump-debuginfo-4.12.14-150100.197.123.1
kernel-zfcpdump-debugsource-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server 15-SP1-BCL (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
reiserfs-kmp-default-4.12.14-150100.197.123.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.123.1
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-livepatch-4.12.14-150100.197.123.1
kernel-default-livepatch-devel-4.12.14-150100.197.123.1
kernel-livepatch-4_12_14-150100_197_123-default-1-150100.3.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
- SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-4.12.14-150100.197.123.1
cluster-md-kmp-default-debuginfo-4.12.14-150100.197.123.1
dlm-kmp-default-4.12.14-150100.197.123.1
dlm-kmp-default-debuginfo-4.12.14-150100.197.123.1
gfs2-kmp-default-4.12.14-150100.197.123.1
gfs2-kmp-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
ocfs2-kmp-default-4.12.14-150100.197.123.1
ocfs2-kmp-default-debuginfo-4.12.14-150100.197.123.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
reiserfs-kmp-default-4.12.14-150100.197.123.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.123.1
- SUSE Enterprise Storage 6 (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
- SUSE CaaS Platform 4.0 (x86_64):
kernel-default-4.12.14-150100.197.123.1
kernel-default-base-4.12.14-150100.197.123.1
kernel-default-base-debuginfo-4.12.14-150100.197.123.1
kernel-default-debuginfo-4.12.14-150100.197.123.1
kernel-default-debugsource-4.12.14-150100.197.123.1
kernel-default-devel-4.12.14-150100.197.123.1
kernel-default-devel-debuginfo-4.12.14-150100.197.123.1
kernel-obs-build-4.12.14-150100.197.123.1
kernel-obs-build-debugsource-4.12.14-150100.197.123.1
kernel-syms-4.12.14-150100.197.123.1
reiserfs-kmp-default-4.12.14-150100.197.123.1
reiserfs-kmp-default-debuginfo-4.12.14-150100.197.123.1
- SUSE CaaS Platform 4.0 (noarch):
kernel-devel-4.12.14-150100.197.123.1
kernel-docs-4.12.14-150100.197.123.1
kernel-macros-4.12.14-150100.197.123.1
kernel-source-4.12.14-150100.197.123.1
References:
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1177440
https://bugzilla.suse.com/1180153
https://bugzilla.suse.com/1188944
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1199482
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1201019
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201705
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202335
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
From sle-security-updates at lists.suse.com Mon Sep 26 22:25:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 00:25:42 +0200 (CEST)
Subject: SUSE-SU-2022:3412-1: important: Security update for the Linux Kernel
(Live Patch 1 for SLE 15 SP4)
Message-ID: <20220926222542.D19E4F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3412-1
Rating: important
References: #1199695 #1203116
Cross-References: CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.14.21-150400_24_11 fixes several issues.
The following security issues were fixed:
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3412=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3405=1 SUSE-SLE-Live-Patching-12-SP5-2022-3414=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_24_11-default-3-150400.2.2
kernel-livepatch-5_14_21-150400_24_11-default-debuginfo-3-150400.2.2
kernel-livepatch-SLE15-SP4_Update_1-debugsource-3-150400.2.2
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_124-default-5-2.2
kgraft-patch-4_12_14-122_127-default-3-2.2
References:
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Mon Sep 26 22:26:35 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 00:26:35 +0200 (CEST)
Subject: SUSE-SU-2022:3406-1: important: Security update for the Linux Kernel
(Live Patch 31 for SLE 15)
Message-ID: <20220926222635.41056F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 31 for SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3406-1
Rating: important
References: #1203116
Cross-References: CVE-2022-39188
CVSS scores:
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 4.12.14-150000_150_95 fixes one issue.
The following security issue was fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3413=1
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3406=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_24_18-default-3-150400.2.2
kernel-livepatch-5_14_21-150400_24_18-default-debuginfo-3-150400.2.2
kernel-livepatch-SLE15-SP4_Update_2-debugsource-3-150400.2.2
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150000_150_95-default-3-150000.2.2
kernel-livepatch-4_12_14-150000_150_95-default-debuginfo-3-150000.2.2
References:
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Tue Sep 27 01:20:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 03:20:10 +0200 (CEST)
Subject: SUSE-SU-2022:3407-1: important: Security update for the Linux Kernel
(Live Patch 16 for SLE 15 SP3)
Message-ID: <20220927012010.429BBF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3407-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Live Patching 12-SP5
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP1
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP1
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_60 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3416=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3417=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3418=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3419=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3420=1
- SUSE Linux Enterprise Module for Live Patching 15-SP1:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3403=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-3407=1
- SUSE Linux Enterprise Live Patching 12-SP5:
zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-3404=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_60-default-11-150300.2.2
kernel-livepatch-5_3_18-150300_59_63-default-8-150300.2.2
kernel-livepatch-5_3_18-59_24-default-17-150300.2.2
kernel-livepatch-5_3_18-59_24-default-debuginfo-17-150300.2.2
kernel-livepatch-5_3_18-59_27-default-17-150300.2.2
kernel-livepatch-5_3_18-59_27-default-debuginfo-17-150300.2.2
kernel-livepatch-5_3_18-59_34-default-16-150300.2.2
kernel-livepatch-5_3_18-59_34-default-debuginfo-16-150300.2.2
kernel-livepatch-SLE15-SP3_Update_6-debugsource-17-150300.2.2
kernel-livepatch-SLE15-SP3_Update_7-debugsource-17-150300.2.2
kernel-livepatch-SLE15-SP3_Update_9-debugsource-16-150300.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64):
kernel-livepatch-4_12_14-197_102-default-14-150100.2.2
kernel-livepatch-4_12_14-197_108-default-9-150100.2.2
- SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64):
kgraft-patch-4_12_14-122_110-default-11-2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Tue Sep 27 01:21:15 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 03:21:15 +0200 (CEST)
Subject: SUSE-SU-2022:3411-1: important: Security update for the Linux Kernel
(Live Patch 3 for SLE 15 SP4)
Message-ID: <20220927012115.8FA0EF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP4)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3411-1
Rating: important
References: #1196959
Cross-References: CVE-2021-39698
CVSS scores:
CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Module for Live Patching 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for the Linux Kernel 5.14.21-150400_24_21 fixes one issue.
The following security issue was fixed:
- CVE-2021-39698: Fixed a memory corruption due to a use after free that
could lead to local escalation of privilege with no additional execution
privileges needed (bsc#1196959).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP4:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-3421=1
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3411=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64):
kernel-livepatch-5_14_21-150400_24_21-default-2-150400.2.2
kernel-livepatch-5_14_21-150400_24_21-default-debuginfo-2-150400.2.2
kernel-livepatch-SLE15-SP4_Update_3-debugsource-2-150400.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_93-default-2-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2021-39698.html
https://bugzilla.suse.com/1196959
From sle-security-updates at lists.suse.com Tue Sep 27 01:21:55 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 03:21:55 +0200 (CEST)
Subject: SUSE-SU-2022:3415-1: important: Security update for the Linux Kernel
(Live Patch 23 for SLE 15 SP3)
Message-ID: <20220927012155.92EB0F7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3415-1
Rating: important
References: #1196959 #1203116
Cross-References: CVE-2021-39698 CVE-2022-39188
CVSS scores:
CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_90 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2021-39698: Fixed a memory corruption due to a use after free that
could lead to local escalation of privilege with no additional execution
privileges needed (bsc#1196959).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3415=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_90-default-3-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2021-39698.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1196959
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Tue Sep 27 07:30:59 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 09:30:59 +0200 (CEST)
Subject: SUSE-CU-2022:2345-1: Security update of suse/sle15
Message-ID: <20220927073059.A3EEFF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2345-1
Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.44 , suse/sle15:15.3 , suse/sle15:15.3.17.20.44
Container Release : 17.20.44
Severity : important
Type : security
References : 1181994 1188006 1189802 1195773 1199079 1201680 1201783 1202868
1203018 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3394-1
Released: Mon Sep 26 16:05:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
The following package changes have been done:
- ca-certificates-mozilla-2.56-150200.24.1 updated
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20181225-150200.23.15.1 updated
From sle-security-updates at lists.suse.com Tue Sep 27 07:32:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 09:32:25 +0200 (CEST)
Subject: SUSE-CU-2022:2347-1: Security update of bci/dotnet-sdk
Message-ID: <20220927073225.3D11AF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2347-1
Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.5 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.5
Container Release : 35.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Tue Sep 27 07:33:49 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 09:33:49 +0200 (CEST)
Subject: SUSE-CU-2022:2348-1: Security update of bci/dotnet-sdk
Message-ID: <20220927073349.C254AF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2348-1
Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-24.5 , bci/dotnet-sdk:6.0.9 , bci/dotnet-sdk:6.0.9-24.5
Container Release : 24.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Tue Sep 27 07:35:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 09:35:13 +0200 (CEST)
Subject: SUSE-CU-2022:2349-1: Security update of bci/dotnet-runtime
Message-ID: <20220927073513.7908CF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2349-1
Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-47.5 , bci/dotnet-runtime:3.1.29 , bci/dotnet-runtime:3.1.29-47.5
Container Release : 47.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Tue Sep 27 07:36:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 09:36:25 +0200 (CEST)
Subject: SUSE-CU-2022:2350-1: Security update of bci/dotnet-runtime
Message-ID: <20220927073625.E6A07F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2350-1
Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-21.5 , bci/dotnet-runtime:6.0.9 , bci/dotnet-runtime:6.0.9-21.5
Container Release : 21.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Tue Sep 27 10:19:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 12:19:42 +0200 (CEST)
Subject: SUSE-SU-2022:3422-1: important: Security update for the Linux Kernel
Message-ID: <20220927101942.229FCF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3422-1
Rating: important
References: #1054914 #1065729 #1120716 #1179310 #1190397
#1191881 #1194535 #1197158 #1199617 #1201264
#1201420 #1201442 #1201610 #1201726 #1201948
#1202017 #1202096 #1202097 #1202346 #1202347
#1202393 #1202396 #1202528 #1202577 #1202672
#1202830 #1202897 #1202898 #1203013 #1203098
#1203107 #1203126
Cross-References: CVE-2021-4203 CVE-2022-20368 CVE-2022-20369
CVE-2022-21385 CVE-2022-2588 CVE-2022-26373
CVE-2022-2663 CVE-2022-2977 CVE-2022-3028
CVE-2022-36879 CVE-2022-39188
CVSS scores:
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (NVD) : 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21385 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Real Time Extension 12-SP5
______________________________________________________________________________
An update that solves 11 vulnerabilities and has 21 fixes
is now available.
Description:
The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed
unprivileged local users to crash the machine (bnc#1202897).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
The following non-security bugs were fixed:
- 9p: migrate from sync_inode to filemap_fdatawrite_wbc (bsc#1202528).
- ACPI: CPPC: Do not prevent CPPC from working in the future (git-fixes).
- Fix releasing of old bundles in xfrm_bundle_lookup() (bsc#1201264
bsc#1190397 bsc#1199617).
- KABI: cgroup: Restore KABI of css_set (bsc#1201610).
- KVM: PPC: Book3S HV: Context tracking exit guest context before enabling
irqs (bsc#1065729).
- KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2
(bsc#1201442)
- KVM: nVMX: Set UMIP bit CR4_FIXED1 MSR when emulating UMIP (bsc#1120716).
- KVM: x86: Mark TSS busy during LTR emulation _after_ all fault checks
(git-fixes).
- KVM: x86: Set error code to segment selector on LLDT/LTR non-canonical
#GP (git-fixes).
- PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors (git-fixes).
- Revert "USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST
quirk set" (git-fixes).
- Revert "r8152: adjust the settings about MAC clock speed down for
RTL8153" (git-fixes).
- SUNRPC: Fix the svc_deferred_event trace class (git-fixes).
- USB: new quirk for Dell Gen 2 devices (git-fixes).
- USB: serial: io_ti: add Agilent E5805A support (git-fixes).
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint
(git-fixes).
- btrfs: Convert fs_info->free_chunk_space to atomic64_t (bsc#1202528).
- btrfs: add a trace class for dumping the current ENOSPC state
(bsc#1202528).
- btrfs: add a trace point for reserve tickets (bsc#1202528).
- btrfs: adjust the flush trace point to include the source (bsc#1202528).
- btrfs: check reclaim_size in need_preemptive_reclaim (bsc#1202528).
- btrfs: check worker before need_preemptive_reclaim (bsc#1202528).
- btrfs: do not do preemptive flushing if the majority is global rsv
(bsc#1202528).
- btrfs: do not include the global rsv size in the preemptive used amount
(bsc#1202528).
- btrfs: enable a tracepoint when we fail tickets (bsc#1202528).
- btrfs: handle preemptive delalloc flushing slightly differently
(bsc#1202528).
- btrfs: implement space clamping for preemptive flushing (bsc#1202528).
- btrfs: improve preemptive background space flushing (bsc#1202528).
- btrfs: include delalloc related info in dump space info tracepoint
(bsc#1202528).
- btrfs: introduce a FORCE_COMMIT_TRANS flush operation (bsc#1202528).
- btrfs: make flush_space take a enum btrfs_flush_state instead of int
(bsc#1202528).
- btrfs: only clamp the first time we have to start flushing (bsc#1202528).
- btrfs: only ignore delalloc if delalloc is much smaller than ordered
(bsc#1202528).
- btrfs: reduce the preemptive flushing threshold to 90% (bsc#1202528).
- btrfs: remove FLUSH_DELAYED_REFS from data ENOSPC flushing (bsc#1202528).
- btrfs: rename need_do_async_reclaim (bsc#1202528).
- btrfs: rework btrfs_calc_reclaim_metadata_size (bsc#1202528).
- btrfs: rip out btrfs_space_info::total_bytes_pinned (bsc#1202528).
- btrfs: rip out may_commit_transaction (bsc#1202528).
- btrfs: rip the first_ticket_bytes logic from fail_all_tickets
(bsc#1202528).
- btrfs: simplify the logic in need_preemptive_flushing (bsc#1202528).
- btrfs: take into account global rsv in need_preemptive_reclaim
(bsc#1202528).
- btrfs: use delalloc_bytes to determine flush amount for shrink_delalloc
(bsc#1202528).
- btrfs: use percpu_read_positive instead of sum_positive for need_preempt
(bsc#1202528).
- btrfs: use the filemap_fdatawrite_wbc helper for delalloc shrinking
(bsc#1202528).
- btrfs: use the global rsv size in the preemptive thresh calculation
(bsc#1202528).
- btrfs: wait on async extents when flushing delalloc (bsc#1202528).
- btrfs: wake up async_delalloc_pages waiters after submit (bsc#1202528).
- ceph: do not truncate file in atomic_open (bsc#1202830).
- cgroup: Use separate src/dst nodes when preloading css_sets for
migration (bsc#1201610).
- check sk_peer_cred pointer before put_cred() call
- crypto: arm64/gcm - Select AEAD for GHASH_ARM64_CE (git-fixes).
- crypto: inside-secure - Add missing MODULE_DEVICE_TABLE for of
(git-fixes).
- cxgb4: fix endian conversions for L4 ports in filters (git-fixes).
- cxgb4: move handling L2T ARP failures to caller (git-fixes).
- cxgb4: parse TC-U32 key values and masks natively (git-fixes).
- drivers/perf: arm_spe: Fix consistency of SYS_PMSCR_EL1.CX (git-fixes).
- fs: add a filemap_fdatawrite_wbc helper (bsc#1202528).
- fuse: limit nsec (bsc#1203126).
- iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE)
(git-fixes).
- ipheth: fix EOVERFLOW in ipheth_rcvbulk_callback (git-fixes).
- kabi/severities: add mlx5 internal symbols
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,
bsc#1203098).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mvpp2: fix panic on module removal (git-fixes).
- mvpp2: refactor the HW checksum setup (git-fixes).
- net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).
- net/mlx5: Fix auto group size calculation (git-fixes).
- net/mlx5: Imply MLXFW in mlx5_core (git-fixes).
- net/mlx5e: Use the inner headers to determine tc/pedit offload
limitation on decap flows (git-fixes).
- net: dsa: mt7530: Change the LINK bit to reflect the link status
(git-fixes).
- net: emaclite: Simplify if-else statements (git-fixes).
- net: ll_temac: Add more error handling of dma_map_single() calls
(git-fixes).
- net: ll_temac: Enable DMA when ready, not before (git-fixes).
- net: ll_temac: Fix RX buffer descriptor handling on GFP_ATOMIC pressure
(git-fixes).
- net: ll_temac: Fix iommu/swiotlb leak (git-fixes).
- net: ll_temac: Fix support for 64-bit platforms (git-fixes).
- net: ll_temac: Fix support for little-endian platforms (git-fixes).
- net: ll_temac: Fix typo bug for 32-bit (git-fixes).
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale
pointer (git-fixes).
- net: stmmac: gmac4: bitrev32 returns u32 (git-fixes).
- net: usb: lan78xx: Connect PHY before registering MAC (git-fixes).
- net: xilinx: replace dev_kfree_skb_irq by dev_consume_skb_irq for drop
profiles (git-fixes).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add --backtrace support (bsc#1202396).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Allow no-op CFI ops in alternatives (bsc#1202396).
- objtool: Convert insn type to enum (bsc#1202396).
- objtool: Do not use ignore flag for fake jumps (bsc#1202396).
- objtool: Fix !CFI insn_state propagation (bsc#1202396).
- objtool: Fix ORC vs alternatives (bsc#1202396).
- objtool: Fix sibling call detection (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Remove check preventing branches within alternative
(bsc#1202396).
- objtool: Rename elf_open() to prevent conflict with libelf from
elftoolchain (bsc#1202396).
- objtool: Rename struct cfi_state (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Rewrite alt->skip_orig (bsc#1202396).
- objtool: Set insn->func for alternatives (bsc#1202396).
- objtool: Support conditional retpolines (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- objtool: Track original function across branches (bsc#1202396).
- objtool: Uniquely identify alternative instruction groups (bsc#1202396).
- objtool: Use Elf_Scn typedef instead of assuming struct name
(bsc#1202396).
- phy: tegra: fix device-tree node lookups (git-fixes).
- powerpc/perf: Add privileged access check for thread_imc (bsc#1054914,
git-fixes).
- powerpc/perf: Fix loop exit condition in nest_imc_event_init
(bsc#1054914, git-fixes).
- powerpc/perf: Return accordingly on invalid chip-id in (bsc#1054914,
git-fixes).
- powerpc/xive: Fix refcount leak in xive_get_max_prio (git-fixess).
- powerpc: Enable execve syscall exit tracepoint (bsc#1065729).
- powerpc: Use sizeof(*foo) rather than sizeof(struct foo) (bsc#1054914,
git-fixes).
- powerpc: define get_cycles macro for arch-override (bsc#1065729).
- qed: Add EDPM mode type for user-fw compatibility (git-fixes).
- qed: fix kABI in qed_rdma_create_qp_in_params (git-fixes).
- scsi: smartpqi: set force_blk_mq=1.(bsc#1179310)
- spmi: trace: fix stack-out-of-bound access in SPMI tracing functions
(git-fixes).
- squashfs: add more sanity checks in id lookup (git-fixes).
- squashfs: add more sanity checks in inode lookup (git-fixes).
- squashfs: add more sanity checks in xattr id lookup (git-fixes).
- squashfs: fix divide error in calculate_skip() (git-fixes).
- squashfs: fix inode lookup sanity checks (bsc#1203013).
- squashfs: fix xattr id and id lookup sanity checks (bsc#1203013).
- tracepoint: Add tracepoint_probe_register_may_exist() for BPF tracing
(git-fixes).
- tracing/perf: Use strndup_user() instead of buggy open-coded version
(git-fixes).
- tracing/uprobes: Check the return value of kstrdup() for tu->filename
(git-fixes).
- tracing: Fix race in perf_trace_buf initialization (git-fixes).
- usb: misc: fix improper handling of refcount in uss720_probe()
(git-fixes).
- usbnet: Fix linkwatch use-after-free on disconnect (git-fixes).
- usbnet: smsc95xx: Fix deadlock on runtime resume (git-fixes).
- xen/xenbus: fix return type in xenbus_file_read() (git-fixes).
- xfs: always free inline data before resetting inode fork during ifree
(bsc#1202017).
- xfs: check sb_meta_uuid for dabuf buffer recovery (bsc#1202577).
- xprtrdma: Fix trace point use-after-free race (git-fixes).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Real Time Extension 12-SP5:
zypper in -t patch SUSE-SLE-RT-12-SP5-2022-3422=1
Package List:
- SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64):
cluster-md-kmp-rt-4.12.14-10.100.1
cluster-md-kmp-rt-debuginfo-4.12.14-10.100.1
dlm-kmp-rt-4.12.14-10.100.1
dlm-kmp-rt-debuginfo-4.12.14-10.100.1
gfs2-kmp-rt-4.12.14-10.100.1
gfs2-kmp-rt-debuginfo-4.12.14-10.100.1
kernel-rt-4.12.14-10.100.1
kernel-rt-base-4.12.14-10.100.1
kernel-rt-base-debuginfo-4.12.14-10.100.1
kernel-rt-debuginfo-4.12.14-10.100.1
kernel-rt-debugsource-4.12.14-10.100.1
kernel-rt-devel-4.12.14-10.100.1
kernel-rt-devel-debuginfo-4.12.14-10.100.1
kernel-rt_debug-4.12.14-10.100.1
kernel-rt_debug-debuginfo-4.12.14-10.100.1
kernel-rt_debug-debugsource-4.12.14-10.100.1
kernel-rt_debug-devel-4.12.14-10.100.1
kernel-rt_debug-devel-debuginfo-4.12.14-10.100.1
kernel-syms-rt-4.12.14-10.100.1
ocfs2-kmp-rt-4.12.14-10.100.1
ocfs2-kmp-rt-debuginfo-4.12.14-10.100.1
- SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch):
kernel-devel-rt-4.12.14-10.100.1
kernel-source-rt-4.12.14-10.100.1
References:
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-21385.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1054914
https://bugzilla.suse.com/1065729
https://bugzilla.suse.com/1120716
https://bugzilla.suse.com/1179310
https://bugzilla.suse.com/1190397
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1199617
https://bugzilla.suse.com/1201264
https://bugzilla.suse.com/1201420
https://bugzilla.suse.com/1201442
https://bugzilla.suse.com/1201610
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202017
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202528
https://bugzilla.suse.com/1202577
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202830
https://bugzilla.suse.com/1202897
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203013
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203126
From sle-security-updates at lists.suse.com Tue Sep 27 13:21:00 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 15:21:00 +0200 (CEST)
Subject: SUSE-SU-2022:3424-1: important: Security update for the Linux Kernel
(Live Patch 29 for SLE 15)
Message-ID: <20220927132100.048A8FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3424-1
Rating: important
References: #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 4.12.14-150000_150_89 fixes several
issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-3424=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64):
kernel-livepatch-4_12_14-150000_150_89-default-8-150000.2.2
kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-8-150000.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Tue Sep 27 13:22:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 15:22:22 +0200 (CEST)
Subject: SUSE-SU-2022:3425-1: important: Security update for grafana
Message-ID: <20220927132222.B62ADFD84@maintenance.suse.de>
SUSE Security Update: Security update for grafana
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3425-1
Rating: important
References: #1191454 #1193688
Cross-References: CVE-2021-39226 CVE-2021-43813
CVSS scores:
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Enterprise Storage 6
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for grafana fixes the following issues:
Updated to version 7.5.12:
- CVE-2021-43813: Fixed markdown path traversal (bsc#1193688).
- CVE-2021-39226: Fixed Snapshot authentication bypass (bsc#1191454).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3425=1
Package List:
- SUSE Enterprise Storage 6 (aarch64 x86_64):
grafana-7.5.12-150100.3.9.1
References:
https://www.suse.com/security/cve/CVE-2021-39226.html
https://www.suse.com/security/cve/CVE-2021-43813.html
https://bugzilla.suse.com/1191454
https://bugzilla.suse.com/1193688
From sle-security-updates at lists.suse.com Tue Sep 27 13:23:09 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 15:23:09 +0200 (CEST)
Subject: SUSE-SU-2022:3428-1: moderate: Security update for libcaca
Message-ID: <20220927132309.2F5A9FD84@maintenance.suse.de>
SUSE Security Update: Security update for libcaca
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3428-1
Rating: moderate
References: #1182731
Cross-References: CVE-2021-3410
CVSS scores:
CVE-2021-3410 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3410 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libcaca fixes the following issues:
- CVE-2021-3410: Fixed overflow when multiplying large ints (bsc#1182731).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3428=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3428=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libcaca-debugsource-0.99.beta18-14.12.1
libcaca-devel-0.99.beta18-14.12.1
libcaca0-plugins-0.99.beta18-14.12.1
libcaca0-plugins-debuginfo-0.99.beta18-14.12.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libcaca-debugsource-0.99.beta18-14.12.1
libcaca0-0.99.beta18-14.12.1
libcaca0-debuginfo-0.99.beta18-14.12.1
References:
https://www.suse.com/security/cve/CVE-2021-3410.html
https://bugzilla.suse.com/1182731
From sle-security-updates at lists.suse.com Tue Sep 27 16:20:53 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 18:20:53 +0200 (CEST)
Subject: SUSE-SU-2022:3432-1: important: Security update for the Linux Kernel
(Live Patch 19 for SLE 15 SP3)
Message-ID: <20220927162053.D1A53FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 19 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3432-1
Rating: important
References: #1199695 #1203116
Cross-References: CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_71 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3432=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_71-default-6-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Tue Sep 27 16:21:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 18:21:42 +0200 (CEST)
Subject: SUSE-SU-2022:3433-1: important: Security update for the Linux Kernel
(Live Patch 13 for SLE 15 SP3)
Message-ID: <20220927162142.BB282FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 13 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3433-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_46 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3431=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3433=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_46-default-14-150300.2.2
kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-14-150300.2.2
kernel-livepatch-5_3_18-59_40-default-15-150300.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64):
kernel-livepatch-5_3_18-59_40-default-debuginfo-15-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Tue Sep 27 16:23:15 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 18:23:15 +0200 (CEST)
Subject: SUSE-SU-2022:3439-1: important: Security update for flatpak
Message-ID: <20220927162315.61A45FD84@maintenance.suse.de>
SUSE Security Update: Security update for flatpak
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3439-1
Rating: important
References: #1191507
Cross-References: CVE-2021-41133
CVSS scores:
CVE-2021-41133 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-41133 (SUSE): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP 15
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for flatpak fixes the following issues:
- CVE-2021-41133: Fixed sandbox bypass via recent syscalls (bsc#1191507).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3439=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3439=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3439=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3439=1
Package List:
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
flatpak-0.10.4-150000.4.13.1
flatpak-debuginfo-0.10.4-150000.4.13.1
flatpak-debugsource-0.10.4-150000.4.13.1
flatpak-devel-0.10.4-150000.4.13.1
libflatpak0-0.10.4-150000.4.13.1
libflatpak0-debuginfo-0.10.4-150000.4.13.1
typelib-1_0-Flatpak-1_0-0.10.4-150000.4.13.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
flatpak-0.10.4-150000.4.13.1
flatpak-debuginfo-0.10.4-150000.4.13.1
flatpak-debugsource-0.10.4-150000.4.13.1
flatpak-devel-0.10.4-150000.4.13.1
libflatpak0-0.10.4-150000.4.13.1
libflatpak0-debuginfo-0.10.4-150000.4.13.1
typelib-1_0-Flatpak-1_0-0.10.4-150000.4.13.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
flatpak-0.10.4-150000.4.13.1
flatpak-debuginfo-0.10.4-150000.4.13.1
flatpak-debugsource-0.10.4-150000.4.13.1
flatpak-devel-0.10.4-150000.4.13.1
libflatpak0-0.10.4-150000.4.13.1
libflatpak0-debuginfo-0.10.4-150000.4.13.1
typelib-1_0-Flatpak-1_0-0.10.4-150000.4.13.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
flatpak-0.10.4-150000.4.13.1
flatpak-debuginfo-0.10.4-150000.4.13.1
flatpak-debugsource-0.10.4-150000.4.13.1
flatpak-devel-0.10.4-150000.4.13.1
libflatpak0-0.10.4-150000.4.13.1
libflatpak0-debuginfo-0.10.4-150000.4.13.1
typelib-1_0-Flatpak-1_0-0.10.4-150000.4.13.1
References:
https://www.suse.com/security/cve/CVE-2021-41133.html
https://bugzilla.suse.com/1191507
From sle-security-updates at lists.suse.com Tue Sep 27 16:25:54 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 18:25:54 +0200 (CEST)
Subject: SUSE-SU-2022:3430-1: important: Security update for dpdk
Message-ID: <20220927162554.DFB22FD84@maintenance.suse.de>
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3430-1
Rating: important
References: #1202903
Cross-References: CVE-2022-2132
CVSS scores:
CVE-2022-2132 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-2132 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two
descriptors and exhausts all mbufs (bsc#1202903).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3430=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3430=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3430=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3430=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3430=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3430=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3430=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3430=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le x86_64):
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
- SUSE CaaS Platform 4.0 (x86_64):
dpdk-18.11.9-150100.4.19.1
dpdk-debuginfo-18.11.9-150100.4.19.1
dpdk-debugsource-18.11.9-150100.4.19.1
dpdk-devel-18.11.9-150100.4.19.1
dpdk-devel-debuginfo-18.11.9-150100.4.19.1
dpdk-kmp-default-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-kmp-default-debuginfo-18.11.9_k4.12.14_150100.197.120-150100.4.19.1
dpdk-tools-18.11.9-150100.4.19.1
dpdk-tools-debuginfo-18.11.9-150100.4.19.1
libdpdk-18_11-18.11.9-150100.4.19.1
libdpdk-18_11-debuginfo-18.11.9-150100.4.19.1
References:
https://www.suse.com/security/cve/CVE-2022-2132.html
https://bugzilla.suse.com/1202903
From sle-security-updates at lists.suse.com Tue Sep 27 16:26:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 18:26:51 +0200 (CEST)
Subject: SUSE-SU-2022:3429-1: important: Security update for dpdk
Message-ID: <20220927162651.F176FFD84@maintenance.suse.de>
SUSE Security Update: Security update for dpdk
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3429-1
Rating: important
References: #1202903 #1202956
Cross-References: CVE-2022-2132 CVE-2022-28199
CVSS scores:
CVE-2022-2132 (NVD) : 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-2132 (SUSE): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CVE-2022-28199 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-28199 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for dpdk fixes the following issues:
- CVE-2022-2132: Fixed DoS when a vhost header crosses more than two
descriptors and exhausts all mbufs (bsc#1202903).
- CVE-2022-28199: Fixed buffer overflow in the vhost code (bsc#1202956).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3429=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3429=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3429=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3429=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3429=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3429=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3429=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3429=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3429=1
Package List:
- SUSE Manager Server 4.1 (ppc64le x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Manager Proxy 4.1 (x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64):
dpdk-thunderx-19.11.4-150200.3.20.1
dpdk-thunderx-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-debugsource-19.11.4-150200.3.20.1
dpdk-thunderx-devel-19.11.4-150200.3.20.1
dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64):
dpdk-thunderx-19.11.4-150200.3.20.1
dpdk-thunderx-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-debugsource-19.11.4-150200.3.20.1
dpdk-thunderx-devel-19.11.4-150200.3.20.1
dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64):
dpdk-thunderx-19.11.4-150200.3.20.1
dpdk-thunderx-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-debugsource-19.11.4-150200.3.20.1
dpdk-thunderx-devel-19.11.4-150200.3.20.1
dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
dpdk-19.11.4-150200.3.20.1
dpdk-debuginfo-19.11.4-150200.3.20.1
dpdk-debugsource-19.11.4-150200.3.20.1
dpdk-devel-19.11.4-150200.3.20.1
dpdk-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-tools-19.11.4-150200.3.20.1
dpdk-tools-debuginfo-19.11.4-150200.3.20.1
libdpdk-20_0-19.11.4-150200.3.20.1
libdpdk-20_0-debuginfo-19.11.4-150200.3.20.1
- SUSE Enterprise Storage 7 (aarch64):
dpdk-thunderx-19.11.4-150200.3.20.1
dpdk-thunderx-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-debugsource-19.11.4-150200.3.20.1
dpdk-thunderx-devel-19.11.4-150200.3.20.1
dpdk-thunderx-devel-debuginfo-19.11.4-150200.3.20.1
dpdk-thunderx-kmp-default-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
dpdk-thunderx-kmp-default-debuginfo-19.11.4_k5.3.18_150200.24.126-150200.3.20.1
References:
https://www.suse.com/security/cve/CVE-2022-2132.html
https://www.suse.com/security/cve/CVE-2022-28199.html
https://bugzilla.suse.com/1202903
https://bugzilla.suse.com/1202956
From sle-security-updates at lists.suse.com Tue Sep 27 19:20:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 21:20:25 +0200 (CEST)
Subject: SUSE-SU-2022:3440-1: important: Security update for MozillaFirefox
Message-ID: <20220927192025.A2054FD84@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3440-1
Rating: important
References: #1203477
Cross-References: CVE-2022-40956 CVE-2022-40957 CVE-2022-40958
CVE-2022-40959 CVE-2022-40960 CVE-2022-40962
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on
transient pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies
with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM
on ARM64.
- CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and
Firefox ESR 102.3.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3440=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3440=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3440=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3440=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3440=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3440=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3440=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3440=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
- SUSE OpenStack Cloud 9 (x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
MozillaFirefox-102.3.0-112.133.1
MozillaFirefox-debuginfo-102.3.0-112.133.1
MozillaFirefox-debugsource-102.3.0-112.133.1
MozillaFirefox-devel-102.3.0-112.133.1
MozillaFirefox-translations-common-102.3.0-112.133.1
References:
https://www.suse.com/security/cve/CVE-2022-40956.html
https://www.suse.com/security/cve/CVE-2022-40957.html
https://www.suse.com/security/cve/CVE-2022-40958.html
https://www.suse.com/security/cve/CVE-2022-40959.html
https://www.suse.com/security/cve/CVE-2022-40960.html
https://www.suse.com/security/cve/CVE-2022-40962.html
https://bugzilla.suse.com/1203477
From sle-security-updates at lists.suse.com Tue Sep 27 19:21:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Tue, 27 Sep 2022 21:21:37 +0200 (CEST)
Subject: SUSE-SU-2022:3441-1: important: Security update for MozillaFirefox
Message-ID: <20220927192137.7419FFD84@maintenance.suse.de>
SUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3441-1
Rating: important
References: #1203477
Cross-References: CVE-2022-40956 CVE-2022-40957 CVE-2022-40958
CVE-2022-40959 CVE-2022-40960 CVE-2022-40962
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes 6 vulnerabilities is now available.
Description:
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated from 102.2.0esr to 102.3.0esr (bsc#1203477):
- CVE-2022-40959: Fixed bypassing FeaturePolicy restrictions on
transient pages.
- CVE-2022-40960: Fixed data-race when parsing non-UTF-8 URLs in threads.
- CVE-2022-40958: Fixed bypassing secure context restriction for cookies
with __Host and __Secure prefix.
- CVE-2022-40956: Fixed content-security-policy base-uri bypass.
- CVE-2022-40957: Fixed incoherent instruction cache when building WASM
on ARM64.
- CVE-2022-40962: Fixed memory safety bugs fixed in Firefox 105 and
Firefox ESR 102.3.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3441=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3441=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3441=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3441=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3441=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3441=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3441=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3441=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3441=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3441=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE Enterprise Storage 6 (aarch64 x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
- SUSE CaaS Platform 4.0 (x86_64):
MozillaFirefox-102.3.0-150000.150.59.2
MozillaFirefox-debuginfo-102.3.0-150000.150.59.2
MozillaFirefox-debugsource-102.3.0-150000.150.59.2
MozillaFirefox-devel-102.3.0-150000.150.59.2
MozillaFirefox-translations-common-102.3.0-150000.150.59.2
MozillaFirefox-translations-other-102.3.0-150000.150.59.2
References:
https://www.suse.com/security/cve/CVE-2022-40956.html
https://www.suse.com/security/cve/CVE-2022-40957.html
https://www.suse.com/security/cve/CVE-2022-40958.html
https://www.suse.com/security/cve/CVE-2022-40959.html
https://www.suse.com/security/cve/CVE-2022-40960.html
https://www.suse.com/security/cve/CVE-2022-40962.html
https://bugzilla.suse.com/1203477
From sle-security-updates at lists.suse.com Tue Sep 27 22:23:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 00:23:30 +0200 (CEST)
Subject: SUSE-SU-2022:3445-1: important: Security update for the Linux Kernel
(Live Patch 25 for SLE 15 SP2)
Message-ID: <20220927222330.1D535FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 15 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3445-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-24_107 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3445=1
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3442=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3443=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3444=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-59_37-default-15-150300.2.2
kernel-livepatch-5_3_18-59_37-default-debuginfo-15-150300.2.2
kernel-livepatch-SLE15-SP3_Update_10-debugsource-15-150300.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-24_107-default-12-150200.2.2
kernel-livepatch-5_3_18-24_107-default-debuginfo-12-150200.2.2
kernel-livepatch-5_3_18-24_83-default-17-150200.2.2
kernel-livepatch-5_3_18-24_83-default-debuginfo-17-150200.2.2
kernel-livepatch-5_3_18-24_86-default-17-150200.2.2
kernel-livepatch-5_3_18-24_86-default-debuginfo-17-150200.2.2
kernel-livepatch-SLE15-SP2_Update_19-debugsource-17-150200.2.2
kernel-livepatch-SLE15-SP2_Update_20-debugsource-17-150200.2.2
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64):
kernel-livepatch-SLE15-SP2_Update_25-debugsource-12-150200.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Wed Sep 28 07:32:36 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 09:32:36 +0200 (CEST)
Subject: SUSE-CU-2022:2353-1: Security update of suse/sles12sp5
Message-ID: <20220928073236.4B09FF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2353-1
Container Tags : suse/sles12sp5:6.5.383 , suse/sles12sp5:latest
Container Release : 6.5.383
Severity : moderate
Type : security
References : 1050467 1191194 1200095 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container suse/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3382-1
Released: Mon Sep 26 12:34:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1050467,1191194,1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
- Add capability for prometheus-blackbox_exporter (bsc#1191194).
- Make btmp root:utmp (bsc#1050467).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3389-1
Released: Mon Sep 26 12:52:13 2022
Summary: Recommended update for libgcrypt
Type: recommended
Severity: moderate
References: 1200095
This update for libgcrypt fixes the following issues:
- FIPS: Auto-initialize drbg if needed. (bsc#1200095)
The following package changes have been done:
- libgcrypt20-1.6.1-16.83.1 updated
- permissions-20170707-6.10.1 updated
From sle-security-updates at lists.suse.com Wed Sep 28 07:56:17 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 09:56:17 +0200 (CEST)
Subject: SUSE-CU-2022:2354-1: Security update of suse/sle15
Message-ID: <20220928075617.603B4F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2354-1
Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.618
Container Release : 4.22.618
Severity : moderate
Type : security
References : 1189802 1195773 1201783 CVE-2021-36690 CVE-2022-35737
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:16:50 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:16:50 +0200 (CEST)
Subject: SUSE-CU-2022:2355-1: Security update of suse/sle15
Message-ID: <20220928081650.B637DF78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2355-1
Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.681
Container Release : 6.2.681
Severity : moderate
Type : security
References : 1189802 1195773 1201783 CVE-2021-36690 CVE-2022-35737
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:31:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:31:46 +0200 (CEST)
Subject: SUSE-CU-2022:2356-1: Security update of suse/sle15
Message-ID: <20220928083146.64D74F7C9@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2356-1
Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.202
Container Release : 9.5.202
Severity : moderate
Type : security
References : 1181994 1188006 1199079 1202868 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3394-1
Released: Mon Sep 26 16:05:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
The following package changes have been done:
- ca-certificates-mozilla-2.56-150200.24.1 updated
- permissions-20181225-150200.23.15.1 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:38:29 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:38:29 +0200 (CEST)
Subject: SUSE-CU-2022:2357-1: Security update of bci/bci-init
Message-ID: <20220928083829.72020F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2357-1
Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.19.52
Container Release : 19.52
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3394-1
Released: Mon Sep 26 16:05:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20181225-150200.23.15.1 updated
- container:sles15-image-15.0.0-17.20.44 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:46:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:46:23 +0200 (CEST)
Subject: SUSE-CU-2022:2359-1: Security update of bci/nodejs
Message-ID: <20220928084623.3E885F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2359-1
Container Tags : bci/node:12 , bci/node:12-16.214 , bci/nodejs:12 , bci/nodejs:12-16.214
Container Release : 16.214
Severity : important
Type : security
References : 1189802 1195773 1201680 1201783 1203018 CVE-2021-36690 CVE-2021-46828
CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3394-1
Released: Mon Sep 26 16:05:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20181225-150200.23.15.1 updated
- container:sles15-image-15.0.0-17.20.44 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:51:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:51:14 +0200 (CEST)
Subject: SUSE-CU-2022:2360-1: Security update of bci/python
Message-ID: <20220928085114.2A18EF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2360-1
Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-18.124
Container Release : 18.124
Severity : important
Type : security
References : 1189802 1195773 1201680 1201783 1203018 CVE-2021-36690 CVE-2021-46828
CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3394-1
Released: Mon Sep 26 16:05:19 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20181225-150200.23.15.1 updated
- container:sles15-image-15.0.0-17.20.44 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:52:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:52:22 +0200 (CEST)
Subject: SUSE-CU-2022:2361-1: Security update of suse/389-ds
Message-ID: <20220928085222.A9441F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2361-1
Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-16.28 , suse/389-ds:latest
Container Release : 16.28
Severity : important
Type : security
References : 1047178 1189802 1195773 1197998 1201680 1201783 1202470 1203018
CVE-2017-6512 CVE-2021-36690 CVE-2021-46828 CVE-2022-2850 CVE-2022-31252
CVE-2022-35737
-----------------------------------------------------------------
The container suse/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3286-1
Released: Fri Sep 16 09:08:48 2022
Summary: Security update for 389-ds
Type: security
Severity: moderate
References: 1197998,1202470,CVE-2022-2850
This update for 389-ds fixes the following issues:
- CVE-2022-2850: Fixed an application crash when running a sync_repl client that could be triggered via a malformed cookie (bsc#1202470).
Non-security fixes:
- Update to version 2.0.16~git20.219f047ae:
* Fix missing 'not' in description
* CI - makes replication/acceptance_test.py::test_modify_entry more robust
* fix repl keep alive event interval
* Sync_repl may crash while managing invalid cookie
* Hostname when set to localhost causing failures in other tests
* lib389 - do not set backend name to lowercase
* keep alive update event starts too soon
* Fix various memory leaks
* UI - LDAP Editor is not updated when we switch instances
* Supplier should do periodic updates
- Update sudoers schema to support UTF-8 (bsc#1197998)
- Update to version 2.0.16~git9.e2a858a86:
* UI - Various fixes and RFE's for UI
* Remove problematic language from source code
* CI - disable TLS hostname checking
* Update npm and cargo packages
* Support ECDSA private keys for TLS
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- libsvrcore0-2.0.16~git20.219f047ae-150400.3.10.1 updated
- lib389-2.0.16~git20.219f047ae-150400.3.10.1 updated
- 389-ds-2.0.16~git20.219f047ae-150400.3.10.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:53:29 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:53:29 +0200 (CEST)
Subject: SUSE-CU-2022:2362-1: Security update of bci/dotnet-aspnet
Message-ID: <20220928085329.9B1C3F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2362-1
Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-40.5 , bci/dotnet-aspnet:3.1.29 , bci/dotnet-aspnet:3.1.29-40.5
Container Release : 40.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:54:39 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:54:39 +0200 (CEST)
Subject: SUSE-CU-2022:2363-1: Security update of bci/dotnet-aspnet
Message-ID: <20220928085439.36EEDF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2363-1
Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-22.5 , bci/dotnet-aspnet:6.0.9 , bci/dotnet-aspnet:6.0.9-22.5
Container Release : 22.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:55:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:55:45 +0200 (CEST)
Subject: SUSE-CU-2022:2364-1: Security update of bci/dotnet-runtime
Message-ID: <20220928085545.EB2B8F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2364-1
Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.5 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.5
Container Release : 34.5
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:57:24 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:57:24 +0200 (CEST)
Subject: SUSE-CU-2022:2365-1: Security update of bci/golang
Message-ID: <20220928085724.F17FEF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2365-1
Container Tags : bci/golang:1.16 , bci/golang:1.16-30.43
Container Release : 30.43
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 08:59:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 10:59:06 +0200 (CEST)
Subject: SUSE-CU-2022:2366-1: Security update of bci/golang
Message-ID: <20220928085906.4C1CFF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2366-1
Container Tags : bci/golang:1.17 , bci/golang:1.17-29.43
Container Release : 29.43
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:00:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:00:31 +0200 (CEST)
Subject: SUSE-CU-2022:2367-1: Security update of bci/golang
Message-ID: <20220928090031.2BFDAFD84@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2367-1
Container Tags : bci/golang:1.18 , bci/golang:1.18-16.40
Container Release : 16.40
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:01:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:01:37 +0200 (CEST)
Subject: SUSE-CU-2022:2368-1: Security update of bci/golang
Message-ID: <20220928090137.98842F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2368-1
Container Tags : bci/golang:1.19 , bci/golang:1.19-2.42 , bci/golang:latest
Container Release : 2.42
Severity : important
Type : security
References : 1200441 1203018 1203185 1203186 CVE-2022-27664 CVE-2022-31252
CVE-2022-32190
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3326-1
Released: Wed Sep 21 12:28:41 2022
Summary: Security update for go1.19
Type: security
Severity: important
References: 1200441,1203185,1203186,CVE-2022-27664,CVE-2022-32190
This update for go1.19 fixes the following issues:
Update to go version 1.19.1 (bsc#1200441):
- CVE-2022-27664: Fixed DoS in net/http caused by mishandled server errors after sending GOAWAY (bsc#1203185).
- CVE-2022-32190: Fixed missing stripping of relative path components in net/url JoinPath (bsc#1203186).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- go1.19-1.19.1-150000.1.9.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:02:52 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:02:52 +0200 (CEST)
Subject: SUSE-CU-2022:2369-1: Security update of bci/bci-init
Message-ID: <20220928090252.03168F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2369-1
Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.22.27 , bci/bci-init:latest
Container Release : 22.27
Severity : important
Type : security
References : 1201680 1203018 CVE-2021-46828 CVE-2022-31252
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:04:32 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:04:32 +0200 (CEST)
Subject: SUSE-CU-2022:2372-1: Security update of bci/nodejs
Message-ID: <20220928090432.014D3F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2372-1
Container Tags : bci/node:14 , bci/node:14-33.40 , bci/nodejs:14 , bci/nodejs:14-33.40
Container Release : 33.40
Severity : important
Type : security
References : 1047178 1199140 1201680 1203018 CVE-2017-6512 CVE-2021-46828
CVE-2022-31252
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:05:34 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:05:34 +0200 (CEST)
Subject: SUSE-CU-2022:2373-1: Security update of bci/nodejs
Message-ID: <20220928090534.32D03F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2373-1
Container Tags : bci/node:16 , bci/node:16-9.41 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-9.41 , bci/nodejs:latest
Container Release : 9.41
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:07:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:07:51 +0200 (CEST)
Subject: SUSE-CU-2022:2374-1: Security update of bci/openjdk-devel
Message-ID: <20220928090751.4AFD9F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2374-1
Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-34.84 , bci/openjdk-devel:latest
Container Release : 34.84
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:bci-openjdk-11-15.4-30.39 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:09:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:09:45 +0200 (CEST)
Subject: SUSE-CU-2022:2375-1: Security update of bci/openjdk
Message-ID: <20220928090945.2ECC4F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2375-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-30.39 , bci/openjdk:latest
Container Release : 30.39
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:41:29 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:41:29 +0200 (CEST)
Subject: SUSE-CU-2022:2375-1: Security update of bci/openjdk
Message-ID: <20220928094129.05BB9F7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2375-1
Container Tags : bci/openjdk:11 , bci/openjdk:11-30.39 , bci/openjdk:latest
Container Release : 30.39
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:43:28 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:43:28 +0200 (CEST)
Subject: SUSE-CU-2022:2376-1: Security update of suse/pcp
Message-ID: <20220928094328.5E17FF7C9@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2376-1
Container Tags : suse/pcp:5 , suse/pcp:5.2 , suse/pcp:5.2.2 , suse/pcp:5.2.2-10.46 , suse/pcp:latest
Container Release : 10.46
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:bci-bci-init-15.4-15.4-22.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:44:37 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:44:37 +0200 (CEST)
Subject: SUSE-CU-2022:2377-1: Security update of bci/python
Message-ID: <20220928094437.01A5CF7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2377-1
Container Tags : bci/python:3 , bci/python:3.10 , bci/python:3.10-5.37 , bci/python:latest
Container Release : 5.37
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:46:01 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:46:01 +0200 (CEST)
Subject: SUSE-CU-2022:2378-1: Security update of bci/python
Message-ID: <20220928094601.0B16CF7C9@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2378-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-28.37
Container Release : 28.37
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:48:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:48:08 +0200 (CEST)
Subject: SUSE-CU-2022:2379-1: Security update of bci/ruby
Message-ID: <20220928094808.8075FF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2379-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-29.38 , bci/ruby:latest
Container Release : 29.38
Severity : important
Type : security
References : 1047178 1189802 1193081 1195773 1198752 1199140 1200800 1201680
1201783 1203018 CVE-2017-6512 CVE-2021-36690 CVE-2021-41819 CVE-2021-46828
CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3127-1
Released: Wed Sep 7 04:36:10 2022
Summary: Recommended update for libtirpc
Type: recommended
Severity: moderate
References: 1198752,1200800
This update for libtirpc fixes the following issues:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3215-1
Released: Thu Sep 8 15:58:27 2022
Summary: Recommended update for rpm
Type: recommended
Severity: moderate
References:
This update for rpm fixes the following issues:
- Support Ed25519 RPM signatures [jsc#SLE-24714]
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3262-1
Released: Tue Sep 13 15:34:29 2022
Summary: Recommended update for gcc11
Type: recommended
Severity: moderate
References: 1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3271-1
Released: Wed Sep 14 06:45:39 2022
Summary: Security update for perl
Type: security
Severity: moderate
References: 1047178,CVE-2017-6512
This update for perl fixes the following issues:
- CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3292-1
Released: Fri Sep 16 17:06:20 2022
Summary: Security update for ruby2.5
Type: security
Severity: moderate
References: 1193081,CVE-2021-41819
This update for ruby2.5 fixes the following issues:
- CVE-2021-41819: Fixed cookie prefix spoofing in CGI::Cookie.parse (bsc#1193081).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- perl-base-5.26.1-150300.17.11.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libgcc_s1-11.3.0+git1637-150000.1.11.2 updated
- libstdc++6-11.3.0+git1637-150000.1.11.2 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- rpm-ndb-4.14.3-150300.49.1 updated
- libatomic1-11.3.0+git1637-150000.1.11.2 updated
- libgomp1-11.3.0+git1637-150000.1.11.2 updated
- libitm1-11.3.0+git1637-150000.1.11.2 updated
- liblsan0-11.3.0+git1637-150000.1.11.2 updated
- libruby2_5-2_5-2.5.9-150000.4.26.1 updated
- libtsan0-11.3.0+git1637-150000.1.11.2 updated
- ruby2.5-stdlib-2.5.9-150000.4.26.1 updated
- ruby2.5-2.5.9-150000.4.26.1 updated
- sqlite3-devel-3.39.3-150000.3.17.1 updated
- ruby2.5-devel-2.5.9-150000.4.26.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:49:25 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:49:25 +0200 (CEST)
Subject: SUSE-CU-2022:2380-1: Security update of bci/rust
Message-ID: <20220928094925.4D56AF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2380-1
Container Tags : bci/rust:1.59 , bci/rust:1.59-9.54
Container Release : 9.54
Severity : important
Type : security
References : 1201680 1203018 CVE-2021-46828 CVE-2022-31252
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:50:40 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:50:40 +0200 (CEST)
Subject: SUSE-CU-2022:2381-1: Security update of bci/rust
Message-ID: <20220928095040.81709F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2381-1
Container Tags : bci/rust:1.60 , bci/rust:1.60-5.37
Container Release : 5.37
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:51:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:51:43 +0200 (CEST)
Subject: SUSE-CU-2022:2382-1: Security update of bci/rust
Message-ID: <20220928095143.32E88F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2382-1
Container Tags : bci/rust:1.61 , bci/rust:1.61-6.36
Container Release : 6.36
Severity : important
Type : security
References : 1201680 1203018 CVE-2021-46828 CVE-2022-31252
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:52:31 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:52:31 +0200 (CEST)
Subject: SUSE-CU-2022:2383-1: Security update of bci/rust
Message-ID: <20220928095231.AA645F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2383-1
Container Tags : bci/rust:1.62 , bci/rust:1.62-2.36 , bci/rust:latest
Container Release : 2.36
Severity : moderate
Type : security
References : 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
The following package changes have been done:
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.27 updated
From sle-security-updates at lists.suse.com Wed Sep 28 09:53:40 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 11:53:40 +0200 (CEST)
Subject: SUSE-CU-2022:2384-1: Security update of suse/sle15
Message-ID: <20220928095340.C07D7F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2384-1
Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.11.27 , suse/sle15:15.4 , suse/sle15:15.4.27.11.27
Container Release : 27.11.27
Severity : important
Type : security
References : 1181994 1188006 1189802 1195773 1199079 1201680 1201783 1202868
1203018 CVE-2021-36690 CVE-2021-46828 CVE-2022-31252 CVE-2022-35737
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3304-1
Released: Mon Sep 19 11:43:25 2022
Summary: Recommended update for libassuan
Type: recommended
Severity: moderate
References:
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3305-1
Released: Mon Sep 19 11:45:57 2022
Summary: Security update for libtirpc
Type: security
Severity: important
References: 1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed denial of service vulnerability with lots of connections (bsc#1201680).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3307-1
Released: Mon Sep 19 13:26:51 2022
Summary: Security update for sqlite3
Type: security
Severity: moderate
References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3395-1
Released: Mon Sep 26 16:35:18 2022
Summary: Recommended update for ca-certificates-mozilla
Type: recommended
Severity: moderate
References: 1181994,1188006,1199079,1202868
This update for ca-certificates-mozilla fixes the following issues:
Updated to 2.56 state of Mozilla SSL root CAs (bsc#1202868)
- Added:
- Certainly Root E1
- Certainly Root R1
- DigiCert SMIME ECC P384 Root G5
- DigiCert SMIME RSA4096 Root G5
- DigiCert TLS ECC P384 Root G5
- DigiCert TLS RSA4096 Root G5
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Removed:
- Hellenic Academic and Research Institutions RootCA 2011
Updated to 2.54 state of Mozilla SSL root CAs (bsc#1199079)
- Added:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- D-TRUST BR Root CA 1 2020
- D-TRUST EV Root CA 1 2020
- GlobalSign ECC Root CA R4
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
- HiPKI Root CA - G1
- ISRG Root X2
- Telia Root CA v2
- vTrus ECC Root CA
- vTrus Root CA
- Removed:
- Cybertrust Global Root
- DST Root CA X3
- DigiNotar PKIoverheid CA Organisatie - G2
- GlobalSign ECC Root CA R4
- GlobalSign Root CA R2
- GTS Root R1
- GTS Root R2
- GTS Root R3
- GTS Root R4
Updated to 2.50 state of the Mozilla NSS Certificate store (bsc#1188006)
- Added:
- HARICA Client ECC Root CA 2021
- HARICA Client RSA Root CA 2021
- HARICA TLS ECC Root CA 2021
- HARICA TLS RSA Root CA 2021
- TunTrust Root CA
Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994)
- Added new root CAs:
- NAVER Global Root Certification Authority
- Removed old root CAs:
- GeoTrust Global CA
- GeoTrust Primary Certification Authority
- GeoTrust Primary Certification Authority - G3
- GeoTrust Universal CA
- GeoTrust Universal CA 2
- thawte Primary Root CA
- thawte Primary Root CA - G2
- thawte Primary Root CA - G3
- VeriSign Class 3 Public Primary Certification Authority - G4
- VeriSign Class 3 Public Primary Certification Authority - G5
The following package changes have been done:
- ca-certificates-mozilla-2.56-150200.24.1 updated
- libassuan0-2.5.5-150000.4.3.1 updated
- libsqlite3-0-3.39.3-150000.3.17.1 updated
- libtirpc-netconfig-1.2.6-150300.3.14.1 updated
- libtirpc3-1.2.6-150300.3.14.1 updated
- permissions-20201225-150400.5.11.1 updated
From sle-security-updates at lists.suse.com Wed Sep 28 10:21:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 12:21:30 +0200 (CEST)
Subject: SUSE-SU-2022:3450-1: important: Security update for the Linux Kernel
Message-ID: <20220928102130.4C73EF7C9@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3450-1
Rating: important
References: #1023051 #1180153 #1188944 #1191881 #1192968
#1194272 #1194535 #1196616 #1197158 #1199482
#1199665 #1201726 #1201948 #1202096 #1202097
#1202154 #1202346 #1202347 #1202393 #1202396
#1202564 #1202672 #1202860 #1202895 #1202898
#1203098 #1203107 #1203159
Cross-References: CVE-2016-3695 CVE-2020-27784 CVE-2020-36516
CVE-2021-4155 CVE-2021-4203 CVE-2022-1012
CVE-2022-20166 CVE-2022-20368 CVE-2022-20369
CVE-2022-2588 CVE-2022-26373 CVE-2022-2639
CVE-2022-2663 CVE-2022-2905 CVE-2022-29581
CVE-2022-2977 CVE-2022-3028 CVE-2022-32250
CVE-2022-36879 CVE-2022-39188
CVSS scores:
CVE-2016-3695 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2016-3695 (SUSE): 2.2 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L
CVE-2020-27784 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2020-27784 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2020-36516 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
CVE-2020-36516 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CVE-2021-4155 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4155 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-4203 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2021-4203 (SUSE): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L
CVE-2022-1012 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CVE-2022-1012 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
CVE-2022-20166 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20166 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-20368 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20368 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-20369 (NVD) : 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-20369 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-2588 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-26373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2639 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2639 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
CVE-2022-2663 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CVE-2022-2663 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
CVE-2022-2905 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-2905 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-2977 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
CVE-2022-3028 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-3028 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-32250 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-36879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-36879 (SUSE): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Availability 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves 20 vulnerabilities and has 8 fixes is
now available.
Description:
The SUSE Linux Enterprise 15 SP2 LTSS kernel was updated to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where
a device driver can free a page while it still has stale TLB entries
(bnc#1203107).
- CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where
the message handling could be confused and incorrectly matches the
message (bnc#1202097).
- CVE-2022-3028: Fixed race condition that was found in the IP framework
for transforming packets (XFRM subsystem) (bnc#1202898).
- CVE-2020-27784: Fixed a vulnerability that was found in printer_ioctl()
printer_ioctl() when accessing a deallocated instance (bnc#1202895).
- CVE-2021-4155: Fixed a data leak flaw that was found in the way
XFS_IOC_ALLOCSP IOCTL in the XFS filesystem (bnc#1194272).
- CVE-2022-2905: Fixed tnum_range usage on array range checking for poke
descriptors (bsc#1202564, bsc#1202860).
- CVE-2022-2977: Fixed reference counting for struct tpm_chip
(bsc#1202672).
- CVE-2021-4203: Fixed use-after-free read flaw that was found in
sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and
SO_PEERGROUPS race with listen() (bnc#1194535).
- CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).
- CVE-2022-1012: Fixed a memory leak problem that was found in the TCP
source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).
- CVE-2022-36879: Fixed an issue in xfrm_expand_policies in
net/xfrm/xfrm_policy.c where a refcount could be dropped twice
(bnc#1201948).
- CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()
(bsc#1202346).
- CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of
v4l2-mem2mem.c (bnc#1202347).
- CVE-2022-26373: Fixed non-transparent sharing of return predictor
targets between contexts in some Intel Processors (bnc#1201726).
- CVE-2016-3695: Fixed an issue inside the einj_error_inject function in
drivers/acpi/apei/einj.c that allowed users to simulate hardware errors
and consequently cause a denial of service (bnc#1023051).
- CVE-2022-2639: Fixed an integer coercion error that was found in the
openvswitch kernel module (bnc#1202154).
- CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where
an attacker was able to inject data into or terminate a victim's TCP
session (bnc#1196616).
- CVE-2022-32250: Fixed a privilege escalation issue in
net/netfilter/nf_tables_api.c that allowed a local user to became root
(bnc#1200015)
- CVE-2022-29581: Fixed improper update of reference count vulnerability
in net/sched that allowed a local attacker to cause privilege escalation
to root (bnc#1199665).
- CVE-2022-20166: Fixed possible out of bounds write due to a heap buffer
overflow in various methods of kernel base drivers (bnc#1200598).
The following non-security bugs were fixed:
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share
(bsc#1188944).
- cifs: skip trailing separators of prefix paths (bsc#1188944).
- config: Update files NVRAM=y (bsc#1201361 bsc#1192968).
- kernel-obs-build: include qemu_fw_cfg (boo#1201705)
- lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420
ZDI-CAN-17325).
- md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).
- mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
(git-fixes, bsc#1203098).
- mm: pagewalk: Fix race between unmap and page walker (git-fixes,
bsc#1203159).
- net_sched: cls_route: disallow handle of 0 (bsc#1202393).
- objtool: Add support for intra-function calls (bsc#1202396).
- objtool: Make handle_insn_ops() unconditional (bsc#1202396).
- objtool: Remove INSN_STACK (bsc#1202396).
- objtool: Rework allocating stack_ops on decode (bsc#1202396).
- objtool: Support multiple stack_op per instruction (bsc#1202396).
- rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).
- tcp: add some entropy in __inet_hash_connect() (bsc#1180153).
- tcp: change source port randomizarion at connect() time (bsc#1180153).
Special Instructions and Notes:
Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3450=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3450=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3450=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3450=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3450=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3450=1
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3450=1
Please note that this is the initial kernel livepatch without fixes
itself, this livepatch package is later updated by seperate standalone
livepatch updates.
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3450=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3450=1
- SUSE Linux Enterprise High Availability 15-SP2:
zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-3450=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3450=1
Package List:
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Manager Server 4.1 (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Manager Server 4.1 (x86_64):
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
- SUSE Manager Retail Branch Server 4.1 (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Manager Proxy 4.1 (x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Manager Proxy 4.1 (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64):
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64):
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Server 15-SP2-BCL (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-livepatch-5.3.18-150200.24.129.1
kernel-default-livepatch-devel-5.3.18-150200.24.129.1
kernel-livepatch-5_3_18-150200_24_129-default-1-150200.5.3.1
kernel-livepatch-5_3_18-150200_24_129-default-debuginfo-1-150200.5.3.1
kernel-livepatch-SLE15-SP2_Update_30-debugsource-1-150200.5.3.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
- SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64):
cluster-md-kmp-default-5.3.18-150200.24.129.1
cluster-md-kmp-default-debuginfo-5.3.18-150200.24.129.1
dlm-kmp-default-5.3.18-150200.24.129.1
dlm-kmp-default-debuginfo-5.3.18-150200.24.129.1
gfs2-kmp-default-5.3.18-150200.24.129.1
gfs2-kmp-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
ocfs2-kmp-default-5.3.18-150200.24.129.1
ocfs2-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
kernel-default-5.3.18-150200.24.129.1
kernel-default-base-5.3.18-150200.24.129.1.150200.9.61.1
kernel-default-debuginfo-5.3.18-150200.24.129.1
kernel-default-debugsource-5.3.18-150200.24.129.1
kernel-default-devel-5.3.18-150200.24.129.1
kernel-default-devel-debuginfo-5.3.18-150200.24.129.1
kernel-obs-build-5.3.18-150200.24.129.1
kernel-obs-build-debugsource-5.3.18-150200.24.129.1
kernel-preempt-5.3.18-150200.24.129.1
kernel-preempt-debuginfo-5.3.18-150200.24.129.1
kernel-preempt-debugsource-5.3.18-150200.24.129.1
kernel-preempt-devel-5.3.18-150200.24.129.1
kernel-preempt-devel-debuginfo-5.3.18-150200.24.129.1
kernel-syms-5.3.18-150200.24.129.1
reiserfs-kmp-default-5.3.18-150200.24.129.1
reiserfs-kmp-default-debuginfo-5.3.18-150200.24.129.1
- SUSE Enterprise Storage 7 (noarch):
kernel-devel-5.3.18-150200.24.129.1
kernel-docs-5.3.18-150200.24.129.1
kernel-macros-5.3.18-150200.24.129.1
kernel-source-5.3.18-150200.24.129.1
References:
https://www.suse.com/security/cve/CVE-2016-3695.html
https://www.suse.com/security/cve/CVE-2020-27784.html
https://www.suse.com/security/cve/CVE-2020-36516.html
https://www.suse.com/security/cve/CVE-2021-4155.html
https://www.suse.com/security/cve/CVE-2021-4203.html
https://www.suse.com/security/cve/CVE-2022-1012.html
https://www.suse.com/security/cve/CVE-2022-20166.html
https://www.suse.com/security/cve/CVE-2022-20368.html
https://www.suse.com/security/cve/CVE-2022-20369.html
https://www.suse.com/security/cve/CVE-2022-2588.html
https://www.suse.com/security/cve/CVE-2022-26373.html
https://www.suse.com/security/cve/CVE-2022-2639.html
https://www.suse.com/security/cve/CVE-2022-2663.html
https://www.suse.com/security/cve/CVE-2022-2905.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-2977.html
https://www.suse.com/security/cve/CVE-2022-3028.html
https://www.suse.com/security/cve/CVE-2022-32250.html
https://www.suse.com/security/cve/CVE-2022-36879.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1023051
https://bugzilla.suse.com/1180153
https://bugzilla.suse.com/1188944
https://bugzilla.suse.com/1191881
https://bugzilla.suse.com/1192968
https://bugzilla.suse.com/1194272
https://bugzilla.suse.com/1194535
https://bugzilla.suse.com/1196616
https://bugzilla.suse.com/1197158
https://bugzilla.suse.com/1199482
https://bugzilla.suse.com/1199665
https://bugzilla.suse.com/1201726
https://bugzilla.suse.com/1201948
https://bugzilla.suse.com/1202096
https://bugzilla.suse.com/1202097
https://bugzilla.suse.com/1202154
https://bugzilla.suse.com/1202346
https://bugzilla.suse.com/1202347
https://bugzilla.suse.com/1202393
https://bugzilla.suse.com/1202396
https://bugzilla.suse.com/1202564
https://bugzilla.suse.com/1202672
https://bugzilla.suse.com/1202860
https://bugzilla.suse.com/1202895
https://bugzilla.suse.com/1202898
https://bugzilla.suse.com/1203098
https://bugzilla.suse.com/1203107
https://bugzilla.suse.com/1203159
From sle-security-updates at lists.suse.com Wed Sep 28 13:19:51 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 15:19:51 +0200 (CEST)
Subject: SUSE-SU-2022:3451-1: moderate: Security update for rust1.62
Message-ID: <20220928131951.C6ADDF7C9@maintenance.suse.de>
SUSE Security Update: Security update for rust1.62
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3451-1
Rating: moderate
References: #1203431 #1203433
Cross-References: CVE-2022-36113 CVE-2022-36114
CVSS scores:
CVE-2022-36113 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
CVE-2022-36113 (SUSE): 5.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L
CVE-2022-36114 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2022-36114 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Development Tools 15-SP3
SUSE Linux Enterprise Module for Development Tools 15-SP4
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.2
SUSE Manager Server 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for rust1.62 fixes the following issues:
- CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433).
- CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3451=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3451=1
- SUSE Linux Enterprise Module for Development Tools 15-SP4:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-3451=1
- SUSE Linux Enterprise Module for Development Tools 15-SP3:
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-3451=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
cargo1.62-1.62.1-150300.7.7.1
cargo1.62-debuginfo-1.62.1-150300.7.7.1
rust1.62-1.62.1-150300.7.7.1
rust1.62-debuginfo-1.62.1-150300.7.7.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
cargo1.62-1.62.1-150300.7.7.1
cargo1.62-debuginfo-1.62.1-150300.7.7.1
rust1.62-1.62.1-150300.7.7.1
rust1.62-debuginfo-1.62.1-150300.7.7.1
- SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64):
cargo1.62-1.62.1-150300.7.7.1
cargo1.62-debuginfo-1.62.1-150300.7.7.1
rust1.62-1.62.1-150300.7.7.1
rust1.62-debuginfo-1.62.1-150300.7.7.1
- SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64):
cargo1.62-1.62.1-150300.7.7.1
cargo1.62-debuginfo-1.62.1-150300.7.7.1
rust1.62-1.62.1-150300.7.7.1
rust1.62-debuginfo-1.62.1-150300.7.7.1
References:
https://www.suse.com/security/cve/CVE-2022-36113.html
https://www.suse.com/security/cve/CVE-2022-36114.html
https://bugzilla.suse.com/1203431
https://bugzilla.suse.com/1203433
From sle-security-updates at lists.suse.com Wed Sep 28 16:20:23 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 18:20:23 +0200 (CEST)
Subject: SUSE-SU-2022:3454-1: important: Security update for slurm_18_08
Message-ID: <20220928162023.0827CFD84@maintenance.suse.de>
SUSE Security Update: Security update for slurm_18_08
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3454-1
Rating: important
References: #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Module for HPC 12
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for slurm_18_08 fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test
package (bsc#1201674).
- CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an
unprivileged user to execute arbitrary processes as root (bsc#1199278).
- CVE-2022-29501: Fixed a vulnerability where an unprivileged user can
send data to arbitrary unix socket as root (bsc#1199279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for HPC 12:
zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3454=1
Package List:
- SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64):
libpmi0_18_08-18.08.9-3.17.1
libpmi0_18_08-debuginfo-18.08.9-3.17.1
libslurm33-18.08.9-3.17.1
libslurm33-debuginfo-18.08.9-3.17.1
perl-slurm_18_08-18.08.9-3.17.1
perl-slurm_18_08-debuginfo-18.08.9-3.17.1
slurm_18_08-18.08.9-3.17.1
slurm_18_08-auth-none-18.08.9-3.17.1
slurm_18_08-auth-none-debuginfo-18.08.9-3.17.1
slurm_18_08-config-18.08.9-3.17.1
slurm_18_08-debuginfo-18.08.9-3.17.1
slurm_18_08-debugsource-18.08.9-3.17.1
slurm_18_08-devel-18.08.9-3.17.1
slurm_18_08-doc-18.08.9-3.17.1
slurm_18_08-lua-18.08.9-3.17.1
slurm_18_08-lua-debuginfo-18.08.9-3.17.1
slurm_18_08-munge-18.08.9-3.17.1
slurm_18_08-munge-debuginfo-18.08.9-3.17.1
slurm_18_08-node-18.08.9-3.17.1
slurm_18_08-node-debuginfo-18.08.9-3.17.1
slurm_18_08-pam_slurm-18.08.9-3.17.1
slurm_18_08-pam_slurm-debuginfo-18.08.9-3.17.1
slurm_18_08-plugins-18.08.9-3.17.1
slurm_18_08-plugins-debuginfo-18.08.9-3.17.1
slurm_18_08-slurmdbd-18.08.9-3.17.1
slurm_18_08-slurmdbd-debuginfo-18.08.9-3.17.1
slurm_18_08-sql-18.08.9-3.17.1
slurm_18_08-sql-debuginfo-18.08.9-3.17.1
slurm_18_08-torque-18.08.9-3.17.1
slurm_18_08-torque-debuginfo-18.08.9-3.17.1
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
From sle-security-updates at lists.suse.com Wed Sep 28 19:19:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 21:19:46 +0200 (CEST)
Subject: SUSE-SU-2022:3455-1: important: Security update for libostree
Message-ID: <20220928191946.25286F7C9@maintenance.suse.de>
SUSE Security Update: Security update for libostree
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3455-1
Rating: important
References: #1201770
Cross-References: CVE-2014-9862
CVSS scores:
CVE-2014-9862 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2014-9862 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libostree fixes the following issues:
- CVE-2014-9862: Fixed arbitrary write on heap vulnerability (bsc#1201770).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3455=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3455=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3455=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3455=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3455=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3455=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
- SUSE CaaS Platform 4.0 (x86_64):
libostree-1-1-2018.9-150100.7.4.1
libostree-1-1-debuginfo-2018.9-150100.7.4.1
libostree-2018.9-150100.7.4.1
libostree-debuginfo-2018.9-150100.7.4.1
libostree-debugsource-2018.9-150100.7.4.1
libostree-devel-2018.9-150100.7.4.1
typelib-1_0-OSTree-1_0-2018.9-150100.7.4.1
References:
https://www.suse.com/security/cve/CVE-2014-9862.html
https://bugzilla.suse.com/1201770
From sle-security-updates at lists.suse.com Wed Sep 28 19:20:47 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 21:20:47 +0200 (CEST)
Subject: SUSE-SU-2022:3457-1: important: Security update for vsftpd
Message-ID: <20220928192047.BD951F7C9@maintenance.suse.de>
SUSE Security Update: Security update for vsftpd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3457-1
Rating: important
References: #1021387 #1052900 #1181400 #1187678 #1187686
#786024 #971784 PM-3322 SLE-23896
Cross-References: CVE-2021-3618
CVSS scores:
CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Server Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that solves one vulnerability, contains two
features and has 6 fixes is now available.
Description:
This update for vsftpd fixes the following issues:
- CVE-2021-3618: Enforced security checks against ALPACA attack (PM-3322,
jsc#SLE-23896, bsc#1187686, bsc#1187678).
- Added hardening to systemd services (bsc#1181400).
Bugfixes:
- Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900).
- Allowed wait4() to be called so that the broker can wait for its child
processes (bsc#1021387).
- Fixed hang when using seccomp and syslog (bsc#971784).
- Allowed sendto() syscall when /dev/log support is enabled (bsc#786024).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3457=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3457=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3457=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3457=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3457=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3457=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3457=1
- SUSE Linux Enterprise Module for Server Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-3457=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3457=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3457=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3457=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Manager Proxy 4.1 (x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
vsftpd-3.0.5-150200.12.9.1
vsftpd-debuginfo-3.0.5-150200.12.9.1
vsftpd-debugsource-3.0.5-150200.12.9.1
References:
https://www.suse.com/security/cve/CVE-2021-3618.html
https://bugzilla.suse.com/1021387
https://bugzilla.suse.com/1052900
https://bugzilla.suse.com/1181400
https://bugzilla.suse.com/1187678
https://bugzilla.suse.com/1187686
https://bugzilla.suse.com/786024
https://bugzilla.suse.com/971784
From sle-security-updates at lists.suse.com Wed Sep 28 19:22:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 21:22:27 +0200 (CEST)
Subject: SUSE-SU-2022:3458-1: important: Security update for vsftpd
Message-ID: <20220928192227.0B310F7C9@maintenance.suse.de>
SUSE Security Update: Security update for vsftpd
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3458-1
Rating: important
References: #1021387 #1052900 #1181400 #1187678 #1187686
#786024 #971784 PM-3322 SLE-23895
Cross-References: CVE-2021-3618
CVSS scores:
CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server for SAP 15
SUSE Linux Enterprise Server for SAP 15-SP1
______________________________________________________________________________
An update that solves one vulnerability, contains two
features and has 6 fixes is now available.
Description:
This update for vsftpd fixes the following issues:
- CVE-2021-3618: Enforced security checks against ALPACA attack (PM-3322,
jsc#SLE-23895, bsc#1187686, bsc#1187678).
- Added hardening to systemd services (bsc#1181400).
Bugfixes:
- Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900).
- Allowed wait4() to be called so that the broker can wait for its child
processes (bsc#1021387).
- Fixed hang when using seccomp and syslog (bsc#971784).
- Allowed sendto() syscall when /dev/log support is enabled (bsc#786024).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3458=1
- SUSE Linux Enterprise Server for SAP 15:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3458=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3458=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3458=1
- SUSE Linux Enterprise Server 15-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3458=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3458=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3458=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3458=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3458=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3458=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE Enterprise Storage 6 (aarch64 x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
- SUSE CaaS Platform 4.0 (x86_64):
vsftpd-3.0.5-150000.7.19.1
vsftpd-debuginfo-3.0.5-150000.7.19.1
vsftpd-debugsource-3.0.5-150000.7.19.1
References:
https://www.suse.com/security/cve/CVE-2021-3618.html
https://bugzilla.suse.com/1021387
https://bugzilla.suse.com/1052900
https://bugzilla.suse.com/1181400
https://bugzilla.suse.com/1187678
https://bugzilla.suse.com/1187686
https://bugzilla.suse.com/786024
https://bugzilla.suse.com/971784
From sle-security-updates at lists.suse.com Wed Sep 28 19:24:09 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Wed, 28 Sep 2022 21:24:09 +0200 (CEST)
Subject: SUSE-SU-2022:3456-1: important: Security update for libostree
Message-ID: <20220928192409.485E2F7C9@maintenance.suse.de>
SUSE Security Update: Security update for libostree
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3456-1
Rating: important
References: #1201770
Cross-References: CVE-2014-9862
CVSS scores:
CVE-2014-9862 (NVD) : 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2014-9862 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
SUSE Enterprise Storage 7
SUSE Linux Enterprise Desktop 15-SP3
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Desktop Applications 15-SP3
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP3
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.3
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libostree fixes the following issues:
- CVE-2014-9862: Fixed arbitrary write on heap vulnerability (bsc#1201770).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3456=1
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3456=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3456=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3456=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3456=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3456=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3456=1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-3456=1
- SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-3456=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3456=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3456=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3456=1
Package List:
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- openSUSE Leap 15.3 (aarch64 ppc64le x86_64):
libostree-grub2-2020.8-150200.3.6.1
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Manager Retail Branch Server 4.1 (x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Manager Proxy 4.1 (x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
- SUSE Enterprise Storage 7 (aarch64 x86_64):
libostree-1-1-2020.8-150200.3.6.1
libostree-1-1-debuginfo-2020.8-150200.3.6.1
libostree-2020.8-150200.3.6.1
libostree-debuginfo-2020.8-150200.3.6.1
libostree-debugsource-2020.8-150200.3.6.1
libostree-devel-2020.8-150200.3.6.1
typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1
References:
https://www.suse.com/security/cve/CVE-2014-9862.html
https://bugzilla.suse.com/1201770
From sle-security-updates at lists.suse.com Thu Sep 29 13:19:22 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:19:22 +0200 (CEST)
Subject: SUSE-SU-2022:3461-1: moderate: Security update for python3-lxml
Message-ID: <20220929131922.CDC0FFD84@maintenance.suse.de>
SUSE Security Update: Security update for python3-lxml
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3461-1
Rating: moderate
References: #1179534
Cross-References: CVE-2020-27783
CVSS scores:
CVE-2020-27783 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-27783 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python3-lxml fixes the following issues:
- CVE-2020-27783: Fixed XSS due to the use of improper parser
(bsc#1179534).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3461=1
Package List:
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
python3-lxml-3.6.1-3.3.1
python3-lxml-debuginfo-3.6.1-3.3.1
python3-lxml-debugsource-3.6.1-3.3.1
References:
https://www.suse.com/security/cve/CVE-2020-27783.html
https://bugzilla.suse.com/1179534
From sle-security-updates at lists.suse.com Thu Sep 29 13:20:14 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:20:14 +0200 (CEST)
Subject: SUSE-SU-2022:3466-1: important: Security update for expat
Message-ID: <20220929132014.DC2F1FD84@maintenance.suse.de>
SUSE Security Update: Security update for expat
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3466-1
Rating: important
References: #1203438
Cross-References: CVE-2022-40674
CVSS scores:
CVE-2022-40674 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-40674 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in
xmlparse.c (bsc#1203438).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3466=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3466=1
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3466=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3466=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3466=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3466=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3466=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3466=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debuginfo-32bit-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
- SUSE OpenStack Cloud 9 (x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debuginfo-32bit-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
expat-debuginfo-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat-devel-2.1.0-21.25.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64):
expat-debuginfo-32bit-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
expat-debuginfo-32bit-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64):
expat-debuginfo-32bit-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debuginfo-32bit-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
expat-2.1.0-21.25.1
expat-debuginfo-2.1.0-21.25.1
expat-debuginfo-32bit-2.1.0-21.25.1
expat-debugsource-2.1.0-21.25.1
libexpat1-2.1.0-21.25.1
libexpat1-32bit-2.1.0-21.25.1
libexpat1-debuginfo-2.1.0-21.25.1
libexpat1-debuginfo-32bit-2.1.0-21.25.1
References:
https://www.suse.com/security/cve/CVE-2022-40674.html
https://bugzilla.suse.com/1203438
From sle-security-updates at lists.suse.com Thu Sep 29 13:21:12 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:21:12 +0200 (CEST)
Subject: SUSE-SU-2022:3468-1: important: Security update for slurm
Message-ID: <20220929132112.261BFFD84@maintenance.suse.de>
SUSE Security Update: Security update for slurm
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3468-1
Rating: important
References: #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for slurm fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test
package (bsc#1201674).
- CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an
unprivileged user to execute arbitrary processes as root (bsc#1199278).
- CVE-2022-29501: Fixed a vulnerability where an unprivileged user can
send data to arbitrary unix socket as root (bsc#1199279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3468=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3468=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3468=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3468=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libslurm33-18.08.9-150100.3.22.1
libslurm33-debuginfo-18.08.9-150100.3.22.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libslurm33-18.08.9-150100.3.22.1
libslurm33-debuginfo-18.08.9-150100.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
libpmi0-18.08.9-150100.3.22.1
libpmi0-debuginfo-18.08.9-150100.3.22.1
libslurm33-18.08.9-150100.3.22.1
libslurm33-debuginfo-18.08.9-150100.3.22.1
perl-slurm-18.08.9-150100.3.22.1
perl-slurm-debuginfo-18.08.9-150100.3.22.1
slurm-18.08.9-150100.3.22.1
slurm-auth-none-18.08.9-150100.3.22.1
slurm-auth-none-debuginfo-18.08.9-150100.3.22.1
slurm-config-18.08.9-150100.3.22.1
slurm-config-man-18.08.9-150100.3.22.1
slurm-debuginfo-18.08.9-150100.3.22.1
slurm-debugsource-18.08.9-150100.3.22.1
slurm-devel-18.08.9-150100.3.22.1
slurm-doc-18.08.9-150100.3.22.1
slurm-lua-18.08.9-150100.3.22.1
slurm-lua-debuginfo-18.08.9-150100.3.22.1
slurm-munge-18.08.9-150100.3.22.1
slurm-munge-debuginfo-18.08.9-150100.3.22.1
slurm-node-18.08.9-150100.3.22.1
slurm-node-debuginfo-18.08.9-150100.3.22.1
slurm-pam_slurm-18.08.9-150100.3.22.1
slurm-pam_slurm-debuginfo-18.08.9-150100.3.22.1
slurm-plugins-18.08.9-150100.3.22.1
slurm-plugins-debuginfo-18.08.9-150100.3.22.1
slurm-slurmdbd-18.08.9-150100.3.22.1
slurm-slurmdbd-debuginfo-18.08.9-150100.3.22.1
slurm-sql-18.08.9-150100.3.22.1
slurm-sql-debuginfo-18.08.9-150100.3.22.1
slurm-sview-18.08.9-150100.3.22.1
slurm-sview-debuginfo-18.08.9-150100.3.22.1
slurm-torque-18.08.9-150100.3.22.1
slurm-torque-debuginfo-18.08.9-150100.3.22.1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
libpmi0-18.08.9-150100.3.22.1
libpmi0-debuginfo-18.08.9-150100.3.22.1
libslurm33-18.08.9-150100.3.22.1
libslurm33-debuginfo-18.08.9-150100.3.22.1
perl-slurm-18.08.9-150100.3.22.1
perl-slurm-debuginfo-18.08.9-150100.3.22.1
slurm-18.08.9-150100.3.22.1
slurm-auth-none-18.08.9-150100.3.22.1
slurm-auth-none-debuginfo-18.08.9-150100.3.22.1
slurm-config-18.08.9-150100.3.22.1
slurm-config-man-18.08.9-150100.3.22.1
slurm-debuginfo-18.08.9-150100.3.22.1
slurm-debugsource-18.08.9-150100.3.22.1
slurm-devel-18.08.9-150100.3.22.1
slurm-doc-18.08.9-150100.3.22.1
slurm-lua-18.08.9-150100.3.22.1
slurm-lua-debuginfo-18.08.9-150100.3.22.1
slurm-munge-18.08.9-150100.3.22.1
slurm-munge-debuginfo-18.08.9-150100.3.22.1
slurm-node-18.08.9-150100.3.22.1
slurm-node-debuginfo-18.08.9-150100.3.22.1
slurm-pam_slurm-18.08.9-150100.3.22.1
slurm-pam_slurm-debuginfo-18.08.9-150100.3.22.1
slurm-plugins-18.08.9-150100.3.22.1
slurm-plugins-debuginfo-18.08.9-150100.3.22.1
slurm-slurmdbd-18.08.9-150100.3.22.1
slurm-slurmdbd-debuginfo-18.08.9-150100.3.22.1
slurm-sql-18.08.9-150100.3.22.1
slurm-sql-debuginfo-18.08.9-150100.3.22.1
slurm-sview-18.08.9-150100.3.22.1
slurm-sview-debuginfo-18.08.9-150100.3.22.1
slurm-torque-18.08.9-150100.3.22.1
slurm-torque-debuginfo-18.08.9-150100.3.22.1
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
From sle-security-updates at lists.suse.com Thu Sep 29 13:22:08 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:22:08 +0200 (CEST)
Subject: SUSE-SU-2022:3465-1: important: Security update for the Linux Kernel
(Live Patch 29 for SLE 15 SP2)
Message-ID: <20220929132208.97F0AFD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3465-1
Rating: important
References: #1196959 #1199695 #1203116
Cross-References: CVE-2021-39698 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150200_24_126 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2021-39698: Fixed a memory corruption due to a use after free that
could lead to local escalation of privilege with no additional execution
privileges needed (bsc#1196959).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3465=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150200_24_126-default-3-150200.2.2
kernel-livepatch-5_3_18-150200_24_126-default-debuginfo-3-150200.2.2
kernel-livepatch-SLE15-SP2_Update_29-debugsource-3-150200.2.2
References:
https://www.suse.com/security/cve/CVE-2021-39698.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1196959
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Thu Sep 29 13:23:43 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:23:43 +0200 (CEST)
Subject: SUSE-SU-2022:3463-1: important: Security update for the Linux Kernel
(Live Patch 27 for SLE 15 SP2)
Message-ID: <20220929132343.DA189FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3463-1
Rating: important
References: #1199695 #1203116
Cross-References: CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150200_24_115 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3463=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150200_24_115-default-6-150200.2.2
kernel-livepatch-5_3_18-150200_24_115-default-debuginfo-6-150200.2.2
kernel-livepatch-SLE15-SP2_Update_27-debugsource-6-150200.2.2
References:
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Thu Sep 29 13:24:38 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:24:38 +0200 (CEST)
Subject: SUSE-SU-2022:3462-1: important: Security update for slurm_18_08
Message-ID: <20220929132438.6A1D4FD84@maintenance.suse.de>
SUSE Security Update: Security update for slurm_18_08
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3462-1
Rating: important
References: #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
openSUSE Leap 15.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for slurm_18_08 fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test
package (bsc#1201674).
- CVE-2022-29500: Fixed an architectural flaw can be exploited to allow an
unprivileged user to execute arbitrary processes as root (bsc#1199278).
- CVE-2022-29501: Fixed a vulnerability where an unprivileged user can
send data to arbitrary unix socket as root (bsc#1199279).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3462=1
- openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2022-3462=1
- SUSE Linux Enterprise High Performance Computing 15-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3462=1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3462=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpmi0_18_08-18.08.9-150000.1.17.1
libpmi0_18_08-debuginfo-18.08.9-150000.1.17.1
perl-slurm_18_08-18.08.9-150000.1.17.1
perl-slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-18.08.9-150000.1.17.1
slurm_18_08-auth-none-18.08.9-150000.1.17.1
slurm_18_08-auth-none-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-config-18.08.9-150000.1.17.1
slurm_18_08-config-man-18.08.9-150000.1.17.1
slurm_18_08-cray-18.08.9-150000.1.17.1
slurm_18_08-cray-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-debugsource-18.08.9-150000.1.17.1
slurm_18_08-devel-18.08.9-150000.1.17.1
slurm_18_08-doc-18.08.9-150000.1.17.1
slurm_18_08-hdf5-18.08.9-150000.1.17.1
slurm_18_08-hdf5-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-lua-18.08.9-150000.1.17.1
slurm_18_08-lua-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-munge-18.08.9-150000.1.17.1
slurm_18_08-munge-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-node-18.08.9-150000.1.17.1
slurm_18_08-node-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-openlava-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-plugins-18.08.9-150000.1.17.1
slurm_18_08-plugins-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-seff-18.08.9-150000.1.17.1
slurm_18_08-sjstat-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-sql-18.08.9-150000.1.17.1
slurm_18_08-sql-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-sview-18.08.9-150000.1.17.1
slurm_18_08-sview-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-torque-18.08.9-150000.1.17.1
slurm_18_08-torque-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-webdoc-18.08.9-150000.1.17.1
- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):
libpmi0_18_08-18.08.9-150000.1.17.1
libpmi0_18_08-debuginfo-18.08.9-150000.1.17.1
perl-slurm_18_08-18.08.9-150000.1.17.1
perl-slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-18.08.9-150000.1.17.1
slurm_18_08-auth-none-18.08.9-150000.1.17.1
slurm_18_08-auth-none-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-config-18.08.9-150000.1.17.1
slurm_18_08-config-man-18.08.9-150000.1.17.1
slurm_18_08-cray-18.08.9-150000.1.17.1
slurm_18_08-cray-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-debugsource-18.08.9-150000.1.17.1
slurm_18_08-devel-18.08.9-150000.1.17.1
slurm_18_08-doc-18.08.9-150000.1.17.1
slurm_18_08-hdf5-18.08.9-150000.1.17.1
slurm_18_08-hdf5-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-lua-18.08.9-150000.1.17.1
slurm_18_08-lua-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-munge-18.08.9-150000.1.17.1
slurm_18_08-munge-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-node-18.08.9-150000.1.17.1
slurm_18_08-node-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-openlava-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-plugins-18.08.9-150000.1.17.1
slurm_18_08-plugins-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-seff-18.08.9-150000.1.17.1
slurm_18_08-sjstat-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-sql-18.08.9-150000.1.17.1
slurm_18_08-sql-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-sview-18.08.9-150000.1.17.1
slurm_18_08-sview-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-torque-18.08.9-150000.1.17.1
slurm_18_08-torque-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-webdoc-18.08.9-150000.1.17.1
- SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):
libpmi0_18_08-18.08.9-150000.1.17.1
libpmi0_18_08-debuginfo-18.08.9-150000.1.17.1
libslurm33-18.08.9-150000.1.17.1
libslurm33-debuginfo-18.08.9-150000.1.17.1
perl-slurm_18_08-18.08.9-150000.1.17.1
perl-slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-18.08.9-150000.1.17.1
slurm_18_08-auth-none-18.08.9-150000.1.17.1
slurm_18_08-auth-none-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-config-18.08.9-150000.1.17.1
slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-debugsource-18.08.9-150000.1.17.1
slurm_18_08-devel-18.08.9-150000.1.17.1
slurm_18_08-doc-18.08.9-150000.1.17.1
slurm_18_08-lua-18.08.9-150000.1.17.1
slurm_18_08-lua-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-munge-18.08.9-150000.1.17.1
slurm_18_08-munge-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-node-18.08.9-150000.1.17.1
slurm_18_08-node-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-plugins-18.08.9-150000.1.17.1
slurm_18_08-plugins-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-sql-18.08.9-150000.1.17.1
slurm_18_08-sql-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-torque-18.08.9-150000.1.17.1
slurm_18_08-torque-debuginfo-18.08.9-150000.1.17.1
- SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):
libpmi0_18_08-18.08.9-150000.1.17.1
libpmi0_18_08-debuginfo-18.08.9-150000.1.17.1
libslurm33-18.08.9-150000.1.17.1
libslurm33-debuginfo-18.08.9-150000.1.17.1
perl-slurm_18_08-18.08.9-150000.1.17.1
perl-slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-18.08.9-150000.1.17.1
slurm_18_08-auth-none-18.08.9-150000.1.17.1
slurm_18_08-auth-none-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-config-18.08.9-150000.1.17.1
slurm_18_08-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-debugsource-18.08.9-150000.1.17.1
slurm_18_08-devel-18.08.9-150000.1.17.1
slurm_18_08-doc-18.08.9-150000.1.17.1
slurm_18_08-lua-18.08.9-150000.1.17.1
slurm_18_08-lua-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-munge-18.08.9-150000.1.17.1
slurm_18_08-munge-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-node-18.08.9-150000.1.17.1
slurm_18_08-node-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-18.08.9-150000.1.17.1
slurm_18_08-pam_slurm-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-plugins-18.08.9-150000.1.17.1
slurm_18_08-plugins-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-18.08.9-150000.1.17.1
slurm_18_08-slurmdbd-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-sql-18.08.9-150000.1.17.1
slurm_18_08-sql-debuginfo-18.08.9-150000.1.17.1
slurm_18_08-torque-18.08.9-150000.1.17.1
slurm_18_08-torque-debuginfo-18.08.9-150000.1.17.1
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
From sle-security-updates at lists.suse.com Thu Sep 29 13:25:32 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 15:25:32 +0200 (CEST)
Subject: SUSE-SU-2022:3460-1: moderate: Security update for python3-lxml
Message-ID: <20220929132532.20711FD84@maintenance.suse.de>
SUSE Security Update: Security update for python3-lxml
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3460-1
Rating: moderate
References: #1179534
Cross-References: CVE-2020-27783
CVSS scores:
CVE-2020-27783 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2020-27783 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12-SP3
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12-SP3
SUSE Linux Enterprise Server for SAP Applications 12-SP4
SUSE Linux Enterprise Server for SAP Applications 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python3-lxml fixes the following issues:
- CVE-2020-27783: Fixed XSS due to the use of improper parser
(bsc#1179534).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Public Cloud 12:
zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-3460=1
Package List:
- SUSE Linux Enterprise Module for Public Cloud 12 (aarch64 ppc64le s390x x86_64):
python3-lxml-3.3.5-3.12.1
- SUSE Linux Enterprise Module for Public Cloud 12 (noarch):
python3-lxml-doc-3.3.5-3.12.1
References:
https://www.suse.com/security/cve/CVE-2020-27783.html
https://bugzilla.suse.com/1179534
From sle-security-updates at lists.suse.com Thu Sep 29 16:19:11 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 18:19:11 +0200 (CEST)
Subject: SUSE-SU-2022:3464-1: important: Security update for the Linux Kernel
(Live Patch 18 for SLE 15 SP3)
Message-ID: <20220929161911.25F14FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP3)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3464-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP3
SUSE Linux Enterprise Micro 5.1
SUSE Linux Enterprise Module for Live Patching 15-SP3
SUSE Linux Enterprise Server 15-SP3
SUSE Linux Enterprise Server for SAP Applications 15-SP3
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150300_59_68 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP3:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-3464=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3469=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-3470=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150300_59_43-default-14-150300.2.2
kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-14-150300.2.2
kernel-livepatch-5_3_18-150300_59_54-default-12-150300.2.2
kernel-livepatch-5_3_18-150300_59_68-default-7-150300.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Thu Sep 29 19:19:06 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Thu, 29 Sep 2022 21:19:06 +0200 (CEST)
Subject: SUSE-SU-2022:3471-1: important: Security update for krb5-appl
Message-ID: <20220929191906.20332F7C9@maintenance.suse.de>
SUSE Security Update: Security update for krb5-appl
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3471-1
Rating: important
References: #1203759
Cross-References: CVE-2022-39028
CVSS scores:
CVE-2022-39028 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39028 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP2-BCL
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for krb5-appl fixes the following issues:
- CVE-2022-39028: Fixed NULL pointer dereference in krb5-appl telnetd
(bsc#1203759).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3471=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3471=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3471=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3471=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3471=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3471=1
- SUSE Linux Enterprise Server 12-SP2-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-3471=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
- SUSE OpenStack Cloud 9 (x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
- SUSE Linux Enterprise Server 12-SP2-BCL (x86_64):
krb5-appl-clients-1.0.3-3.9.1
krb5-appl-clients-debuginfo-1.0.3-3.9.1
krb5-appl-debugsource-1.0.3-3.9.1
krb5-appl-servers-1.0.3-3.9.1
krb5-appl-servers-debuginfo-1.0.3-3.9.1
References:
https://www.suse.com/security/cve/CVE-2022-39028.html
https://bugzilla.suse.com/1203759
From sle-security-updates at lists.suse.com Fri Sep 30 07:31:41 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 09:31:41 +0200 (CEST)
Subject: SUSE-CU-2022:2407-1: Security update of suse/sles12sp5
Message-ID: <20220930073141.85589F78E@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2407-1
Container Tags : suse/sles12sp5:6.5.384 , suse/sles12sp5:latest
Container Release : 6.5.384
Severity : important
Type : security
References : 1203438 CVE-2022-40674
-----------------------------------------------------------------
The container suse/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3466-1
Released: Thu Sep 29 11:43:25 2022
Summary: Security update for expat
Type: security
Severity: important
References: 1203438,CVE-2022-40674
This update for expat fixes the following issues:
- CVE-2022-40674: Fixed use-after-free in the doContent function in xmlparse.c (bsc#1203438).
The following package changes have been done:
- libexpat1-2.1.0-21.25.1 updated
From sle-security-updates at lists.suse.com Fri Sep 30 07:48:42 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 09:48:42 +0200 (CEST)
Subject: SUSE-CU-2022:2411-1: Security update of bci/dotnet-aspnet
Message-ID: <20220930074842.5500DF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2411-1
Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.7 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.7
Container Release : 27.7
Severity : moderate
Type : security
References : 1201942 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1201942
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
The following package changes have been done:
- glibc-2.31-150300.41.1 updated
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.28 updated
From sle-security-updates at lists.suse.com Fri Sep 30 07:50:13 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 09:50:13 +0200 (CEST)
Subject: SUSE-CU-2022:2412-1: Security update of bci/dotnet-sdk
Message-ID: <20220930075013.18CCAF78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2412-1
Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-46.7 , bci/dotnet-sdk:3.1.29 , bci/dotnet-sdk:3.1.29-46.7
Container Release : 46.7
Severity : moderate
Type : security
References : 1201942 1203018 CVE-2022-31252
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3353-1
Released: Fri Sep 23 15:23:40 2022
Summary: Security update for permissions
Type: security
Severity: moderate
References: 1203018,CVE-2022-31252
This update for permissions fixes the following issues:
- CVE-2022-31252: Fixed chkstat group controlled paths (bsc#1203018).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1201942
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
The following package changes have been done:
- glibc-2.31-150300.41.1 updated
- permissions-20201225-150400.5.11.1 updated
- container:sles15-image-15.0.0-27.11.28 updated
From sle-security-updates at lists.suse.com Fri Sep 30 08:06:30 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 10:06:30 +0200 (CEST)
Subject: SUSE-CU-2022:2423-1: Security update of bci/rust
Message-ID: <20220930080630.42418F78E@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:2423-1
Container Tags : bci/rust:1.62 , bci/rust:1.62-2.39 , bci/rust:latest
Container Release : 2.39
Severity : moderate
Type : security
References : 1201942 1203431 1203433 CVE-2022-36113 CVE-2022-36114
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:3451-1
Released: Wed Sep 28 09:44:15 2022
Summary: Security update for rust1.62
Type: security
Severity: moderate
References: 1203431,1203433,CVE-2022-36113,CVE-2022-36114
This update for rust1.62 fixes the following issues:
- CVE-2022-36113: Fixed symlink hijack vulnerability (bsc#1203433).
- CVE-2022-36114: Fixed zip bomb vulnerability (bsc#1203431).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:3452-1
Released: Wed Sep 28 12:13:43 2022
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1201942
This update for glibc fixes the following issues:
- Reversing calculation of __x86_shared_non_temporal_threshold (bsc#1201942)
- powerpc: Optimized memcmp for power10 (jsc#PED-987)
The following package changes have been done:
- glibc-2.31-150300.41.1 updated
- glibc-devel-2.31-150300.41.1 updated
- rust1.62-1.62.1-150300.7.7.1 updated
- cargo1.62-1.62.1-150300.7.7.1 updated
- container:sles15-image-15.0.0-27.11.28 updated
From sle-security-updates at lists.suse.com Fri Sep 30 13:19:46 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 15:19:46 +0200 (CEST)
Subject: SUSE-SU-2022:3475-1: moderate: Security update for libjpeg-turbo
Message-ID: <20220930131946.34586FD84@maintenance.suse.de>
SUSE Security Update: Security update for libjpeg-turbo
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3475-1
Rating: moderate
References: #1202915
Cross-References: CVE-2020-35538
CVSS scores:
CVE-2020-35538 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVE-2020-35538 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for libjpeg-turbo fixes the following issues:
- CVE-2020-35538: Fixed null pointer dereference in jcopy_sample_rows()
function (bsc#1202915).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3475=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3475=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
libjpeg62-devel-62.2.0-31.28.1
libjpeg8-devel-8.1.2-31.28.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libjpeg-turbo-1.5.3-31.28.1
libjpeg-turbo-debuginfo-1.5.3-31.28.1
libjpeg-turbo-debugsource-1.5.3-31.28.1
libjpeg62-62.2.0-31.28.1
libjpeg62-debuginfo-62.2.0-31.28.1
libjpeg62-turbo-1.5.3-31.28.1
libjpeg62-turbo-debugsource-1.5.3-31.28.1
libjpeg8-8.1.2-31.28.1
libjpeg8-debuginfo-8.1.2-31.28.1
libturbojpeg0-8.1.2-31.28.1
libturbojpeg0-debuginfo-8.1.2-31.28.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libjpeg62-32bit-62.2.0-31.28.1
libjpeg62-debuginfo-32bit-62.2.0-31.28.1
libjpeg8-32bit-8.1.2-31.28.1
libjpeg8-debuginfo-32bit-8.1.2-31.28.1
References:
https://www.suse.com/security/cve/CVE-2020-35538.html
https://bugzilla.suse.com/1202915
From sle-security-updates at lists.suse.com Fri Sep 30 13:20:27 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 15:20:27 +0200 (CEST)
Subject: SUSE-SU-2022:3473-1: important: Security update for python310
Message-ID: <20220930132027.744C0FD84@maintenance.suse.de>
SUSE Security Update: Security update for python310
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3473-1
Rating: important
References: #1202624 #1203125
Cross-References: CVE-2020-10735 CVE-2021-28861
CVSS scores:
CVE-2020-10735 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2020-10735 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-28861 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Desktop 15-SP4
SUSE Linux Enterprise High Performance Computing 15-SP4
SUSE Linux Enterprise Module for Python3 15-SP4
SUSE Linux Enterprise Server 15-SP4
SUSE Linux Enterprise Server for SAP Applications 15-SP4
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.4
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for python310 fixes the following issues:
Updated to version 3.10.7:
- CVE-2020-10735: Fixed DoS due to missing limit of amount of digits when
converting text to int (bsc#1203125).
- CVE-2021-28861: Fixed an open redirect in the http server when an URI
path starts with // (bsc#1202624).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.4:
zypper in -t patch openSUSE-SLE-15.4-2022-3473=1
- SUSE Linux Enterprise Module for Python3 15-SP4:
zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2022-3473=1
Package List:
- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):
libpython3_10-1_0-3.10.7-150400.4.10.1
libpython3_10-1_0-debuginfo-3.10.7-150400.4.10.1
python310-3.10.7-150400.4.10.1
python310-base-3.10.7-150400.4.10.1
python310-base-debuginfo-3.10.7-150400.4.10.1
python310-core-debugsource-3.10.7-150400.4.10.1
python310-curses-3.10.7-150400.4.10.1
python310-curses-debuginfo-3.10.7-150400.4.10.1
python310-dbm-3.10.7-150400.4.10.1
python310-dbm-debuginfo-3.10.7-150400.4.10.1
python310-debuginfo-3.10.7-150400.4.10.1
python310-debugsource-3.10.7-150400.4.10.1
python310-devel-3.10.7-150400.4.10.1
python310-doc-3.10.7-150400.4.10.1
python310-doc-devhelp-3.10.7-150400.4.10.1
python310-idle-3.10.7-150400.4.10.1
python310-testsuite-3.10.7-150400.4.10.1
python310-testsuite-debuginfo-3.10.7-150400.4.10.1
python310-tk-3.10.7-150400.4.10.1
python310-tk-debuginfo-3.10.7-150400.4.10.1
python310-tools-3.10.7-150400.4.10.1
- openSUSE Leap 15.4 (x86_64):
libpython3_10-1_0-32bit-3.10.7-150400.4.10.1
libpython3_10-1_0-32bit-debuginfo-3.10.7-150400.4.10.1
python310-32bit-3.10.7-150400.4.10.1
python310-32bit-debuginfo-3.10.7-150400.4.10.1
python310-base-32bit-3.10.7-150400.4.10.1
python310-base-32bit-debuginfo-3.10.7-150400.4.10.1
- SUSE Linux Enterprise Module for Python3 15-SP4 (aarch64 ppc64le s390x x86_64):
libpython3_10-1_0-3.10.7-150400.4.10.1
libpython3_10-1_0-debuginfo-3.10.7-150400.4.10.1
python310-3.10.7-150400.4.10.1
python310-base-3.10.7-150400.4.10.1
python310-base-debuginfo-3.10.7-150400.4.10.1
python310-core-debugsource-3.10.7-150400.4.10.1
python310-curses-3.10.7-150400.4.10.1
python310-curses-debuginfo-3.10.7-150400.4.10.1
python310-dbm-3.10.7-150400.4.10.1
python310-dbm-debuginfo-3.10.7-150400.4.10.1
python310-debuginfo-3.10.7-150400.4.10.1
python310-debugsource-3.10.7-150400.4.10.1
python310-devel-3.10.7-150400.4.10.1
python310-idle-3.10.7-150400.4.10.1
python310-tk-3.10.7-150400.4.10.1
python310-tk-debuginfo-3.10.7-150400.4.10.1
python310-tools-3.10.7-150400.4.10.1
References:
https://www.suse.com/security/cve/CVE-2020-10735.html
https://www.suse.com/security/cve/CVE-2021-28861.html
https://bugzilla.suse.com/1202624
https://bugzilla.suse.com/1203125
From sle-security-updates at lists.suse.com Fri Sep 30 13:21:10 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 15:21:10 +0200 (CEST)
Subject: SUSE-SU-2022:3477-1: important: Security update for slurm_20_02
Message-ID: <20220930132110.61284FD84@maintenance.suse.de>
SUSE Security Update: Security update for slurm_20_02
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3477-1
Rating: important
References: #1186646 #1199278 #1199279 #1201674
Cross-References: CVE-2022-29500 CVE-2022-29501 CVE-2022-31251
CVSS scores:
CVE-2022-29500 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29500 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29501 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31251 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Module for HPC 12
______________________________________________________________________________
An update that solves three vulnerabilities and has one
errata is now available.
Description:
This update for slurm_20_02 fixes the following issues:
- CVE-2022-31251: Fixed a potential security vulnerability in the test
package (bsc#1201674).
- CVE-2022-29500: Fixed architectural flaw that could have been exploited
to allow an unprivileged user to execute arbitrary processes as root
(bsc#1199278).
- CVE-2022-29501: Fixed a problem that an unprivileged user could have
sent data to arbitrary unix socket as root (bsc#1199279).
Bugfixes:
- Fixed qstat error message (torque wrapper) (bsc#1186646).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for HPC 12:
zypper in -t patch SUSE-SLE-Module-HPC-12-2022-3477=1
Package List:
- SUSE Linux Enterprise Module for HPC 12 (aarch64 x86_64):
libnss_slurm2_20_02-20.02.7-3.14.1
libnss_slurm2_20_02-debuginfo-20.02.7-3.14.1
libpmi0_20_02-20.02.7-3.14.1
libpmi0_20_02-debuginfo-20.02.7-3.14.1
libslurm35-20.02.7-3.14.1
libslurm35-debuginfo-20.02.7-3.14.1
perl-slurm_20_02-20.02.7-3.14.1
perl-slurm_20_02-debuginfo-20.02.7-3.14.1
slurm_20_02-20.02.7-3.14.1
slurm_20_02-auth-none-20.02.7-3.14.1
slurm_20_02-auth-none-debuginfo-20.02.7-3.14.1
slurm_20_02-config-20.02.7-3.14.1
slurm_20_02-config-man-20.02.7-3.14.1
slurm_20_02-debuginfo-20.02.7-3.14.1
slurm_20_02-debugsource-20.02.7-3.14.1
slurm_20_02-devel-20.02.7-3.14.1
slurm_20_02-doc-20.02.7-3.14.1
slurm_20_02-lua-20.02.7-3.14.1
slurm_20_02-lua-debuginfo-20.02.7-3.14.1
slurm_20_02-munge-20.02.7-3.14.1
slurm_20_02-munge-debuginfo-20.02.7-3.14.1
slurm_20_02-node-20.02.7-3.14.1
slurm_20_02-node-debuginfo-20.02.7-3.14.1
slurm_20_02-pam_slurm-20.02.7-3.14.1
slurm_20_02-pam_slurm-debuginfo-20.02.7-3.14.1
slurm_20_02-plugins-20.02.7-3.14.1
slurm_20_02-plugins-debuginfo-20.02.7-3.14.1
slurm_20_02-slurmdbd-20.02.7-3.14.1
slurm_20_02-slurmdbd-debuginfo-20.02.7-3.14.1
slurm_20_02-sql-20.02.7-3.14.1
slurm_20_02-sql-debuginfo-20.02.7-3.14.1
slurm_20_02-sview-20.02.7-3.14.1
slurm_20_02-sview-debuginfo-20.02.7-3.14.1
slurm_20_02-torque-20.02.7-3.14.1
slurm_20_02-torque-debuginfo-20.02.7-3.14.1
References:
https://www.suse.com/security/cve/CVE-2022-29500.html
https://www.suse.com/security/cve/CVE-2022-29501.html
https://www.suse.com/security/cve/CVE-2022-31251.html
https://bugzilla.suse.com/1186646
https://bugzilla.suse.com/1199278
https://bugzilla.suse.com/1199279
https://bugzilla.suse.com/1201674
From sle-security-updates at lists.suse.com Fri Sep 30 16:20:45 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 18:20:45 +0200 (CEST)
Subject: SUSE-SU-2022:3480-1: important: Security update for buildah
Message-ID: <20220930162045.EB9A1FD84@maintenance.suse.de>
SUSE Security Update: Security update for buildah
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3480-1
Rating: important
References: #1167864 #1181961 #1183043 #1192999 #1197870
Cross-References: CVE-2020-10696 CVE-2021-20206 CVE-2022-27651
CVSS scores:
CVE-2020-10696 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2020-10696 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVE-2022-27651 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CVE-2022-27651 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
SUSE Linux Enterprise Server 15-SP1-BCL
SUSE Linux Enterprise Server 15-SP1-LTSS
SUSE Linux Enterprise Server 15-SP2-BCL
SUSE Linux Enterprise Server 15-SP2-LTSS
SUSE Linux Enterprise Server for SAP 15-SP1
SUSE Linux Enterprise Server for SAP 15-SP2
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves three vulnerabilities and has two
fixes is now available.
Description:
This update for buildah fixes the following issues:
- Updated to version 1.26.0:
- CVE-2022-27651: Fixed an issue where containers were incorrectly
started with non-empty inheritable Linux process capabilities
(bsc#1197870).
- CVE-2021-20206: Fixed an issue in libcni that could allow an attacker
to execute arbitrary binaries on the host (bsc#1181961).
- CVE-2020-10696: Fixed an issue that could lead to files being
overwritten during the image building process (bsc#1167864).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3480=1
- SUSE Manager Retail Branch Server 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3480=1
- SUSE Manager Proxy 4.1:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3480=1
- SUSE Linux Enterprise Server for SAP 15-SP2:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3480=1
- SUSE Linux Enterprise Server for SAP 15-SP1:
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3480=1
- SUSE Linux Enterprise Server 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3480=1
- SUSE Linux Enterprise Server 15-SP2-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3480=1
- SUSE Linux Enterprise Server 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3480=1
- SUSE Linux Enterprise Server 15-SP1-BCL:
zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3480=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3480=1
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3480=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3480=1
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:
zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3480=1
- SUSE Enterprise Storage 7:
zypper in -t patch SUSE-Storage-7-2022-3480=1
- SUSE Enterprise Storage 6:
zypper in -t patch SUSE-Storage-6-2022-3480=1
- SUSE CaaS Platform 4.0:
To install this update, use the SUSE CaaS Platform 'skuba' tool. It
will inform you if it detects new updates and let you then trigger
updating of the complete cluster in a controlled way.
Package List:
- SUSE Manager Server 4.1 (ppc64le s390x x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Manager Retail Branch Server 4.1 (x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Manager Proxy 4.1 (x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise Server 15-SP2-BCL (x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise Server 15-SP1-BCL (x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Enterprise Storage 7 (aarch64 x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE Enterprise Storage 6 (aarch64 x86_64):
buildah-1.25.1-150100.3.13.12
- SUSE CaaS Platform 4.0 (x86_64):
buildah-1.25.1-150100.3.13.12
References:
https://www.suse.com/security/cve/CVE-2020-10696.html
https://www.suse.com/security/cve/CVE-2021-20206.html
https://www.suse.com/security/cve/CVE-2022-27651.html
https://bugzilla.suse.com/1167864
https://bugzilla.suse.com/1181961
https://bugzilla.suse.com/1183043
https://bugzilla.suse.com/1192999
https://bugzilla.suse.com/1197870
From sle-security-updates at lists.suse.com Fri Sep 30 19:20:00 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 21:20:00 +0200 (CEST)
Subject: SUSE-SU-2022:3476-1: important: Security update for the Linux Kernel
(Live Patch 26 for SLE 15 SP2)
Message-ID: <20220930192000.A9389FD84@maintenance.suse.de>
SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP2)
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3476-1
Rating: important
References: #1199695 #1200057 #1203116
Cross-References: CVE-2022-1652 CVE-2022-29581 CVE-2022-39188
CVSS scores:
CVE-2022-1652 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-1652 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-29581 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-39188 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-39188 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise High Performance Computing 15-SP2
SUSE Linux Enterprise Module for Live Patching 15-SP2
SUSE Linux Enterprise Server 15-SP2
SUSE Linux Enterprise Server for SAP Applications 15-SP2
______________________________________________________________________________
An update that fixes three vulnerabilities is now available.
Description:
This update for the Linux Kernel 5.3.18-150200_24_112 fixes several issues.
The following security issues were fixed:
- CVE-2022-39188: Fixed a race condition between unmap_mapping_range() and
munmap() on VM_PFNMAP mappings leads to stale TLB entry (bsc#1203116).
- CVE-2022-29581: Fixed an improper Update of Reference Count
vulnerability in net/sched that causes privilege escalation to root
(bsc#1199695).
- CVE-2022-1652: Fixed a use-after-free in bad_flp_intr (bsc#1200057).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for Live Patching 15-SP2:
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-3474=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3476=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3478=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3479=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-3482=1
Package List:
- SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64):
kernel-livepatch-5_3_18-150200_24_112-default-8-150200.2.2
kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-8-150200.2.2
kernel-livepatch-5_3_18-24_102-default-13-150200.2.2
kernel-livepatch-5_3_18-24_102-default-debuginfo-13-150200.2.2
kernel-livepatch-5_3_18-24_93-default-16-150200.2.2
kernel-livepatch-5_3_18-24_93-default-debuginfo-16-150200.2.2
kernel-livepatch-5_3_18-24_96-default-15-150200.2.2
kernel-livepatch-5_3_18-24_96-default-debuginfo-15-150200.2.2
kernel-livepatch-5_3_18-24_99-default-14-150200.2.2
kernel-livepatch-5_3_18-24_99-default-debuginfo-14-150200.2.2
kernel-livepatch-SLE15-SP2_Update_21-debugsource-16-150200.2.2
kernel-livepatch-SLE15-SP2_Update_22-debugsource-15-150200.2.2
kernel-livepatch-SLE15-SP2_Update_23-debugsource-14-150200.2.2
kernel-livepatch-SLE15-SP2_Update_24-debugsource-13-150200.2.2
kernel-livepatch-SLE15-SP2_Update_26-debugsource-8-150200.2.2
References:
https://www.suse.com/security/cve/CVE-2022-1652.html
https://www.suse.com/security/cve/CVE-2022-29581.html
https://www.suse.com/security/cve/CVE-2022-39188.html
https://bugzilla.suse.com/1199695
https://bugzilla.suse.com/1200057
https://bugzilla.suse.com/1203116
From sle-security-updates at lists.suse.com Fri Sep 30 19:21:03 2022
From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com)
Date: Fri, 30 Sep 2022 21:21:03 +0200 (CEST)
Subject: SUSE-SU-2022:3483-1: moderate: Security update for python36
Message-ID: <20220930192103.E9776FD84@maintenance.suse.de>
SUSE Security Update: Security update for python36
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3483-1
Rating: moderate
References: #1202624
Cross-References: CVE-2021-28861
CVSS scores:
CVE-2021-28861 (NVD) : 7.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
CVE-2021-28861 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP Applications 12-SP5
SUSE Linux Enterprise Software Development Kit 12-SP5
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for python36 fixes the following issues:
- CVE-2021-28861: Fixed an open redirection vulnerability in the HTTP
server when an URI path starts with // (bsc#1202624).
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 12-SP5:
zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-3483=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3483=1
Package List:
- SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64):
python36-devel-3.6.15-27.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
libpython3_6m1_0-3.6.15-27.1
libpython3_6m1_0-debuginfo-3.6.15-27.1
python36-3.6.15-27.1
python36-base-3.6.15-27.1
python36-base-debuginfo-3.6.15-27.1
python36-debuginfo-3.6.15-27.1
python36-debugsource-3.6.15-27.1
- SUSE Linux Enterprise Server 12-SP5 (s390x x86_64):
libpython3_6m1_0-32bit-3.6.15-27.1
libpython3_6m1_0-debuginfo-32bit-3.6.15-27.1
References:
https://www.suse.com/security/cve/CVE-2021-28861.html
https://bugzilla.suse.com/1202624